A
A
andruxin2017-10-19 00:36:44
Malware
andruxin, 2017-10-19 00:36:44

A trojan constantly appears in the system. How to delete?

A trojan constantly appears in the system folder. The antivirus regularly detects and deletes it, but the Trojan file appears there again. Are there utilities to track which programs are writing files to a particular directory? File format "gHHHH.exe", HHHH - hex code.
The main antivirus always detects different types of viruses - mostly trojans, but there were also miners.

Answer the question

In order to leave comments, you need to log in

7 answer(s)
S
Sergey, 2017-10-19
@svgaryaev

Use AutoRuns , it will show all possible types of startup and scheduler tasks, and even highlight suspicious ones in red. And Process Monitor as advised by Stalker_RED (how to work with it is well shown here ).

A
Alexander, 2017-10-19
@NeiroNx

Demolish the system, put a clean, tested one with closed critical holes. You won't find him if you came here to ask. Although if you really want to try, avz4, SysinternalsSuite will help. And the antivirus can also "play pranks" - it finds itself, heals itself, shows its usefulness.

S
Stalker_RED, 2017-10-19
@Stalker_RED

The utility is called Process Monitor , it can also track calls to the registry.
I strongly recommend using AVZ.

A
Artem Kaybagorov, 2017-10-19
@ArteMoon

Try checking your computer with Zemana Anti-malware scanner. It usually finds and removes detailed threats.

A
Alexander Slyzhuk, 2017-10-19
@SLYzhuk

View computer and user startup

A
athacker, 2017-10-19
@athacker

In this case, your antivirus treats the consequences - a binary with a workload. And the dropper either hangs in memory and leaves no traces, or breaks through an unpatched hole in the system from some other machine on the network (or on the Internet). Take the server offline, boot from some liveCD and check the disks, preferably with several tools - AVZ, DrWeb CureIT, something else.
Then you need to start the server in an isolated segment and put down all the updates, and it is highly desirable to release them to the Internet not directly, but through a proxy, logging all requests from the server. After that, watch.

D
dmfun, 2017-10-19
@dmfun

The task may hang in the scheduler. AVZ can read.
Once a day, the task runs and pumps garbage.
I would also delete all unnecessary modules in the profile and clean all temporary folders.
Programs are installed in Program Files, but some useful software like dropbox may have a profile installation. In any case, I don’t think that there are many of them and they can be manually analyzed (to search for files, I use headlights)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question