Share via

Windows Defender cannot (won't?) remove trojandownloader:js/malscript.b!mtb

Anonymous
2021-04-05T17:30:49+00:00

My parents computer seems to have a virus on it (at least that's what Windows Defender says). It was supposedly detected yesterday while we were away. The computer in question is a 2009 HP Pavilion dv6-2157sb with Windows 10 Professional 64 bit 19042.906 (20H2), Windows Experience Pack 120.2212.561.0. The virus that comes up in Windows Defender is trojandownloader:js/malscript.b!mtb and was detected in a file called C:\Users\ob\Documents\firefox-update.js.

I've looked everywhere for this file, but it doesn't exist? I'm not sure where it came from, nor do I believe my parents went on anything they weren't supposed to (I check their browser history when I shut the computer down each night). I have hidden files showing and nothing comes up. I've tried removing/quarantining the threat, but that did nothing. It still shows up and is ACTIVE. I also ran the MSERT (Microsoft Emergency Response Tool 1.335.205.0 which claims it found 6 threats, but when it finished, stated that no threats were detected. I also ran the Windows Defender Offline Scan which failed to remove the threat as well. I looked up the threat and it was stated that it steals personal information, but doesn't seem to cause any issues with Windows or the computer hardware.

How in the world do I get rid of this? Any help would be greatly appreciated. Thank you.

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-04-06T01:10:22+00:00

    Hi Raptor-chan,

    What you are seeing may be a False positive, created by Microsoft Defender.

    Defender and the Microsoft Safety Scanner both defect this malware. To determine

    if the malware still exists, download a copy of the Microsoft Safety Scanner, and perform

    a full scan. If it does not detect the malware, but Defender continues to detect it, the

    detection is a False positive.

    https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

    You can eliminate the false positive by deleting the Detection History folder from Defender's

    Protection History.

    The link supplies instructions for doing that.  It is perfectly safe. Windows rebuilds the folder,

    when it needs it again.

    https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828

    Good luck,  Glen

    Was this answer helpful?

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2021-04-06T13:31:30+00:00

    Hi Raptor-chan,

    What you are seeing may be a False positive, created by Microsoft Defender.

    Defender and the Microsoft Safety Scanner both defect this malware. To determine

    if the malware still exists, download a copy of the Microsoft Safety Scanner, and perform

    a full scan. If it does not detect the malware, but Defender continues to detect it, the

    detection is a False positive.

    https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

    You can eliminate the false positive by deleting the Detection History folder from Defender's

    Protection History.

    The link supplies instructions for doing that.  It is perfectly safe. Windows rebuilds the folder,

    when it needs it again.

    https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828

    Good luck,  Glen

    Thank you Glen. :) This seems to have worked. I'm going to let the scheduled quick scan run for now and will do a full scan later (takes over 4 hours).

    Was this answer helpful?

    0 comments
  3. Anonymous
    2021-04-06T02:30:50+00:00

    I have run the scans (took forever), but it found the threat I mentioned and a PUP. The PUP was removed, and (supposedly) the virus was quarantined, but is still active. I may just leave it for now.

    Reboot you rig after removing malware to be sure its out of your system

    Was this answer helpful?

    0 comments
  4. Anonymous
    2021-04-05T20:21:04+00:00

    I have run the scans (took forever), but it found the threat I mentioned and a PUP. The PUP was removed, and (supposedly) the virus was quarantined, but is still active. I may just leave it for now.

    Was this answer helpful?

    0 comments
  5. Reza-Ameri 45,816 Reputation points Volunteer Moderator
    2021-04-05T17:42:59+00:00

    Try run a full system scan with Windows Defender and see whether it is able to detect and remove it?

    Try boot into safe mode and run a full scan with Windows Defender (real-time protection is off in Safe Mode and it is expected), take a look at Start your PC in safe mode in Windows 10 (microsoft.com). See what is the result?

    Was this answer helpful?

    0 comments