Trojan:Script/Oneeva.a!ml is removed from quarantine every day at 3:17am

Safety scan reported "No Virus" found at the end, but during the scan it report 580 files infected.

MalwareBytes reported "No Virus" found at the end, but it too reported infected files while the scan was running.

I poked around and found a bunch of weirdly named files in my Local and Roaming directories.  I moved them off to the side, compressed them and then deleted them.  They look very suspect as to the PowerShell issue.  I can send them to you, if you'd like, they are in a 7z archive. 

I have not logged back into my account, since finding these files, as I have other accounts that I can use.

I tried BitDefender.  And it reports these files as suspect with Heur.BZC.ONG.Pantera.35.3F9DD540 as  its threat name.

Hi Russ,

Assuming that the PowerShell problem may be unrelated to the Trojan, please consider this.

Both Microsoft Defender and the Microsoft Safety Scanner should be capable of removing

this Trojan. And they both use the same Intelligence definitions.

If you find that the Safety Scanner does not detect this Trojan, but Defender still does, then

Defender is probably showing a False Positive.

Defender has a tendency to "Detect" notifications in its Protection History, and reports them

as current threats, when they are not.  You can avoid the repeating alerts by deleting the

"Detection History" folder from Defender's Protection History.

It is a safe procedure.  Windows rebuilds the folder when it needs it again.

The following link provides instructions for deleting the Detection History folder.

https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828

If you are able to eliminate the Defender alerts, then you can attack the PowerShell problem.

Good luck,  Glen

Hi RussMonckton,

If that's the case, have you also tried to run the scan using Malwarebytes? Were you also able to perform the repair install?

Hoping for your feedback. Thank you.

I have started the safety scan, it will take days to compete

Good day! I'm Raniel, an Independent Advisor and a Microsoft user like you.

Kindly install the Microsoft Safety Scanner and Malwarebytes Free, then perform a scan to ensure that your machine is free from virus. Here are the links to download them:

Microsoft Safety Scanner: https://docs.microsoft.com/en-us/windows/securi...

Malwarebytes Free (select Free Download): https://www.malwarebytes.com/premium/

Once done, perform a reboot, then monitor your machine.

However, if the issue still persist, kindly perform a repair install of your Windows. I suggest that you watch the video on this article(https://www.yourwindowsguide.com/2016/06/how-to... or https://www.tenforums.com/tutorials/16397-repai...) for you to have an idea regarding the process of repair install. There should be no worries in performing it since you will select the option to keep your files during the process.

I hope this helps. Good luck!

________________________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.