So I have a problem. I downloaded a program that need to write something to the registry. As Stupid as I was (Sorry for language) i turned Real-Time Protection off. And after i did allow access to the registry i turned it on immediatly. Result: **Trojan:Win32/Vindor!pz** But thats not everything. After running thousands apon thousands of antimalware programs i still found nothing. The so called "Trojan" is in quarantine. Im still not sure that its gone, because it did some registry entries with the message that their either removed or restored: **regkeyvalue: hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware** **VirTool:Win32/DefenderTamperingRestore** This worries me much. Here are some more i got: **Backdoor:MSIL/Quasar.GG!MTB** file: C:\Users\Ian\AppData\Roaming\WindowsRep\WindowsRun.exe regkey: HKCU@S-1-5-21-1565168234-1475627901-1114940154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WindowsRuntiime runkey: HKCU@S-1-5-21-1565168234-1475627901-1114940154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WindowsRuntiime Trojan:Win32/Vindor!pz C:\Users\Ian\AppData\Local\Temp\boom.exe Trojan:Win32/Vindor!pz C:\Users\Ian\AppData\Local\Temp\test.exe Backdoor:MSIL/Quasar.GG!MTB ] **} x2** C:\Users\Ian\AppData\Local\Temp\WindowsStartup.exe ] Trojan:Win32/Vindor!pz ] **]** C:\Users\Ian\AppData\Local\Temp\boom.exe } x2 **]** C:\Users\Ian\AppData\Local\Temp\test.exe ] These are all the Thread warnings i got. The moment I deleted the boom.exe and test.exe they where gone but it came with an error that these files cannot be removed. I checked the autoruns and the processes being executed and still found nothing really(im not sure if there is something wrong in both because im no expert at knowing the windows files running in the background) Please help me with this. IF you need the file (THE TROJAN) please ask me. EDIT: here is the VirusTotal Scan for deeper info: https://www.virustotal.com/gui/file/f74852b1cabf3a967bbf7cfce1dc5560275fd170f84bd79061a3a6c043b1dcb9

If you really need to, you can download the Microsoft Safety Scanner and run a full scan with that, if at the end of the scan it is indicated your system is clear, then there is definitely no malware on your PC. https://learn.microsoft.com/en-us/defender-endp...

I know im a lil to worried but how can i REALLY make sure that all malware is REALLY gone?

Yes, that is correct, if the malware list is now empty after running the offline scan, the device is clear of malware, there is nothing further you need to do.

The Malware list is completly empty, but does it mean that the trojan is gone?

Hi, I am Dave, I will help you with this. 1 Start Windows in Safe Mode. Open File Explorer, then on the View menu at the top, temporarily turn on 'Hidden Items'. Navigate to this folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service Delete the contents of that Service folder. Navigate to this folder: C:\ProgramData\Microsoft\Windows Defender\Quarantine Delete the contents of that Quarantine folder. Close File Explorer. 2 Restart Windows in normal mode. Open Defender and select the option to perform an offline scan, your PC will restart to perform that scan. Then check if that malware list in Defender is clear.

I need Special help with my PC (Trojan virus removal)

Anonymous

So I have a problem. I downloaded a program that need to write something to the registry. As Stupid as I was (Sorry for language) i turned Real-Time Protection off. And after i did allow access to the registry i turned it on immediatly. Result:

                                **Trojan:Win32/Vindor!pz**

But thats not everything. After running thousands apon thousands of antimalware programs i still found nothing. The so called "Trojan" is in quarantine. Im still not sure that its gone, because it did some registry entries with the message that their either removed or restored:

           **regkeyvalue: hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware**

           **VirTool:Win32/DefenderTamperingRestore**

This worries me much.

Here are some more i got:

      **Backdoor:MSIL/Quasar.GG!MTB**

file: C:\Users\Ian\AppData\Roaming\WindowsRep\WindowsRun.exe
regkey: HKCU@S-1-5-21-1565168234-1475627901-1114940154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WindowsRuntiime
runkey: HKCU@S-1-5-21-1565168234-1475627901-1114940154-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WindowsRuntiime

Trojan:Win32/Vindor!pz

C:\Users\Ian\AppData\Local\Temp\boom.exe

Trojan:Win32/Vindor!pz

C:\Users\Ian\AppData\Local\Temp\test.exe

Backdoor:MSIL/Quasar.GG!MTB ]

                                                                                                     **} x2**

C:\Users\Ian\AppData\Local\Temp\WindowsStartup.exe ]

Trojan:Win32/Vindor!pz ]

                                                                                 **]**

C:\Users\Ian\AppData\Local\Temp\boom.exe } x2

                                                                                 **]**

C:\Users\Ian\AppData\Local\Temp\test.exe ]

These are all the Thread warnings i got.

The moment I deleted the boom.exe and test.exe they where gone but it came with an error that these files cannot be removed.

I checked the autoruns and the processes being executed and still found nothing really(im not sure if there is something wrong in both because im no expert at knowing the windows files running in the background)

Please help me with this. IF you need the file (THE TROJAN) please ask me.

EDIT: here is the VirusTotal Scan for deeper info: https://www.virustotal.com/gui/file/f74852b1cabf3a967bbf7cfce1dc5560275fd170f84bd79061a3a6c043b1dcb9

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

11 answers

DaveM121 868K Reputation points Independent Advisor

2025-02-07T17:54:01+00:00

If you really need to, you can download the Microsoft Safety Scanner and run a full scan with that, if at the end of the scan it is indicated your system is clear, then there is definitely no malware on your PC.

https://learn.microsoft.com/en-us/defender-endp...
Please sign in to rate this answer.

0 comments No comments
Anonymous

2025-02-07T17:50:50+00:00

I know im a lil to worried but how can i REALLY make sure that all malware is REALLY gone?
Please sign in to rate this answer.

0 comments No comments
DaveM121 868K Reputation points Independent Advisor

2025-02-07T17:35:51+00:00

Yes, that is correct, if the malware list is now empty after running the offline scan, the device is clear of malware, there is nothing further you need to do.
Please sign in to rate this answer.

0 comments No comments
Anonymous

2025-02-07T17:34:36+00:00

The Malware list is completly empty, but does it mean that the trojan is gone?
Please sign in to rate this answer.

0 comments No comments
DaveM121 868K Reputation points Independent Advisor

2025-02-07T15:59:22+00:00

Hi, I am Dave, I will help you with this.

1

Start Windows in Safe Mode.

Open File Explorer, then on the View menu at the top, temporarily turn on 'Hidden Items'.

Navigate to this folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service

Delete the contents of that Service folder.

Navigate to this folder:

C:\ProgramData\Microsoft\Windows Defender\Quarantine

Delete the contents of that Quarantine folder.

Close File Explorer.

2

Restart Windows in normal mode.

Open Defender and select the option to perform an offline scan, your PC will restart to perform that scan.

Then check if that malware list in Defender is clear.
Please sign in to rate this answer.

0 comments No comments

Share via

I need Special help with my PC (Trojan virus removal)

11 answers