How to remove a Trojan Horse Virus

Question

Hi, my Windows Defender detector blocked and removed a Trojan download from my Temp files today. I ran several full scans and followed instructions on deleting Temp files. I found an article by “howtofixguide” on the trojandownloadero97m-encdoc-femtb and decided to search for the virus on my PC in my file explorer by searching  5E967C56B6ECA10A1DDCE26896607E8F.mlw in the search engine. This was listed as the virus name on the website.  When I pressed enter it opened up a link to a Bing Search about PCs as well as a popup in my file explorer asking me to enter a username and password. I'm considering running a full scan, doing a factory reset, and changing all of my personal information. Do you have any other advice? Or can you explain what happened when I entered the name in my file search engine? Thank you

Note: The download was shown to have not gone through in the browser, but the defender said it was removed from the Temp files. I later searched for the Virus name on my computer in Quick Access. I've also noticed that my device name looks different.

Answer 1

Hi Anya. I'm Greg, 10 years awarded Windows MVP, here to help you.

To check most thoroughly for infection and any resulting System damage, Download, install and run a full scan with the most powerful on-demand free scanner Malwarebytes:

https://www.malwarebytes.com/mwb-download/ Make sure to only choose the Free version.

In the Malwarebytes Settings (gear icon) > Security tab set it to include scanning for Rootkits.

If necessary run it in Safe Mode with Networking (to have internet), or Safe Mode accessed by one of these methods: https://www.digitalcitizen.life/4-ways-boot-saf.... These require a password and not PIN to access.

Clean up anything found, restart PC and then run again until it comes up clean.

Then download, install and run a full scan with AdwCleaner:

http://www.bleepingcomputer.com/download/adwcle...

Remove whatever it finds.

Check for anything found but is still left over in Settings > Apps > Apps & Features, and C:\Program Files and C:\Program Files(86) to uninstall or delete them. I can guide you how to do this if there are problems.

Also in each of your browser's Extensions, Home Page settings, Search service or Add-On's as shown here: https://www.computerhope.com/issues/ch001411.htm

to disable anything you didn't add yourself and are sure you need. Ask back if in doubt.

Then check for damaged System files by running System File Checker and DISM from Step 10 in this checklist:

https://answers.microsoft.com/en-us/windows/for...

If completing all of Step 10 in above Checklist doesn't fix it then run a Repair Install which reinstalls WIndows while keeping your files, programs and most settings in place, by installing the Media Creation Tool from this link: https://www.microsoft.com/en-US/software-downlo..., open the tool and choose Upgrade This PC Now. This will solve most problems and also bring it up to the latest version which you need anyway and by the most stable method.

If you want to keep Malwarebytes as an on-demand scanner then you can turn off its Real Time trial version using the slider buttons on it's front panel. I recommend it as the #1 tool for your toolbox. For best WIndows performance, use built-in Defender which gives adequate real-time protection.

Feel free to ask back any questions. Report back results for more steps if necessary.

______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.