This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi, This is going to be a long description so please bear with me.
Yesterday(On 30th May 2022) at around 5 pm, I downloaded a software "GCleaner" which turned out to be a Malware app. I immediately disconnected my internet after I realised that it's a Malware. My anti virus didn't detect it earlier. But after some time, when I connected my internet connection, I started getting a notification from my antivirus saying "Threat secured,
We've safely aborted connection on 104.155.207.188 because it was infected
with URL:Blacklist" and my pc got into an unending restarting loop. It's stopped restarting when I deactivated my antivirus and disconnected the pc from internet. Then I searched for the malicious app in the control panel but it was not listed there. I searched on Google regarding this malware and found that it's probably a rootkit malware. I found some relatable posts in the community asking us to install FRST64, AdwCleaner, Malwarebytes.
I installed all those apps and run FRST first and In the FRST and Addition files, I found that exactly at 17:07 some files were created in my pc which are highly questionable.
I then ran Malwarebytes and found some malwares detected in my pc. I quarantined them and ran the scan once again. I didn't detect anything this time.
After that I ran AdwCleaner and found out that there some PUP.Optional.Legacy Trovi.com virus in my Chrome browser. I tried quarantining them. I showed that the virus has been removed but when I scan again, I found out that it's getting detected once again.
So, I had to manually remove it.
After all these steps, I ran FRST again. But I found the questionable files were not removed. This time I tried removing them manually in the explorer. All but 2 of those files were removed. One of the file was 4y63267.sys and it was situated in the System32\drivers folder. This file is read and write protected so it doesn't delete even using cmd in safemode. Everytime I tried deleting, it shows Access is denied. I even tried TronScript, Unlocker and boot disks to delete it but this file isn't even detected there.
Another file is in System32\Tasks\Service.
Please help me remove these remaining 2 malwares.
A family of Microsoft word processing software products for creating web, email, and print documents.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hi Amiyangshu,
I'm Paul and I'm here to help you with your concern.
I will first recommend that you use the Microsoft Safety Scanner to scan the system. You can download it from the link below.
https://docs.microsoft.com/en-us/microsoft-365/...
I hope this helps. Feel free to ask back any questions and keep me posted.