Share via

Help. How to get rid of TrojanMSIL/ShellCodeRunner.GPAX!MTB

Potato 0 Reputation points
2026-02-07T14:45:44.2+00:00

Hello all, yesterday my laptop has had this constant issue in which every time i startup my laptop a powershell window is opened immediately. then defender detects the following

Detected: TrojanMSIL/ShellCodeRunner.GPAX!MTB

Affected items:

C:\Users\MyName\AppData\Local\Temp\5fjaqkl1.dll

(The last part changes randomly but the dll remains)

I have run a full scan, which did pick up a threat from a game i had downloaded, so i fully deleted it from my system, but the issue still remains

I managed to locate the file called "free" and disabled it, but i camnot open the file location and delete ot fully

I also turned off powershell.exe from turning on but its a temporary countermeasure for now

On the first day (yesterday) it managed to turn off core isolation. But i re-enabled ot but i think it's still there

if there is any way possible for this issue to be resolved, any help would be greatly appreciated.

Windows for home | Windows 11 | Security and privacy
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Potato 0 Reputation points
    2026-02-07T16:14:44.2633333+00:00

    Heya, i've tried the following tutorial above and the "free" startup app is still there, i had given up on fixing this and i have a question. When i reset windows on my laptop, does it fix it all. I know that all my data will be gone, but will it all be fixed?

  2. Ivan B 101.2K Reputation points Independent Advisor
    2026-02-07T15:26:04.35+00:00

    Hi,

    Right-click the Start menu > select Run > type %temp% and select everything, then delete it from that folder. Thanks

    You may have Windows Defender's history bugged as a precaution.

    Navigate to Windows Security > Virus & threat protection > Virus & threat protection settings, then toggle Tamper Protection off.

    Open windows powershell(admin): Remove-Item -Path “C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*” -Recurse -Force

    Restart the computer after and re-enable Windows Security, recommend you do an analysis with Microsoft's MSRT, analyze Windows Defend Offline scan and Malwarebytes and Adware.

    MSRT

    https://www.microsoft.com/en-us/download/details.aspx?id=9905

    Microsoft Defend:

    https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d528-64bf-4668-5b80-ff533f183d6c

    After the analysis, open the command prompt (admin) and run the commands: sfc /scannow and dism /online /cleanup-image /restorehealth, wait for the process to finish and restart the computer.

    Then perform a clean boot and if you want to uninstall applications that you do not use.

    https://support.microsoft.com/en-us/topic/how-to-execute-a-simple-boot-start-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd

    Give feedback if the information was useful or not.

    Thanks

  3. Potato 0 Reputation points
    2026-02-07T15:05:23.3233333+00:00

    It didnt detect anything

    0 comments
  4. Q&A Assist
    2026-02-07T14:45:54.2666667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To address the TrojanMSIL/ShellCodeRunner.GPAX!MTB issue on your laptop, follow these steps:

    1. Run Microsoft Safety Scanner: Download and run the Microsoft Safety Scanner to detect and remove malware. This tool can help identify and eliminate threats that may not be caught by Windows Defender.
    2. Delete the Affected File: Since the file is located in the Temp directory, you can try manually deleting it. Open the Run dialog (Win + R), type %temp%, and press Enter. Look for the file 5fjaqkl1.dll or any similarly named files and delete them.
    3. Check Startup Programs: Use the Task Manager to check if there are any suspicious programs set to run at startup. Press Ctrl + Shift + Esc to open Task Manager, go to the Startup tab, and disable any suspicious entries.
    4. Perform a Full System Scan: After removing the file, run a full system scan with Microsoft Defender to ensure no other threats are present. You can do this by going to Windows Security > Virus & threat protection > Scan options > Full scan.
    5. Reset Microsoft Defender Antivirus: If the issue persists, consider resetting Microsoft Defender Antivirus. You can do this by running the following commands in an elevated Command Prompt: 
         DISM /Online /Cleanup-Image /RestoreHealth
   sfc /scannow
    6. Check for Malware in Compressed Files: If the threat was detected in a compressed file, ensure to manually scan those files or delete them.
    7. Re-enable Core Isolation: Since you mentioned that core isolation was turned off, ensure it is enabled again. Go to Windows Security > Device security > Core isolation details and turn it back on.

    If the problem continues, you may need to consider seeking professional help or using more advanced malware removal tools.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.