3,085 questions
Try download and run a full scan with the following website:
https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download
RegAsm trojan?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 51%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Visual Art Group
1
Reputation point
A few days ago Norton Antivirus started reporting RegAsm.exe as infected with a Backdoor.Trojan Activity 406 towards this address <Removed>.
I tried deleting RegAsm, but I do not have TrustedInstaller permissions.
I found that there are many copies of RegAsm.exe on the PC, which are all identical to each other, same size and same date, so I thought of replacing the infected one with another one, but I can't do it for the permissions.
Any advice?
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Reza-Ameri 17,341 Reputation points Volunteer Moderator2022-07-17T15:13:44.63+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 68%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
MARCO ALESSANDRO GALARDI 1 Reputation point2022-07-31T15:51:34.42+00:00 Thank you Reza-Ameri for your advice.
I downloaded safety-scanner and ran it, nothing was found. In fact, the problem happened again immediately after the first reboot. The curious thing is that the address called by RegAsm is a page that simply returns my IP.
Does anyone have any ideas?
Sign in to comment -