Unable to remove trojan items

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I received the following message from MS Defender. Should I delete all the
files under "resources"?

Error encountered:
Code 0x80508017. Some actions couldn't be applied to potentially harmful
items. The items might be stored in a read-only location. Delete the files or
folders that contains the items or, for information on removing read-only
permissions from files and folders, see Help and Support.

Category:
Trojan

Description:
This program has potentially unwanted behavior.

Advice:
Remove this software immediately.

Resources:
file:
C:\WINDOWS\system32\oqdijyfu.exe->(Upack)->[RSRCEmb]

file:
C:\WINDOWS\system32\hvgovmit.exe->(Upack)->[RSRCEmb]

file:
C:\WINDOWS\system32\qedvuhqu.exe->(Upack)->[RSRCEmb]

file:
C:\WINDOWS\system32\ktvocbly.exe->(Upack)->[RSRCEmb]

file:
C:\WINDOWS\system32\qqmpvcsw.exe->(Upack)->[RSRCEmb]

containerfile:
C:\WINDOWS\system32\qqmpvcsw.exe

containerfile:
C:\WINDOWS\system32\qedvuhqu.exe

containerfile:
C:\WINDOWS\system32\oqdijyfu.exe

containerfile:
C:\WINDOWS\system32\ktvocbly.exe

containerfile:
C:\WINDOWS\system32\hvgovmit.exe
 
It means the trojans are in an archive type file (e.g., zip, rar, ....).
Defender doesn't want to delete the archive because it may contain
non-malware stuff. In this particular case, it looks ok to delete the files.
I would also run a full scan with your anti-virus program. Remember,
Windows Defender is not an anti-virus program. Also, if the Defender output
in your post was from a quick scan, then I would also run a full scan.
 
Yes, all of those, and anything similarly named--a dangerous prescription,
perhaps--but look for similar randomly generated names. If you succed in
removing them all, restart in safe mode and look for more. Note the times
and dates of these files, and consider looking for other files with similar
times and dates. I don't know what this critter is, but sometimes these
things are tri-partite--you have to remove all three parts or it will
regenerate with new names.
 
Back
Top