Hello, Windows Defender detects the Trojan: Win32 / Occamy.C threat while scanning. Unfortunately, it is not able to remove it, the only action to choose from is the permission on the device. Interestingly, Malwarebytes does not detect the threat. I am sending FRST logs and asking for help. Regards

Otwórz notatnik i wklej: CloseProcesses: HKU\S-1-5-21-2778722619-1208249535-4111246651-1001\...\Run: [GalaxyClient] => [X] Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-12-03] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) GroupPolicy: Restriction ? about:newtab FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-12-24]

Check the file on the disk locally as in the guide.

The scan does not detect anything anymore. I just had to clear the defender history as it kept telling me about the old threat. Thank you and I close the topic.

The scan does not detect anything anymore. I just had to clear the defender history as it kept telling me about the old threat. Thank you and I close the topic. Added after 2 [minutes]: The user prepared a log that removed the threat. Additionally, I cleared the history of windows defender

[Solved] Windows Defender detects Trojan: Win32 / Occamy.C but cannot delete it

8046 4

Treść została przetłumaczona

Zobacz oryginalną wersję tematu

Report a violation of the law

| New topic

#1 18416915 21 Jan 2020 07:49

Anonymous Anonymous

Level 1
» |

Post #1
18416915 21 Jan 2020 07:49

Hello,

Windows Defender detects the Trojan: Win32 / Occamy.C threat while scanning. Unfortunately, it is not able to remove it, the only action to choose from is the permission on the device. Interestingly, Malwarebytes does not detect the threat. I am sending FRST logs and asking for help.

Regards

Attachments:

FRST.txt (131.6 KB) You must be logged in to download this attachment.

Shortcut.txt (36.64 KB) You must be logged in to download this attachment.

Addition.txt (42.78 KB) You must be logged in to download this attachment.
ADVERTISEMENT
#2 18416963 21 Jan 2020 08:28

tomekzieba tomekzieba

Level 20

Posts: 341

Help: 30

Rate: 95
» | Helpful post? (0)

Post #2
18416963 21 Jan 2020 08:28

https://malwarefixes.com/threats/trojanwin32-occamy-c/

Check the file on the disk locally as in the guide.
ADVERTISEMENT
Helpful post

#3 18417163 21 Jan 2020 10:18

krzychupar krzychupar

Level 43

Posts: 6807

Help: 1490

Rate: 633
» | Helpful post? (+5)

Helpful post
Post #3
18417163 21 Jan 2020 10:18

Otwórz notatnik i wklej:

CloseProcesses:
HKU\S-1-5-21-2778722619-1208249535-4111246651-1001\...\Run: [GalaxyClient] => [X]
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-12-03]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
GroupPolicy: Restriction ? about:newtab
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-12-24]
ADVERTISEMENT
#4 18417212 21 Jan 2020 10:50

Anonymous Anonymous

Level 1

» |

Post #4
18417212 21 Jan 2020 10:50

The scan does not detect anything anymore. I just had to clear the defender history as it kept telling me about the old threat.

Thank you and I close the topic.
#5 18417218 21 Jan 2020 10:52

Anonymous Anonymous

Level 1

» |

Post #5
18417218 21 Jan 2020 10:52

The scan does not detect anything anymore. I just had to clear the defender history as it kept telling me about the old threat.

Thank you and I close the topic.

Added after 2 [minutes]:

The user prepared a log that removed the threat. Additionally, I cleared the history of windows defender
Create an account, log in here and be active on the forum — ads won't appear. Earn points for registering and replying.

Install Elektroda application

Didn't find an answer? Ask Artificial Intelligence

*I agree to send the question to OpenAI, Anthropic PBC, Perplexity AI, Inc., Kagi Inc., Google LLC - owners of language models in order to prepare the best response. The companies may monitor and log information entered into the form.

*I agree to publicly display my question and answer. The question and answer will be publicly available to everyone. The process may take a few minutes. Upon completion, you will be redirected to the page with the answer.

Wait...(2min)

| New topic

Report a violation of the law

[Solved] Windows Defender detects Trojan: Win32 / Occamy.C but cannot delete it

Didn't find an answer? Ask Artificial Intelligence