F
Frowley
Guest
I downloaded a file from a friend which contained the virus Trojan:Win32/Zpevdo.B (according to windows defender). I tried to quarantine and remove it but it keeps popping up 1 second after I do it and the status is active. I've read about multiple ways to remove it and none have worked.
It just stays on Threat found - action needed and I've tried Malwarebytes as many recommended and I got a few things that I quarantined but windows defender still gives me the pop up about the trojan, I've tried Farbar recovery scan tool (although unsure if scanning was all I was supposed to do?) and last, I tried MSERT. It also says "Active threats have not been remediated and are running on your device." I've scanned many times and nothing seems to change ?
Unsure of how to remove it. Thanks in advance.
Edit: The affected items are:
file: C:\Users\Mattias\AppData\Roaming\instab\service.exe
file: C:\WINDOWS\System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\Phase2->(UTF-16LE)
taskscheduler: C:\WINDOWS\System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\Phase2
regkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\termsrv\RemoteFX\Phase2
regkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB272CA-5CA2-4D88-AC31-4D4EB48DB98E}
More...
It just stays on Threat found - action needed and I've tried Malwarebytes as many recommended and I got a few things that I quarantined but windows defender still gives me the pop up about the trojan, I've tried Farbar recovery scan tool (although unsure if scanning was all I was supposed to do?) and last, I tried MSERT. It also says "Active threats have not been remediated and are running on your device." I've scanned many times and nothing seems to change ?
Unsure of how to remove it. Thanks in advance.
Edit: The affected items are:
file: C:\Users\Mattias\AppData\Roaming\instab\service.exe
file: C:\WINDOWS\System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\Phase2->(UTF-16LE)
taskscheduler: C:\WINDOWS\System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\Phase2
regkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\termsrv\RemoteFX\Phase2
regkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB272CA-5CA2-4D88-AC31-4D4EB48DB98E}
More...