Each start up Trend removes Spyware from my computer - Originates from HKTL_NIRCMD.GA

  • 1
  • Problem
  • Updated 3 months ago
  • In Progress
  • (Edited)
Every time I boot my computer up a Trend InternetSecurity box pops up saying "Spyware Removed"

Name: [XXXX].tmp.exe - (What's in the brackets always changes e.g. CF87)
From: HKTL_NIRCMD.GA

Trend never seems to be able to fully remove this issue as every start up this box will always reappear.

A full scan never finds any original program.

Computer: Windows 10
Product: Trend Micro Internet Security

EDIT: Infected file always appears in C:\Users\[USER]\AppData\Local\Temp\
Photo of theraxel

theraxel

  • 110 Points 100 badge 2x thumb

Posted 3 months ago

  • 1
Photo of Max Slo

Max Slo, Champion

  • 8,104 Points 5k badge 2x thumb

-I'm not a Trend Micro representative, but I like to give you some suggestion-

Hello,

I think THIS LINK may help! :)

Photo of theraxel

theraxel

  • 110 Points 100 badge 2x thumb
Thanks, unfortunately all searches I did (as per instructions) for the program couldn't find it.
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 21,314 Points 20k badge 2x thumb
Hi theraxel

Welcome to TM Home users Community, a public site where volunteers try to help each-other , also there are TM Employees that can give answers, that is only at working hours. I am just a volunteer!
Can you do a system restore to a point you installed this software by accident ?
Kind regards,Tom
Photo of theraxel

theraxel

  • 110 Points 100 badge 2x thumb
Just double-checked and no, no luck unfortunately.

Emptying the recycling bin also worked to no avail.
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 21,314 Points 20k badge 2x thumb
Hi theraxel
I you open the Main console and then Security Report, then See more details, you can see where the file was found, can you take a screenshot of that log?I am running MAX Security so i don't know if it is the same! 
Kind regards, 
Tom


Photo of theraxel

theraxel

  • 110 Points 100 badge 2x thumb
It just shows the Temp data location  aforementioned in my description:

Photo of Tom Emmelot

Tom Emmelot, Champion

  • 21,314 Points 20k badge 2x thumb
Hi theraxel
3 questions do you know the last installed software?Did you use Nirsofts products?Did you a scan  with regedit to find nircmd.exe 
Here from you, 
 
Kind regards,   Tom
(Edited)
Photo of Max Slo

Max Slo, Champion

  • 8,104 Points 5k badge 2x thumb
-I'm not a Trend Micro representative, but I like to give you some suggestion-

Hello,
I'm sorry you still facing this issue.

I agree with my Friend Tom:
in this case, malware tipically 'restart' due to register entries. 
Photo of TM_Kiko

TM_Kiko, Employee

  • 10,442 Points 10k badge 2x thumb
Hello theraxel ! Welcome to the community!

I would advise contacting our Technical Support for more help. We can use tools to further identify the root cause of the problem and apply troubleshooting steps to resolve the problem.

Contact Trend Micro Technical Support

All the best.