TROJ_GEN.R000C0DIT16 is on my network drive (a photo.scr trojan)my machines and your software catch it, but how do I get it of my NAS drive?

  • 1
  • Problem
  • Updated 2 years ago
  • In Progress
TROJ_GEN.R000C0DIT16 is on my network drive (a photo.scr trojan) my machines and your software catch it, but how do I get it off my NAS drive? Windows 10 PCs
Photo of glenn

glenn

  • 90 Points 75 badge 2x thumb

Posted 2 years ago

  • 1
Photo of TM_L

TM_L, Official Rep

  • 15,740 Points 10k badge 2x thumb
Hi @glenn, thanks for trying our new Community!  

For your question, if Trend Micro Security shows "Threats Resolved" when threats have been detected and was cleaned or removed. We have a reference doc with definitions of scan result. You can refer to "Scan Result For Security" section to know more:
Types of scan responses of Trend Micro Security software

Also, if threats were resolved by Trend Micro Security once, it will not be detected in the next scan. It means that the result of the next scan should be 0 threat has been found.

If it shows "Not Yet Resolved",  you have to click the status and follow the instructions shown on it.

For your situation, it sounds like "TROJ_GEN.R000C0DIT16" was detected by Trend Micro Security, is that picked up in every scan? We would like to confirm the following information:
  1. How many times do you scan a week?
  2. Are you seeing "TROJ_GEN.R000C0DIT16" picked up in the scan report after each scan?
  3. Could you provide a screenshot of "TROJ_GEN.R000C0DIT16" detection scan report you're seeing?
After we can understand more background of this problem, we'll recommend a solution to you ASAP. Thank you!

Trend Micro Home Users Community
Photo of glenn

glenn

  • 90 Points 75 badge 2x thumb
Hi Linda -

The photo.scr trojan file is on a Lacie 2Big Network Drive - So maybe this applies -
"Access denied (it does say that)- The scan is unable to remove or clean an infected file since the logged-in user account did not have full "read/write" access to where the threat was found (such as a CD-ROM or network drive- it is a network drive)."

To answer your question - I scan the network drive from multiple computers at the same time whenever one of my machines catches a 'photo.scr' file in hopes that one of the machines will catch the original file as it tries to replicate on the network drive . Lately that has been a couple times a day.

Today, I searched the network drive from one computer in a windows explorer window while two of my other machines were scanning the drive for threats in Trendmicro. The machine I was searching on Trendmicro program would catch several 'photo.scr' replicant files and I would delete the rest - In effect I was chasing the trojan virus master file around the network drive with three machine automatically via Trendmicro, and one manually via windows search.

Oddly enough, I can't manually search up any more 'photo.scr' files on the Lacie 2Big drive in multiple tries - so either what I was doing worked, or the master trojan file has gone dormant.

One odd thing I noticed, the "Access denied" ie TROJ_GEN.R000...  number changed a couple times on the trendmicro searches.

So if I were to search the machine from the computer that has the master control software for the network drive, would Access be 'Allowed' to delete the original trojan file?

If it happens again, I'll send you a picture, but I got my fingers crossed I may have got the master bug file and deleted it manually via windows search.

Can a photo.scr trojan file go dormant?

Any thoughts?
Photo of TM_L

TM_L, Official Rep

  • 15,740 Points 10k badge 2x thumb
Hi @glenn, thanks for providing details!

You are right! The "Access denied" message appears might because you are using a standard or limited user account, not an Administrator. Please make sure you are accessing the NAS drive as administrator.

Then please run an update manually by following steps:
  1. Right-click on the Trend Micro system tray icon at the bottom right corner of your screen.
  2. Click "Check for Program Updates" and the About Your Software windows will appear and will automatically check for available updates.
After running update manually, could you please perform a Full Scan again?
Running a scan using your Trend Micro Security software - refer to "Full Scan"


If the same "Access denied" message appears, as I mentioned last time, you can refer to the above link "Not Yet Resolved" section.

If you still worry about if there are some threats on your computer,  we also can pass your case to our Support Center, our Support Agent will work with you to gather some logs for further investigation. Please let me know if you would like us to proceed with this transfer.

Trend Micro Home Users Community
Photo of glenn

glenn

  • 90 Points 75 badge 2x thumb
Hi Linda -

Will do the above. The only bummer is I have lost admin control and software console for the Lacie2big NAS drive in the process of a brutal Windows 10 Pro Install (Long ugly tale). I know there is some crazy drive reset I can do to the NAS drive to regain admin rights to the drive and re-install the Lacie Control console. Had to do it once before, put I need to get Lacie support on the phone to do it again.

So far so good though, can't search up a 'photo.scr' file on the drive and multiple scans have come up negative. Maybe my multi platform attack worked. LOL.

Thanks for your help, and I'll keep you posted.
Photo of TM_L

TM_L, Official Rep

  • 15,740 Points 10k badge 2x thumb
Hi @glenn, thanks for the reply!

It's good to hear that so far everything is alright! Please let us know if you have questions or encounter any problems at any time. Thanks!

Trend Micro Home Users Community