Virus found: TROJ_GEN.R00XC0OFT17

  • 1
  • Question
  • Updated 1 year ago
  • Acknowledged
Help me getting to remove this please:
30/06/2017 07:50 TROJ_GEN.R00XC0OFT17 Virus C:\WINDOWS\TEMP\tmp0000786f\tmp00000016 Access Denied Real Time Scan
I have cleared out the Temp folder but the Trend notification keeps popping up. Google search only points to the Trend Definitions release - no more info found.
Thanks.
Photo of chrismine

chrismine

  • 132 Points 100 badge 2x thumb

Posted 1 year ago

  • 1
Photo of TM_Nicole

TM_Nicole, Employee

  • 830 Points 500 badge 2x thumb
Hi, @chrismine!

Thank you for your response and welcome to the community!

There are two "Temp" folders; one is in the location "C:\Windows\Temp" and the other is in "C:\Users\\AppData\Local\Temp". It's possible that you cleared out the Local Temp files which only contain temporary files created by other programs and these are usually safe to delete. If you made sure that you cleared out the Windows Temp folder, the file may not have been deleted completely since it's still running in the background.

To resolve this issue, please follow the steps below:

STEP 1: Boot into Safe Mode

Safe Mode is a way for you to access programs that are only necessary for the computer to run. Other applications not needed won't run in Safe Mode.

The link provided contains the steps on how to boot into Safe Mode:
STEP 2: Show Hidden Files
  • Navigate to the C:\Windows\Temp folder.
  • Refer to Microsoft's support page below on how to show hidden files:
          Showing Hidden Files (Windows 7, Windows 8.1 and Windows 10)

STEP 3: Delete the Windows Temp Files

To be able to delete the "C:\Windows\Temp" files while in Safe Mode, follow the steps below:
  1. Open the Run window by pressing the Windows Key + R button on your keyboard.
  2. Type "%systemroot%\temp" and click OK. 
  3. Delete everything inside the Temp folder.
STEP 4: Boot the Computer Normally.

STEP 5: Run a Quick Scan 
(You may run a Full Scan but please expect this type of scan to take a long time).
  • For reference, please refer to the link below on how to run a scan:
          Running a scan using your Trend Micro Security software

  • Check if the file is still detected after completing the above steps.
Please let us know if this resolved the issue. We will be glad to assist you if the issue is not yet fixed.

Thank you and have a great day!

TrendMicro Home Users Community
(Edited)
Photo of chrismine

chrismine

  • 132 Points 100 badge 2x thumb
Thank for your reply.
I booted from an Ubuntu Live Flash drive and deleted everything in Windows/Temp as it's what the log told me. Booting back into Windows the Trend Alert pops up from time to time showing that the file has been blocked but cannot be deleted because of Access Denied. I did a scan of the C:/Windows folder with Trend Maximum Security AND Emsisoft Antiwalware with no results.
I'm not a total noob and cannot yet figure out what triggers this. THere seems to be a CMD process running. May be legitimate.

Please let me know if I you need more info or screenshots.
Photo of sloshnmosh1

sloshnmosh1

  • 450 Points 250 badge 2x thumb
THere seems to be a CMD process running. May be legitimate.
How did you determine that? in "taskmgr"?
Photo of sloshnmosh1

sloshnmosh1

  • 450 Points 250 badge 2x thumb
I replaced the task manager on my Windows 7 machine with Sysinternals Process explorer. https://technet.microsoft.com/en-us/sysinternals/bb896653

This gives you a MUCH better idea of what's running on your machine.
Photo of chrismine

chrismine

  • 132 Points 100 badge 2x thumb
Yes in TaskManager. Will try Sysinternals Explorer. Thank you.
Photo of TM_Malik

TM_Malik, Employee

  • 7,518 Points 5k badge 2x thumb
Hi, @chrismine!

Thank you for your reply.

You mentioned that you have a security program called Emsisoft Anti Malware installed on your computer as well? Chances are the Trend Micro program can't use it's full potential when it's actually conflicting with another security program. If in case you don't have a subscription with the other security program, I advise that we uninstall it.

Please also try running Trend Micro Anti Threat Toolkit to further check if this can be deleted:

Thank you and have a great day!

TrendMicro Home Users Community