Trojan and other quarantined files from System32 folder

Viruses & Threats
4

Hi Fabio,

The files could be a threat. However, we request you to update Windows and AVG Internet Security to check with deep scan again to confirm the threat.
Keep us posted.

5

I'm currently having a similar situation. It's as if AVG deleted itself after an update, and upon reinstalling it, it immediately detected:

C:\Windows\System32\winlogui.exe
IDP.Generic.91bfb82ed5c3.3.2

After I've run a deep scan, it quarantined two additional files:

C:\Windows\System32\winscomrssrv.dll
Win64:Trojan-gen

C:\Windows\System32\winrmsrv.exe
Win64:Trojan-gen

When I ran a deep scan again after a restart, it quarantined two more Sys32 files:

C:\Windows\System32\trzB084.tmp
Win64:Trojan-gen

C:\Windows\System32\trzBECF.tmp
Win64:Trojan-gen

What the hell am I dealing with? Possibly unrelated note: during the session before the restart wherupon AVG disapeared, my IPS screen started displaying a green hue on the left, along with pixel-sized horizontal stripes due to what seemed like a spontaneous hahrdware failure.

1

Hello all, 

I have just installed and run a deep scan. 
AVG has identified 3 potential threats and I'm not entirely sure what to do next as the options are to delete the files or restore them. 

The files are in System32 and, following some of the advice you've given before on this forum, the program is legitimate as I believe these are windows files. 

results: 
the files are: 
C:\Windows\System32\winrmsrv.exe
IDP.Generic.5b85ceb558ba.3.2 in 

C:\Windows\System32\winlogui.exe
IDP.Generic.91bfb82ed5c3.3.2

C:\Windows\System32\winscomrssrv.dll
Win64:Trojan-gen

What's next? 

I shall add: 
the windows update service has been interrupted for few days now and the system taskhostw.exe was clogging the CPU for a long time. I am wondering whether the computer is actually infected or it's an issue with the system.

thank you in advance for your help. 

Best, 
Fabio

3

I'm currently having a similar situation. It's as if AVG deleted itself after an update, and upon reinstalling it, it immediately detected:

C:\Windows\System32\winlogui.exe
IDP.Generic.91bfb82ed5c3.3.2

After I've run a deep scan, it quarantined two additional files:

C:\Windows\System32\winscomrssrv.dll
Win64:Trojan-gen

C:\Windows\System32\winrmsrv.exe
Win64:Trojan-gen

When I ran a deep scan again after a restart, it quarantined two more Sys32 files:

C:\Windows\System32\trzB084.tmp
Win64:Trojan-gen

C:\Windows\System32\trzBECF.tmp
Win64:Trojan-gen

What the hell am I dealing with? Possibly unrelated note: during the session before the restart wherupon AVG disapeared, my IPS screen started displaying a green hue on the left, along with pixel-sized horizontal stripes due to what seemed like a spontaneous hahrdware failure.

2

Hi Fabio,

The files could be a threat. However, we request you to update Windows and AVG Internet Security to check with deep scan again to confirm the threat.
Keep us posted.