Virus: Trojan:Win32/Vindor!pz

Windows virus app has found 5 active viruses but can't remove them, and Norton,HitmanPro,Malwarebytes,Bitdefender,KVRT won't even find them. Also tried to delete every thing in %temp% and D:\$RECYCLE.BIN but still keeps comming back.

Trojan:Win32/Vindor!pz
Alert level: Severe
Date: 21.10.2023 21:21
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

Affected items:
containerfile: D:\$RECYCLE.BIN
\x\
\sources\install.wim
file: D:\$RECYCLE.BIN
\x-\
sources\install.wim-
>\Program Files\Common Files\Microsoft Shared\ink
\InkWatson.exe

@jona1
Please post progress. 
Thanks

as test: Full Scan
png_17300.pngMicrosoft Safety Scanner v1.399, (build 1.399.1188.0)
Started On Mon Oct 23 16:05:12 2023

Engine: 1.1.23090.2007
Signatures: 1.399.1188.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Mon Oct 23 18:04:23 2023

jona1:

Windows virus app 

Microsoft Safety Scanner (MSERT)

https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download

Microsoft Safety Scanner (MSERT) is a standalone tool. 

  • Quick scan: Scans the section likely to contain viruses, spyware, and other unwanted software but does not remove any infections. Instead, you will be prompted to perform a full scan.
  • Full scan: Scans the entire system for malware and removes infections.

[source windowscentral.com] Note: windowscentral.com has ads


The Microsoft Safety Scanner doesn't remove malware that is found, but it does show you suspicious files and where you can find them. Navigate to the file location shown and identify the suspect file.

You can then check the Microsoft Malware Protection Center to see if the file is known malware. And how best to manually remove it from your computer. [source makeuseof.com] Note: makeuseof.com has ads


It is normal for the Microsoft Safety Scanner to show detections during the scan process.
It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.
That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.
Then it writes into the log on your computer what it found.
The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log 
[source Malwarebytes Forums]


MSRT (Windows Malicious Software Removal Tool) is usually updated once a month as part of Windows Update or standalone.

MSERT (Safety scanner) updates every 10 days or so and it is standalone only. 

jona1:

Windows virus app 

Microsoft Safety Scanner?
Malicious Software Removal Tool? 
Windows Security/Microsoft Defender?
  Limited Periodic Scanning in Microsoft Defender?


  • Norton product or service name and version
  • Operating system - version / build 
  • Norton error message / error code / screen shot (mask personal info)
  • Steps to reproduce issue