• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.
Locked

‎01-12-2024 04:06 PM

HP Recommended
Operating System: Microsoft Windows 10 (64-bit)

I got a notification from Windows Defender that a Trojan had been detected on my Pavilion laptop, but “Remediation was Incomplete” and the threat remained “Severe”. How do I complete remediation please?

 

So far I have tried: 1. A Windows Defender Quick Scan – nothing detected; 2. A WD Full Scan – nothing detected; 3. A WD Offline Scan – nothing detected, and 4. a Malwarebytes scan – nothing detected. So I scanned with Microsoft Security Scanner (MSERT) which froze at the three quarter mark having identified 75 infections. I then freed up space by deleting Firefox cache files and scanned again with MSERT on two occasions several days apart, with the same result -the scan froze each time at the three quarter mark and wouldn’t complete.

 

NOTE :  I am running Windows 10, 64 bit. The malware is “ Trojan HTML: Phiz!pz”. The MERST scan stopped twice on the same file (C/Programme files (x86)HP/HP RegistrationService/HPGenOOBE,exe) and once on (E:preload\install31.swm). Defender said the affected items are Firefox\Profiles\f590f2zl.default\czche2\entries. Windows routine Back-Up is obviously affected too since on the last two occasions it has tried to run it has been stopped by the Trojan.

NOTE 2: There is plenty of space on the C: G: and 😧 drives and 1.41 GB remaining on the E: drive. Around 30 million files had been scanned by the time MERST froze and around 80 infections had supposedly been detected

Category:
4 REPLIES 4

‎01-14-2024 10:49 AM - edited ‎01-14-2024 10:54 AM

HP Recommended

Hello,

 

Assuming that Windows Defender and your Windows are up-to-date, there is no need to scan with Microsoft's standalone scanner or any other stand-alone MS apps. Also, no need to perform Full scan (quick one is enough).

 

If you utilize the stand-alone scanner from Microsoft, it will deeply scan inside images and archives while the Windows Defender will skip some of these (not going so deeply) by default simply because such scanning is not needed, not efficient and also because Windows Defender has a real-time protection, too.

 

This Trojan HTML: Phiz!pz might also be a false detection from what I see being detected in your case.

 

I would recommend you clear your browser's cache and temp data.

Ensure your Windows Defender is up-to-date.

 

To ease your mind, try with the Sophos HitmanPro (free scanner and free removal for 30 days remediation). The app is classic, is popular online and is a tiny utility which quickly scans your device using non-traditional methods. If something suspicious is found, then it is uploaded to the Cloud, scanned there and results returned to you. Here is more info >> https://www.hitmanpro.com/en-us/hmp

 

 

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013
Was this reply helpful? Yes No

‎01-15-2024 03:52 PM

HP Recommended

Thanks. That is very useful and reassuring information. However there does seem to be a worrying threat still undealt with. My weekly windows back-up has been stalled three times, so there hasn’t been a back-up since 21 December and I get a warning each time that “the operation did not complete because the file contains a virus or potentially unwanted software”. A check for more details then tells me the culprit is Trojan HTML: Phiz!pz.  A further check with protection history then tells me each time that remediation is incomplete and the threat remains Severe. I performed a manual back-up just on the off-chance and got exactly the same results.

 

Note: Back-up is stored on an external drive – usb stick.

 

Thanks for the Sophos Hitman Pro suggestion. I ran it and, as you expected, this detected no infections. I had also already cleared cache from my browser to no effect. (this was “stored cookies, site data and cache”. I assume this is the same as “cache and temp”.)

 

Grateful for any other suggestions.

1 person found this reply helpful
Was this reply helpful? Yes No

‎01-24-2024 12:28 PM - edited ‎01-24-2024 12:35 PM

HP Recommended

Hi @Joseph221 

 

Thank you for your post. I am sorry for the delay in my reply.

 

Let me re-assure you that what Windows Defender has detected [Trojan HTML: Phiz!pz] is a false positive detection and not real threat for your computer. This is based on the information posted by you, the WD scan results, the HitmanPro extra checks, the symptoms described and the location where it is detected. Your computer seems clean (not infected) by any obvious or in-the-wild threat.

 

What you see about the back-up failing is as a result of Defender blocking the file being copied.

You can remove E:\ from being copied, it is not needed to be backed up.

 

Program files (x86)/HP/HP Registration Service/HPGenOOBE,exe) or E:preload\install31.swm

Here is more info >> https://en.wikipedia.org/wiki/False_positives_and_false_negatives

 

 

 

What you can do:

1. Add an exclusion into Windows Security / Windows Defender >> https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-...

This will stop Defender from scanning that file or location and your backup will complete.
We need this as this detected is incorrect (false positive).

2. In Windows Defender, when it detects the same thing again, you can add the detection in the "Allowed threats" list . Can be seen in "Virus & Threat protection"

3. Submit the detected file for analysis to Microsoft and report the false detection to them so that they can fix the product
>> https://www.microsoft.com/en-us/wdsi/filesubmission

>> https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-report-false-positi...

 

Thank you !

 

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013
Was this reply helpful? Yes No

‎01-29-2024 02:23 PM

HP Recommended

Thank you for your reply. It is most encouraging. I have followed the path you described and am about to complete but before I do, I'd like to be sure I'm doing the right thing. In "Add exclusion" I clicked on "process" in the drop down box, and am asked  to enter the item to be excluded. I think this is "E:"

I'd be grateful for confirmation that this is correct. Sorry to drag it out but I'm not very tech-savvy and am wary of doing something disastrous. Thanks.

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.