cancel
Showing results for 
Search instead for 
Did you mean: 
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
Charlie_me
Level 1
3 2 0 2
Message 1 of 17
9,312
Flag Post

how to remove Trojan : Win32/dynamer!ac

HP Recommended
Pavillon DV6
Microsoft Windows 7 (64-bit)

 

I am trying the permenently remove the following : Win32\Dynamer!ac

 

The only program that is able to detect it is : Microsoft Security Essentials

But at the removing process (clean PC) it crashes almost at the end of removal with an error message that can be provided if needed . The program (M.S.E.) is also able to quarantine the : Win32\Dynamer!ac and "remove it" but if I scan it again it is still there.

So I tried other recommended program on the microsoft page on the Win32\Dynamer!ac matter and none worked or were able to detect the problem

-Ccleaner

-Windows Defender

-Malwarebytes

-Spyhunter other that a friends of mine did but don't know the name (could be provided if needed)

-I factory reset my laptop without reinstalling my backup files\programs (on a USB) just in case it was infected and once again it is still there !@#$$%

 

So i'm kinda out of options...

Found the location of the Win32\Dynamer!ac in the D drive ,I have no idea how to remove it and affraid the damage the computer .

 

If it can be helpful here the name\section of the file

 

containerfile: D:\preload\base.wim

file: D:\preload\base.wim->(Image85832)\SwSetup\HPGames\HGTO\SRC\WT\Games\builtalot5elizabethanera-oem.exe->(nsis-3-Builtalot5-WT.exe)->(EXEEmb)

 

Thank you in advance for helping me with this nightmare

 

0 Kudos
16 REPLIES 16
IT_WinSec
Level 15
Level 15
9,958 9,854 796 3,829
Message 2 of 17
Flag Post
HP Recommended

Hello Charlie,

 

Thank you for posting in the HP Support forum. Welcome!

 

This is false detection by Microsoft's software / false positive / false alarm > https://en.wikipedia.org/wiki/False_positives_and_false_negatives#False_positive_error

 

The file /container D:\preload\base.wim is clean and is part of the HP recovery software.

The reason why only MSE finds this is because it's the only one that produces this false alarm.

 

Possible solutions (long response time) >>

1) send this information to Microsoft:

https://www.microsoft.com/en-us/security/portal/developer/ContactUS.aspx

 

2) send again this way to Microsoft >> https://www.microsoft.com/en-us/security/portal/submission/submit.aspx

 

3) Ensure your Microsoft MSE is updated

 

*Fast fix * 4) Exclude D:\preload\  from being scanned in MSE

http://answers.microsoft.com/en-us/protect/wiki/mse-protect_scanning/how-to-exclude-a-filefolder-fro...

 

Let me know if this works for you.

 

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013
0 Kudos
Charlie_me
Author
Level 1
3 2 0 2
Message 3 of 17
Flag Post
HP Recommended

Hi, Thank you very much for taking the time to adress my problem .

I also read the same thing online (false positve) but i'm wondering why it was'nt detected before (about 2 weeks ago)

I own this laptop since 2010 and never had this result in previous scan, also MSE is up to date.

 

 

 

IT_WinSec
Level 15
Level 15
9,958 9,854 796 3,829
Message 4 of 17
Flag Post
HP Recommended

Hello,

 

It was not detected before because Microsoft Security Essentials is not a static program. Just like any other AV in the world, it updates itself constantly. Microsoft release new signature updates several times per day and they release new scanning engines every month. Recent change in their engine or something in the signatures caused this.

.wim files are NOT executables and they do not pose risk for your computer. There is no way for a malware to have updated files inside .wim files.

 

In order to fix your issue, just exclude the path as suggested above. If you want to take an extra mile and be polite, also submit information to Microsoft so that they are notified and hopefully fix it.

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013
0 Kudos
Charlie_me
Author
Level 1
3 2 0 2
Message 5 of 17
Flag Post
HP Recommended

Thank you again ,it is really appreciated .

Have a great day

IT_WinSec
Level 15
Level 15
9,958 9,854 796 3,829
Message 6 of 17
Flag Post
HP Recommended

You are most welcome !

 

Please, mark the post that solves your problem as *Accepted Solution* - this helps other users if they search for similar issues.

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013
richardsymms
Level 1
9 8 0 0
Message 7 of 17
Flag Post
HP Recommended

Well this is on my recovery drive and most of us got it from downloading HP Games / Wild Tangent.  So, note to HP ==  HELP US OUT HERE!

 

Having even a false positive read on this trojan is concerning and a pain in the neck.

 

I do not want to fromat my drive or otherwise lose the programs like MSFT Office because of that.

 

 

0 Kudos
IT_WinSec
Level 15
Level 15
9,958 9,854 796 3,829
Message 8 of 17
Flag Post
HP Recommended

Hello @richardsymms

 

If this is related to the very same issue described above, please, provide information to Microsoft support and exclude it from scanning from MSE/WD. You do not need to format your PC and loose anything for a false detection.

 

If some file has already been quarantined by MSE/WD, please

1) exclude the location

and

2) restore it from the Quarantine

>> Your FEEDBACK is important. Click below on Accept As Solution or ThumbUp+ buttons if my comments helped or to say thanks <<
*** I work for HP *** I express personal opinion only *** HP Expert - Volunteer since 2013
swansojb
Level 2
13 9 0 3
Message 9 of 17
Flag Post
HP Recommended

Windows Defender also detects it in Windows 10. I am going to try another scan to see if that works, even though it should not be necessary.

0 Kudos
swansojb
Level 2
13 9 0 3
Message 10 of 17
Flag Post
HP Recommended

Windows Defender also detects it in Windows 10. I am going to try another scan with the offending folder excluded to see if that works, even though it should not be necessary.

0 Kudos
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation