Jump to content

Trojan detected on my official Windows10 USB Key


Recommended Posts


I have a problem to submit.

I tried to format my PC via my USB Key (official Windows10 USB Key) but it's impossible. To be sure, I started an antivirus analysis on it.

Malwarebytes detected a Trojan Trojan.Agent.UKED  D:\x64\SOURCES\WIN32UI.DLL

I wonder if it's a false positive and if this trojan can prevent me to format.

Meanwhile, I started an analysis on virustotal. On 67 antiviruses, 3 found something wrong :

Malwarebytes    Trojan.Agent.UKED    

TheHacker    W32/Behav-Heuristic-CorruptFile-EP

Trapmine    malicious.moderate.ml.score

Thanks in advance for your answers.


Link to post
Share on other sites

  • Staff

Indeed that was the same file I found in search. Thanks.

Think I found the file that is known clean/non corrupt for comparison.
Compare the "details" with this one:

Notice how VT can pull up version info, digital signature, Sections and all that.. your file from the link you posted it cannot.

How did this USB get created? I'm curious because the rule that is hitting on your file is a few years old & first time we are seeing it reported & I am interested in how that file got mangled.
Is there a site you can direct me to that you used to help with creating this USB ?



Link to post
Share on other sites

I bought this USB key about 2 years ago, in a real store called Materiel.net. It's also a website.

I format my PC a couple of times during the past 2 years and I never had any problem with this usb key before. Though, it's the first time I start an analysis on it, precisely because I can't format anymore.

Link to post
Share on other sites

  • Staff

What was the file referenced in the 0xc0000225 error message you keep getting?
Not sure I want to (or can) get into t-shooting session here but will throw a site at you I found looking up that error code which might steer you in the right direction.


Some of the responses touch on UEFI mode. Might want to check BIOS to see if it is set up like that. According to the materiel.net site, the USB key does not support UEFI mode.

Link to post
Share on other sites

Yes it's Windows 10 Home 32/64 bit USB key.

I haven't mentioned it, but each time I tried to put the file in quarantine it didn't work.

About the file referenced in the 0xc0000225 error message, i don't remember, i need to check that.

I have the possibilities of booting on UEFI : KDI-MSFTWINDOWS 10 PMAP and KDI-MSFTWINDOWS 10 PMAP. I tried both. None of them worked.

I'm pretty curious about the corrupted file. Let me know when you have more informations about it.

Thanks a lot for the link, and the time you take. 



Link to post
Share on other sites

  • Staff


Can you zip/attach a couple dll or exe files from this directory on the USB drive please?
They have to be zipped or they will be rejected here. 
It is quite possible there is some sort of encryption/protection on the USB to prevent anything else from tampering with it (including removal of files which is what MBAM was trying to do because a rule matched making it act on the file as though it were infected)
Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.