Jump to content

Trojan:Script/Cloxer.A!cl


Recommended Posts

Several days ago I got a Windows Defender alert.  The "affected items" are just shortcuts.

HWMONITOR2.thumb.png.44d2253b4a9c5e6a2e57d64cfac99cc4.pngHWMONITOR.thumb.png.a5a70eae526ca8366096c41cc2fc3b71.png

 

 

 

 

HWMONITOR.thumb.png.a5a70eae526ca8366096c41cc2fc3b71.png

 

Windows defender removed the items automatically.

I restored a Macrium backup.  The same thing happened.

Some time later, I got another alert.  Once again, the "affected items" are shortcuts.  They are located inside in a backup folder created for start menu pinned shortcuts.  They were not detected earlier, yet they are essentially identical to the first items.

1083771842_2019-06-02(4).thumb.png.dee2f8416303afd43d5aab485ba75379.png

 

I'm not clear what is meant by "affected item".  Is an "affected item" recognized as the cause of the "Trojan:Script/Cloxer.A!cl"? What is the origin of Trojan:Script/Cloxer.A!cl

The install folder for HWMonitor portable is untouched and not acknowledged by Windows Defender.  I have been using HWMonitor for years, and this version since September of 2018, with no problems and no recognition from Windows Defender.

Before these events my computer showed no obvious symptoms.  Since the removal, Windows Defender now says I'm clean.  I ran the Malicious Software Removal Tool, and it came up clean.

None of this makes sense to me. 

thanks

 

HWMONITOR2.png

Link to post
Share on other sites

  • Root Admin

Hello @mapsonix  and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Hi Ron,

I may be mistaken, but I don't believe my problem is due to malware or a virus for a couple reasons, but I do have some strange Windows Defender symptoms, which I have seen in the past but were resolved, only to return now.

For about 2 weeks now, when I try to run an advanced scan on my C:\ drive from the context menu  (a common practice for me),  Windows Defender maxes out my CPU and essentially crashes my computer.  If i wait long enough, or somehow am lucky enough to be able to get into the Task Manager to end the task when the CPU usage fluctuates momentarily, it will return to normal.  Other than that, it means performing a manual shutdown.

If I access Virus and Threat Protection from the Window Defender taskbar icon, I can only run a quick scan, which works fine.  If I try to run the advanced scan, I get a slight "blink" when selecting the advanced link, but nothing else happens at all.

If I access Virus and Threat Protection advanced scan from Window Settings, it works normally, although it still maxes out the CPU (I don't know if that maxing out is typical of this type of scan)

All of this started happening at the same time I started having these Trojan:Script/Cloxer.A!cl warnings.  Warnings that say they are about "shortcuts", of all things.  Which makes me think they must be false positives.
 
My current defender scans are all  "no threats".  

I ran a Malicious Software Removal Tool scan.  No infection found.

I ran an ESET online scan.  It found a bunch of stuff, but they were things like Gom Player and IAOMEI PE Builder, which are not being used and commmonly come up on theses scans as being possibly suspicious.  Nothing of any substance showd up on the ESET scan.

One other very odd thing.  The Macrium backup I used to restore to my SSD came from my other internal drive, an HDD, whose operating system was not used or had windows updates for about a 1 1/2 months.   I used it to restore because It had no problem with windows defender.  It still works fine, so you would think after restoring it to the SSD, both drive would behave identically, but they do not.  I've never seen anything like that before.  Weird.

Can anybody speak to these possible false positives, and whether they are related to my Defender scan problems.  Maybe there's a known fix for Windows defender, or maybe there's a way to reinstall it to repair?

thanks

 

 

Link to post
Share on other sites

Hi Ron,

I may be mistaken, but I don't believe my problem is due to malware or a virus for a couple reasons, but I do have some strange Windows Defender symptoms, which I have seen in the past but were resolved, only to return now.

For about 2 weeks now, when I try to run an advanced scan on my C:\ drive from the context menu  (a common practice for me),  Windows Defender maxes out my CPU and essentially crashes my computer.  If i wait long enough, or somehow am lucky enough to be able to get into the Task Manager to end the task when the CPU usage fluctuates momentarily, it will return to normal.  Other than that, it means performing a manual shutdown.

If I access Virus and Threat Protection from the Window Defender taskbar icon, I can only run a quick scan, which works fine.  If I try to run the advanced scan, I get a slight "blink" when selecting the advanced link, but nothing else happens at all.

If I access Virus and Threat Protection advanced scan from Window Settings, it works normally, although it still maxes out the CPU (I don't know if that maxing out is typical of this type of scan)

All of this started happening at the same time I started having these Trojan:Script/Cloxer.A!cl warnings.  Warnings that say they are about "shortcuts", of all things.  Which makes me think they must be false positives.
 
My current defender scans are all  "no threats".  

I ran a Malicious Software Removal Tool scan.  No infection found.

I ran an ESET online scan.  It found a bunch of stuff, but they were things like Gom Player and IAOMEI PE Builder, which are not being used and commmonly come up on theses scans as being possibly suspicious.  Nothing of any substance showd up on the ESET scan.

One other very odd thing.  The Macrium backup I used to restore to my SSD came from my other internal drive, an HDD, whose operating system was not used or had windows updates for about a 1 1/2 months.   I used it to restore because It had no problem with windows defender.  It still works fine, so you would think after restoring it to the SSD, both drive would behave identically, but they do not.  I've never seen anything like that before.  Weird.

Can anybody speak to these possible false positives, and whether they are related to my Defender scan problems.  Maybe there's a known fix for Windows defender, or maybe there's a way to reinstall it to repair?

I also wanted to mention that I  have no third party malware or antivirus tools installed

thanks

 

 

Link to post
Share on other sites

  • Root Admin

I'm sorry but whether you have malware or not I would like to confirm that myself with the recommended scans. The FRST scans also help to show what is running and issues in general the PC may be experiencing. Please follow the recommended steps so that I can try to assist you.

Thank you again

Ron

 

Link to post
Share on other sites

Hi Ron,

Here you are.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-10-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1249 octets] - [10/06/2019 14:34:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

malwarebytes 6-10-19.txt FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

Okay, looking at the logs the computer is not obviously infected.

It would appear that Microsoft and Malwarebytes don't like how/where you're creating these links as they're not normal.

If you really want to have them, then try setting exclusions in Windows Defender and Malwarebytes for them.

Ron

 

Link to post
Share on other sites

I wonder if i put that hwmonitor shortcut back where it was if malwarebytes would pick it up?

My real concern though is what is troubling Windows Defender.  Do you have any thoughts about that? I know that in the past I was not the only one suffering from this.  I cant remember if there was some sort of fix, or it was taken care of by a windows update.

I saw somewhere that in some cases Windows defender has a problem scanning it's own install folders and it could cause issues, so you might want to include those folders in the Windows Defender exclusion.  What do you think of that?

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.