F-Secure finds and removes file with "lokibot" in TEMP-folder forces reboot. Again and again.
After years using Kaspersky I thought it was time for a change. For about a year we are using F-Secure SAFE instead.
Starting two weeks ago F-Secure SAFE reported a trojan "lokibot" hidden in a file in C:/TEMP or C:/WINDOWS/TEMP. F-Secure removed the trojan and rebooted Windows 10. A few minutes after the reboot F-Secure finds another file in the same folder, removes it and reboots. And this is going on and on.
I thought some kind of virus must be in RAM. A startet a complete scan of the computer: nothing. I started Windows 10 in protected mode and deleted every file in TEMP. After a normal boot the same procedure startet as written above. We tried some free test-version of another anti-virus: nothing.
Has somebody an idea?🙄
How can I break the loop. The latest updates of Windows10 and SAFE are installed.
Ukko Posts: 3,522 Superuser
Sorry for my reply. I am only an F-Secure user (their home solutions).
Actually, you could try to collect "quarantined" item and / or to transfer it via discussing with official Support (https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample) (https://www.f-secure.com/en/home/support/contact)
There was a discussion about routine to do so: https://community.f-secure.com/en/discussion/123192/trojan-warning-but-always-again
I mean, maybe, it is can be useful for getting entire picture of malicious behavior (dependencies).
But as your own steps to find a bit more information:
- could you check whether it is pinned to Network connection? For example, if device is not connected to Internet - after restart all is fine?
- could you check whether no any application should be launched (browser, for example) after restart with network connection?
- also it is possible to check "autorun" (start up keys) settings, Scheduled tasks and so things.