Microsoft Security Essentials Unable To Remove Trojan:Win32/Dursg.C Found In lsass.exe
A client called me today saying that a computer I had recently removed the Personal Security Virus from now appeared to have another virus. I was surprised by this since I had left Microsoft Security Essentials installed and active. My first thought was that he must have disabled the virus software however when I started looking at the laptop this was not the case. Below I describe steps I took to resolve the issue that were unsuccessful in remove the Trojan:Win32/Dursg.C as well as what I finally did that resolved the issue.
Failed Attempt To Remove Trojan:Win32/Dursg.C From Windows:
I decided to go ahead and do a complete scan with Microsoft Security Essentials which found the trojan and quarantined it which I thought would resolve the issue. The virus had also put a folder full of .exe files in C:\downloads. After a reboot Microsoft Security Essentials warned about a threat again which sure enough was the Trojan:Win32/Dursg.C. This was getting a little frustrating so at the clients request I reinstalled Windows XP for him. After the reinstall I plugged in one of his USB drives and moved some of his files back to the computer. All of the sudden the Trojan:Win32/Dursg.C virus was back and the C:\downloads folder was filled back up with .exe files. Now I knew that the virus he initially had gotten on the computer had also spread to the USB thumb drive which I thought was clever. The reason this is clever is many virus scanners or real time virus protection software won’t scan USB thumb drives by default.
Using Malwarebytes To Remove Trojan:Win32/Dursg.C Failed:
Anyhow I was really frustrated at this point but decided to give something else a shot so I downloaded Malwarebytes which ended up not removing the virus either.
Avast Removed Trojan:Win32/Dursg.C Virus For Good:
Next I decided to try Avast which did find the other part of the Trojan:Win32/Dursg.C virus that Microsoft Security Essentials had not removed. The other infected file was lsass.exe and Avast stopped the process and removed it from the computer. You can download Avast by clicking here. So the process that ended up completely removing the Trojan:Win32/Dursg.C virus was stopping it and securing the computer with Microsoft Security Essentials, downloading and installing Avast, and then running a full scan with avast that also removed the lsass.exe infected file that was starting when the computer booted.