roamsvc.exe

HI all
I have a warning on startup from Nod 32 it is as follows
C:\Users\Graham\AppData\Local\Temp\roamsvc.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan unable to clean

Have looked around on how to clean this, they all want me to install another anti virus program??

It is not the normal roamsvc by Intel, its in the wrong directory and the wrong size.

Anyone know how to clean this, first one in 4 years that nod cant deal with.

Thanks

MadBriT

 

create and submit sysinspector log
http://kb.eset.com/esetkb/index?page=content&id=SOLN2219

and or visit one of the dedicated sites
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

The file is legitimate but it would appear to have become infected. Do as Cudni suggested

Your may try flushing your %temp% files by running a command from your Run Box in Safe Mode and deleting all those files, run a full on-demand scan after a reboot.
If the infection remains defer to what was originally suggested.

Thank you.

 

I doubt it's a legitimate file, especially when it's located in the temp folder. Malware often has names same as or similar to system files and the danger it poses doesn't depend on its name but on the actions the malware does.

 

Have you run a smart scan with the on-demand scanner?

 

Agreed, what I meant was the file name is correct for the executable file but not in a temporary file location. A Smart or Full Scan would be required, at the least.