roamsvc.exe

Discussion in 'ESET NOD32 Antivirus' started by madbrit, Jul 12, 2011.

Thread Status:
Not open for further replies.
  1. madbrit

    madbrit Registered Member

    Joined:
    Jul 12, 2011
    Posts:
    1
    HI all
    I have a warning on startup from Nod 32 it is as follows
    C:\Users\Graham\AppData\Local\Temp\roamsvc.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan unable to clean

    Have looked around on how to clean this, they all want me to install another anti virus program??

    It is not the normal roamsvc by Intel, its in the wrong directory and the wrong size.

    Anyone know how to clean this, first one in 4 years that nod cant deal with.

    Thanks

    MadBriTo_O
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The file is legitimate but it would appear to have become infected. Do as Cudni suggested

    Your may try flushing your %temp% files by running a command from your Run Box in Safe Mode and deleting all those files, run a full on-demand scan after a reboot.
    If the infection remains defer to what was originally suggested.

    Thank you.
     
    Last edited: Jul 12, 2011
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I doubt it's a legitimate file, especially when it's located in the temp folder. Malware often has names same as or similar to system files and the danger it poses doesn't depend on its name but on the actions the malware does.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Have you run a smart scan with the on-demand scanner?
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Agreed, what I meant was the file name is correct for the executable file but not in a temporary file location. A Smart or Full Scan would be required, at the least.
     
Thread Status:
Not open for further replies.