I am using the Clamwin portable version on my pendrive to scan the hard drive of a computer that does not have internet access. Clamwin detected the trojan below:

C:\RECYCLER\S-1-5-21-1830786945-3717496114-528388107-9166\MsMxEng.exe: Trojan.Buzus-8106 FOUND

At first, I set Clamwin to quarantine the infected file back on a folder on my pendrive. However, when I re-scanned the hard drive, Clamwin detected the same trojan. So I decided to use the remove function. I get confirmation from Clamwin that the trojan was removed, as shown below:

C:\RECYCLER\S-1-5-21-1830786945-3717496114-528388107-9166\MsMxEng.exe: Trojan.Buzus-8106 FOUND
C:\RECYCLER\S-1-5-21-1830786945-3717496114-528388107-9166\MsMxEng.exe: Removed.

Once again, I re-scanned the same drive and it is still detecting the same trojan. Why is it not quarantining or removing? Did I set it up incorrectly? I am very frustrated that I cannot seem to clean this computer.

The file is located in your Recycle Bin which ClamWin may not have full access to. Try emptying your Recycle Bin and rescan the drive.

I emptied the Recycle bin and rebooted the computer. It still detects the trojan after rescanning. Any other ideas?

There is either an undetected "control" virus that distributes the recycler virus again, or there may be some sort of registry entry that does it, or maybe it is in System Restore. Disable System Restore and scan again.

If that doens't help, I suggest you download free Malwarebytes from https://www.malwarebytes.org/products/malwarebytes_free on the web and do a Quick Scan with it. Make sure to update it first. It should remove the physical malware(s) and any registry entries as well. If it doesn't, boot into Windows Safe Mode (hit F8 upon bootup until you see a screen--choose Safe Mode With Networking) and do another Quick Scan with it.

It that doesn't work, download Microsoft Security Essentials (for valid Windows versionf of XP, Vista, and Windows 7) from https://windows.microsoft.com/en-US/windows/products/security-essentials on the web and do a Quick Scan with it (keep it around if it works for you.

Let us know how it goes. You now have Plans A, B, and C. We have a few more left.

Regards,

Thanks GuitarBob. I ended up using Malwarebytes to get rid of the problem. I didn't want to disable system restore since it said it would delete all my restore points. I had to scan Malwarebytes in quick scan and full scan mode several times to get rid of the problem, but it finally did.

I'm glad Malwarebytes worked. Keep it around. It's a good tool. It is usually very good at finding malware once it gets on a computer. Kaspersky's TDSSKiller is good against most of the common rootkits. Trend Micro's Housecall is also pretty good against common malware. Once in a while, Microsoft's Malicious Removal Tool (mrt.exe in System 32 directory) will find a high-profile older malware. All these should work on computers from XP to Windows 7. For older computers than XP, Dr. Web's CureIT and Norman's Malware Cleaner are good. Kaspersky's Rescue CD (a Linux boot CD) around will find just about any Windows virus, and it will probably work on any 32 bit or 64 bit version. There you have a good anti-malware toolkit!

You should also use a real-time AV with ClamWin. Avast, AntiVir, and MIcrosoft's Security Essentials are all good. You can use ClamWin with Clam Sentinel for real-time, but I would scan daily with Malwarebytes, TDSSKiller, and Housecall (all three) if you do that.
They are all easy to update, so be sure to do that before a scan.

Regards,