So here’s what we’re finding. This trojan sits in the root of C and is called my.exe. There’s also a corresponding service called WinDefService. What we’ve been able to do is stop that service if it’s running and then we can delete the file. I’ve tried writing the action commands in my relevance, but I’m unable to save it so I can run the fixlet to fix this. If someone could help me with the Action Script I’d appreciate it. Here’s what I put in . . .
net stop windefservice
sc delete “Windows Defender System Service”
Sorry for the request, scripting isn’t my strong suit.