Firewall/Process Monitor Issues

Why does my Process Monitor always raise an alert when I start Trojan Remover?

When Trojan Remover launches, it creates a randomly-named copy of the main executable file, then launches this copy. This is part of Trojan Remover's defenses against malicious process killers. Some Process Monitors see this behaviour as suspicious. You should instruct your Process Monitor to always allow this behaviour by Trojan Remover, or you will continue to get alerts each time the program is launched. However, if your Process Monitor acts simply on filenames, and not by checking the executable properly (by MD5 signature, for example), then you may continue to see alerts as Trojan Remover's main filename is different each time it is launched.

One way to stop these alerts is to start Trojan Remover, select Options and click on "Random filename generation protection enabled" to turn this option off. You should then instruct your Process Monitor to always allow Trojan Remover to launch RMT.EXE.

Turning off random filename generation does make Trojan Remover more vulnerable to malicious process killers: however, your Process Monitor itself should prevent any such malicious activity, so there should be no increased risk.


My Firewall/Process Monitor shows an alert saying that Trojan Remover wants to create a service called TRDUMMYnn (where nn are random numbers). Is it safe to allow this?

Yes, you should allow this action. TRDUMMYnnn is part of Trojan Remover's routines to check for stealthed (rootkit) drivers. Basically, Trojan Remover writes a dummy service entry to the registry, just to confirm that it has write access. The entry is immediately deleted. You should instruct your Firewall/Process Monitor to always allow this.


Kaspersky Antivirus shows an alert screen every time I start Trojan Remover, about a "hidden install". I have added Trojan Remover to the Trusted Zone, but I still get the alerts - how do I stop this?

Start Trojan Remover. When the "hidden install" alert appears, click on "Add to Trusted Zone". In the screen that appears, click on the blue highlighted "Hidden install.." message next to Verdict mask. In the box that appears, remove the checkmark from the "Advanced Settings" box. Click on OK to close the box, click on OK again to close the Exclusion Mask box. The "hidden install" alert should no longer appear when you start Trojan Remover.