Share via

Trojan:Win32/Cerdigent.A!dha

Jaka Vujcic 0 Reputation points
2026-05-03T13:25:47.2633333+00:00

I have gotten this threat Trojan:Win32/Cerdigent.A!dha, it blocks it but it keeps coming back as it detects it. How do I remove it?

Respectfully

Microsoft Security | Microsoft Defender | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JuliaMarvin 19,075 Reputation points Volunteer Moderator
    2026-05-03T15:37:02.2333333+00:00

    That's a false positive detection. Use Windows update to get the latest definition. Starting with definition update 1.449.430.0 it's not being detected anymore.
    https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes?requestVersion=1.449.430.0

    Edit May 5: Also see: https://www.digicert.com/blog/microsoft-defender-incorrectly-flagged-digicert-root-certificates-as-malware

    30+ people found this answer helpful.
  2. Q&A Assist
    2026-05-03T13:25:59.45+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To remove a recurring Trojan like Trojan:Win32/Cerdigent.A!dha that keeps coming back, follow these steps in order:

    1. Update Microsoft Defender Antivirus and enable cloud protection
      1. Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.
      2. Under Virus & threat protection settings, select Manage settings.
      3. Make sure Cloud-delivered protection and Automatic sample submission are turned On.
      4. In Virus & threat protection, under Virus & threat protection updates, select Check for updates, then under Threat definitions, select Check for updates.
    2. Run a full Microsoft Defender Antivirus scan
      1. In Windows Security > Virus & threat protection, select Scan options.
      2. Choose Full scan and run it.
      3. Allow Defender to complete and follow any remediation steps.
    3. Run the Windows Malicious Software Removal Tool (MSRT)
      1. Press Windows key + R to open Run.
      2. Type: 
              %windir%\system32\mrt.exe
        and select OK.
      3. If prompted, select Yes to allow changes.
      4. Choose a Full scan and let it finish, then follow the prompts to clean the PC.
      5. Restart the PC when the tool completes.
    4. Use Microsoft Defender Offline to catch hidden components If the same Trojan keeps getting detected again after restart, there may be a hidden component reinstalling it.
      1. Save any open work.
      2. Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection.
      3. Under Current threats, select Scan options.
      4. Select Windows Defender Offline scan and then Scan now.
      5. The PC will restart and run an offline scan; let it complete and apply any fixes.
    5. Install latest Windows updates after cleaning
      1. After the system is clean and restarted, manually install the latest Windows updates from Settings > Update & Security > Windows Update.
    6. Avoid reinfection sources
      • Do not revisit suspicious or illegal download sites or reopen the same email attachments that may have delivered the Trojan.
      • Use a modern browser such as Microsoft Edge with Microsoft Defender SmartScreen enabled to help block malicious sites.

    If Defender reports the threat as partially removed or it continues to reappear even after the offline scan and MSRT, follow the advanced troubleshooting steps in the malware removal guidance referenced below.

    References:

    6 people found this answer helpful.
  3. hamzahaddougui 0 Reputation points
    2026-05-05T11:15:03.83+00:00

    I installed the latest quality and security updates through the Windows Update application, which confirmed that my device was up to date. Despite this, Windows Security prompted me to perform a scan under Virus and Threat Protection. A quick scan detected a Trojan threat and moved it to the quarantine folder. I then ran a Microsoft Defender offline scan, which returned clean results. Following that, I performed a full Microsoft Defender scan, which flagged the same threat already quarantined after the initial quick scan. To ensure system integrity and address the vulnerability, I executed a full-mode scan using the Windows Malicious Software Removal Tool, and the results came back clean. Trojan threat is likely hiding in a specific file archive, system restore point, or a non-active data folder that quick and Microsoft Defender offline scans skip.

    To remove Trojan threat:

    1. Run a Full Microsoft Defender Scan

    You need the Full Scan to pinpoint the exact file path.

    Go to Settings > Privacy & security > Windows Security.

    Click Virus & threat protection > Scan options.

    Select Full scan and click Scan now.

    2. Run the Windows Malicious Software Removal Tool (MSRT Full Mode)

    Press Win + R, type mrt, and hit Enter. Select Full scan. This specifically looks for the most prevalent high-severity families of malware and can sometimes catch things Defender handles differently.

    3. Clear the Detection History

    If the Trojan persists in scans despite using the Removal Tool and Offline scans, your Windows Security history might be corrupted, causing ghost detections.

    1. Navigate to: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
    2. Delete the Detection History folder.
    3. Restart your PC and run a Quick Scan to see if the notification clears.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.