Jump to content

Windows Defender alerts about trojan at the end of EEK malware scan.


Recommended Posts

As soon as an EEK Malware scan ends Windows Defender notifies of a threat being blocked (Win32/Wacatac.D2!ml). I ran the scan again and got the same result from WD.

I'm guessing it's a false positive but want to be sure.

I had Norton Security installed but uninstalled it a couple days ago as it was a Comcast freebie that is ending January 1st. So now I have Windows Defender,  Malwarebytes Pro, and Comodo Firewall with cruelsister settings. With Norton installed the EEK malware scan never elicited any warnings.

This is on a windows 10 PC.

Screenshot (3)_LI.jpg

Link to post
Share on other sites

Our products use the BitDefender Anti-Virus scan engine to supplement our own, and when it scans archives (ZIP, RAR, 7z, etc) it extract them to the TEMP folder so that it can scan their contents as well. What Windows Defender is detecting appears to be a file that BitDefender's engine extracted from an archive of some sort.

Note that if Windows Defender deletes a file before EEK gets a chance to scan it, then it won't appear in the list of detections in EEK.

Link to post
Share on other sites
3 minutes ago, JonB said:

So if I disable Windows Defender and run another EEK scan it should catch the trojan?

In theory yes, it should. It depends on whether or not it's something BitDefender's scan engine would have detected.

Link to post
Share on other sites

It's possible that BitDefender's engine doesn't detect whatever Windows Defender was detecting. It could be a false positive on their part, but I can't know what without being able to forward the file in question to our analysts.

If you don't mind, would it be possible to extract the archive that is being scanned when the Windows Defender detection happens, and then scan the extracted files with Windows Defender to see which one it detects?

Link to post
Share on other sites

 The default Malware scan that was triggering WD doesn't scan archives, at least according to the results log.

I've run multiple scans to my entire PC with a variety of scanners including WD and Malwarebytes all set to scan within archives and nothing is found.

Link to post
Share on other sites

Ok. Just ran another scan and WD gives the same warning about Win32/Wacatac.D2!ml. The EEK malware scan stops at the precise moment I get the warning and what it's scanning is Malwarebytes adwcleaner_8.0.8.0.exe, which resides in my download folder. Very strange.

Link to post
Share on other sites
22 hours ago, JonB said:

Ok. Just ran another scan and WD gives the same warning about Win32/Wacatac.D2!ml. The EEK malware scan stops at the precise moment I get the warning and what it's scanning is Malwarebytes adwcleaner_8.0.0.exe, which resides in my download folder. Very strange.

That's almost certainly a false positive on Windows Defender's part then. All you need to do to verify if it is a legitimate copy of AdwCleaner is right-click on it, select Properties from the bottom of the list, and click on the Digital Signatures tab. If that tab is missing, or the file isn't digitally signed by Malwarebytes, then it more than likely isn't a legitimate file.

Link to post
Share on other sites

 

19 minutes ago, GT500 said:

That's almost certainly a false positive on Windows Defender's part then. All you need to do to verify if it is a legitimate copy of AdwCleaner is right-click on it, select Properties from the bottom of the list, and click on the Digital Signatures tab. If that tab is missing, or the file isn't digitally signed by Malwarebytes, then it more than likely isn't a legitimate file.

Looks legit. Thank-you once again.

 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...