JonB 0 Posted December 17, 2020 Report Share Posted December 17, 2020 As soon as an EEK Malware scan ends Windows Defender notifies of a threat being blocked (Win32/Wacatac.D2!ml). I ran the scan again and got the same result from WD. I'm guessing it's a false positive but want to be sure. I had Norton Security installed but uninstalled it a couple days ago as it was a Comcast freebie that is ending January 1st. So now I have Windows Defender, Malwarebytes Pro, and Comodo Firewall with cruelsister settings. With Norton installed the EEK malware scan never elicited any warnings. This is on a windows 10 PC. Quote Link to post Share on other sites
GT500 873 Posted December 17, 2020 Report Share Posted December 17, 2020 Our products use the BitDefender Anti-Virus scan engine to supplement our own, and when it scans archives (ZIP, RAR, 7z, etc) it extract them to the TEMP folder so that it can scan their contents as well. What Windows Defender is detecting appears to be a file that BitDefender's engine extracted from an archive of some sort. Note that if Windows Defender deletes a file before EEK gets a chance to scan it, then it won't appear in the list of detections in EEK. Quote Link to post Share on other sites
JonB 0 Posted December 17, 2020 Author Report Share Posted December 17, 2020 So if I disable Windows Defender and run another EEK scan it should catch the trojan? Quote Link to post Share on other sites
GT500 873 Posted December 17, 2020 Report Share Posted December 17, 2020 3 minutes ago, JonB said: So if I disable Windows Defender and run another EEK scan it should catch the trojan? In theory yes, it should. It depends on whether or not it's something BitDefender's scan engine would have detected. Quote Link to post Share on other sites
JonB 0 Posted December 17, 2020 Author Report Share Posted December 17, 2020 So I just ran a scan and nothing found but the log shows that Scan archives: OFF. Quote Link to post Share on other sites
JonB 0 Posted December 17, 2020 Author Report Share Posted December 17, 2020 So I just ran a custom scan and with scanning in archives enabled and nothing was found. That was still with WD disabled. Quote Link to post Share on other sites
GT500 873 Posted December 18, 2020 Report Share Posted December 18, 2020 It's possible that BitDefender's engine doesn't detect whatever Windows Defender was detecting. It could be a false positive on their part, but I can't know what without being able to forward the file in question to our analysts. If you don't mind, would it be possible to extract the archive that is being scanned when the Windows Defender detection happens, and then scan the extracted files with Windows Defender to see which one it detects? Quote Link to post Share on other sites
JonB 0 Posted December 18, 2020 Author Report Share Posted December 18, 2020 The default Malware scan that was triggering WD doesn't scan archives, at least according to the results log. I've run multiple scans to my entire PC with a variety of scanners including WD and Malwarebytes all set to scan within archives and nothing is found. Quote Link to post Share on other sites
JonB 0 Posted December 18, 2020 Author Report Share Posted December 18, 2020 Ok. Just ran another scan and WD gives the same warning about Win32/Wacatac.D2!ml. The EEK malware scan stops at the precise moment I get the warning and what it's scanning is Malwarebytes adwcleaner_8.0.8.0.exe, which resides in my download folder. Very strange. Quote Link to post Share on other sites
JonB 0 Posted December 18, 2020 Author Report Share Posted December 18, 2020 I just completed another EEK malware scan after deleting adwcleaner and the scan ran smoothly with no warning by WD. Out of curiosity uploaded adwcleaner to VirusTotal and it gave it a clean bill of health, as expected. Quote Link to post Share on other sites
JonB 0 Posted December 18, 2020 Author Report Share Posted December 18, 2020 I just noticed there was a post in August where someone had a similar experience... Quote Link to post Share on other sites
GT500 873 Posted December 19, 2020 Report Share Posted December 19, 2020 22 hours ago, JonB said: Ok. Just ran another scan and WD gives the same warning about Win32/Wacatac.D2!ml. The EEK malware scan stops at the precise moment I get the warning and what it's scanning is Malwarebytes adwcleaner_8.0.0.exe, which resides in my download folder. Very strange. That's almost certainly a false positive on Windows Defender's part then. All you need to do to verify if it is a legitimate copy of AdwCleaner is right-click on it, select Properties from the bottom of the list, and click on the Digital Signatures tab. If that tab is missing, or the file isn't digitally signed by Malwarebytes, then it more than likely isn't a legitimate file. Quote Link to post Share on other sites
JonB 0 Posted December 19, 2020 Author Report Share Posted December 19, 2020 19 minutes ago, GT500 said: That's almost certainly a false positive on Windows Defender's part then. All you need to do to verify if it is a legitimate copy of AdwCleaner is right-click on it, select Properties from the bottom of the list, and click on the Digital Signatures tab. If that tab is missing, or the file isn't digitally signed by Malwarebytes, then it more than likely isn't a legitimate file. Looks legit. Thank-you once again. Quote Link to post Share on other sites
GT500 873 Posted December 20, 2020 Report Share Posted December 20, 2020 You're welcome. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.