Win 2004, 19041.450

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by PDN, Sep 2, 2020.

  1. PDN

    PDN Private First Class

    I have Defender, all updated , Windows firewall , Emsisoft EEK, and Defender has found two Trojans in as many days.
    It did remove them. In Googling I found many people having the same issue.
    I had MBAM once and found it awkward with Defender but if that is what it takes I will do it.
    I would advise someone to run a clean install but I am disabled and it is rough going.
    If you are competent and have advice I would be happy to hear it.
     
    PDN, Sep 2, 2020
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the Defender log so I can see what it found. I'll try my best to be competent.
     
    TimW, Sep 2, 2020
    #2
    PDN likes this.
  3. PDN

    PDN Private First Class

    You of all people are competent to say the least. Sometimes people come in a offer poor advice.
    So I will try to show you the Defender log for the two files.
    Please correct me if I am doing this properly.

    I tried but the site said I have the wrong ext. = Trojan .DOCX

    Trojan:Win32/Wacatac.D3!ml

    Trojan:Win32/Fuery.C!cl

    These are the two defender found.
     
    PDN, Sep 3, 2020
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    These are fairly new infection types. Defender is doing it's job. As to where you picked them up, that would be very difficult to tell, but you should be careful with what you download and what sites you visit.

    To be sure you are clean, please follow the Read and Run First instructions at the top of this forum and attach the requested logs.
     
    TimW, Sep 3, 2020
    #4
    PDN likes this.
  5. PDN

    PDN Private First Class

    I am extremely cautions about where I go. I have been on YouTube lately but try to use Sandbox.
    I just installed MBAM trial and ran a 40 Minute scan - no positives.
    I have been trying to follow your instructions but cannot seem to get to where I should to get a log from a scan.

    >> Read and Run First instructions at the top of this forum and attach the requested logs.<< ?????
     
    PDN, Sep 3, 2020
    #5
  6. PDN

    PDN Private First Class

    I googled the words [Read and Run First instructions at the top of this forum and attach the requested logs] and found the page.
    I did run AdwCleaner no positives. I did post the trojans here in # 3.
    I have run full scans with MBAM, Defender, and Emsisoft= no positives.

    Perhaps the virus is in You Tube; Wilderness survival type videos??
    Besides that, I use documents most.

    * Should I deactivate MBAM so I can us use Defender as a stand alone scanner which I cannot do now with MBAM activated.
     
    PDN, Sep 3, 2020
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Sep 3, 2020
    #7
    Crimson1077 likes this.
  8. PDN

    PDN Private First Class

    I think I may use Defender as the real time seeing it was the app that caught the viruses. I believe I deactivate the trial to do so.
     
    PDN, Sep 3, 2020
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the requested logs when you are ready.
     
    TimW, Sep 3, 2020
    #9
    PDN likes this.
  10. PDN

    PDN Private First Class

    In the third post from the top I identified these infections I no longer have them or any of the logs I did not know I was supposed to keep them I’m sorry about that
     
    PDN, Sep 3, 2020
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you want me to check if you have any malware that may be triggering the instances that Defender finds, or any malware that is still lurking on your system, I would be incompetent/negligent to not ask for and review the requested logs.

    However, If you are certain you are clean, then there is nothing else to pursue.

    Good luck.
     
    TimW, Sep 3, 2020
    #11
    PDN likes this.
  12. PDN

    PDN Private First Class

    TimW - If you wish to help me do so I would appreciate it. I tried to get the logs alone but using the event viewer and google I only got as far as 'operational, ' then it only said warnings here and there.
    I do not know how to find and send these logs to you. I wish I knew the date of the two different viruses at two different times but I cannot remember.
    TY
     
    PDN, Sep 4, 2020
    #12
  13. PDN

    PDN Private First Class

    I got this from the event viewer but there were two viruses so it is obvious I need help. I could not upload the Word Docx.

    Log Name: Microsoft-Windows-Windows Defender/Operational

    Source: Microsoft-Windows-Windows Defender

    Date: 9/2/2020 5:59:41 PM

    Event ID: 1116

    Task Category: None

    Level: Warning

    Keywords:

    User: SYSTEM

    Computer: DESKTOP-RJDH5SA

    Description:

    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

    For more information please see the following:

    https://go.microsoft.com/fwlink/?li...acatac.D3!ml&threatid=2147757782&enterprise=0

    Name: Trojan:Win32/Wacatac.D3!ml

    ID: 2147757782

    Severity: Severe

    Category: Trojan

    Path: file:_C:\Users\prime\AppData\Local\Temp\tmp0000054a\tmp0001972c

    Detection Origin: Local machine

    Detection Type: Concrete

    Detection Source: Real-Time Protection

    User: DESKTOP-RJDH5SA\prime

    Process Name: D:\EEK\bin64\a2emergencykit.exe

    Security intelligence Version: AV: 1.323.376.0, AS: 1.323.376.0, NIS: 1.323.376.0

    Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

    <System>

    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}" />

    <EventID>1116</EventID>

    <Version>0</Version>

    <Level>3</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000000</Keywords>

    <TimeCreated SystemTime="2020-09-02T21:59:41.8162469Z" />

    <EventRecordID>692</EventRecordID>

    <Correlation />

    <Execution ProcessID="13096" ThreadID="12996" />

    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>

    <Computer>DESKTOP-RJDH5SA</Computer>

    <Security UserID="S-1-5-18" />

    </System>

    <EventData>

    <Data Name="Product Name">%%827</Data>

    <Data Name="Product Version">4.18.2008.9</Data>

    <Data Name="Detection ID">{F0882B90-A8E2-44F1-866A-CB7A560E1A4E}</Data>

    <Data Name="Detection Time">2020-09-02T21:59:41.766Z</Data>

    <Data Name="Unused">

    </Data>

    <Data Name="Unused2">

    </Data>

    <Data Name="Threat ID">2147757782</Data>

    <Data Name="Threat Name">Trojan:Win32/Wacatac.D3!ml</Data>

    <Data Name="Severity ID">5</Data>

    <Data Name="Severity Name">Severe</Data>

    <Data Name="Category ID">8</Data>

    <Data Name="Category Name">Trojan</Data>

    <Data Name="FWLink">https://go.microsoft.com/fwlink/?li...3!ml&amp;threatid=2147757782&amp;enterprise=0</Data>

    <Data Name="Status Code">1</Data>

    <Data Name="Status Description">

    </Data>

    <Data Name="State">1</Data>

    <Data Name="Source ID">3</Data>

    <Data Name="Source Name">%%818</Data>

    <Data Name="Process Name">D:\EEK\bin64\a2emergencykit.exe</Data>

    <Data Name="Detection User">DESKTOP-RJDH5SA\prime</Data>

    <Data Name="Unused3">

    </Data>

    <Data Name="Path">file:_C:\Users\prime\AppData\Local\Temp\tmp0000054a\tmp0001972c</Data>

    <Data Name="Origin ID">1</Data>

    <Data Name="Origin Name">%%845</Data>

    <Data Name="Execution ID">1</Data>

    <Data Name="Execution Name">%%813</Data>

    <Data Name="Type ID">0</Data>

    <Data Name="Type Name">%%822</Data>

    <Data Name="Pre Execution Status">0</Data>

    <Data Name="Action ID">9</Data>

    <Data Name="Action Name">%%887</Data>

    <Data Name="Unused4">

    </Data>

    <Data Name="Error Code">0x00000000</Data>

    <Data Name="Error Description">The operation completed successfully. </Data>

    <Data Name="Unused5">

    </Data>

    <Data Name="Post Clean Status">0</Data>

    <Data Name="Additional Actions ID">0</Data>

    <Data Name="Additional Actions String">No additional actions required</Data>

    <Data Name="Remediation User">

    </Data>

    <Data Name="Unused6">

    </Data>

    <Data Name="Security intelligence Version">AV: 1.323.376.0, AS: 1.323.376.0, NIS: 1.323.376.0</Data>

    <Data Name="Engine Version">AM: 1.1.17400.5, NIS: 1.1.17400.5</Data>

    </EventData>

    </Event>
     
    PDN, Sep 4, 2020
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The Read and Run First Instructions are very detailed and easy to follow. IIRC, there is also instructions on how to ATTACH logs.
     
    TimW, Sep 4, 2020
    #14
    PDN likes this.
  15. PDN

    PDN Private First Class

    I may be back for help, if it is ok with you. At this point I am quite sure that Defender, MBAM, and Emsisoft have done their jobs. I really am not proficient (or young enough) to follow all the steps. When you hit the 80's it becomes your IQ.
    Thank you for your prompt courteous, more than competent help. :)
     
    PDN, Sep 4, 2020
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing.
     
    TimW, Sep 4, 2020
    #16
    PDN likes this.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds