I did a scan on my computer and Windows Security revealed that I had a Trojan by the name of
Trojan:Script/Wacatac.B!ml
on my device. I ran Security on offline mode and removed the threat afterword, but I'm afraid it's still on my computer and I'm not sure if I can even trust Windows Security to begin with since it is a bit finicky.
How can I be sure that the Trojan is gone?
And how can I make sure that my device is not infected with anything else?
I'm also not sure where the Trojan has originated from. It could've been from some .rar files I had downloaded. Scanner also says that the file had originated from: AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000188 .
If you have not done so already -
Enable System Protection
and create a NEW
System Restore Point
Temporarily disable your antivirus real-time protection or other security software first
only
if it blocks or interferes with the scans or downloads.
.
Make sure to turn it back on once the scans are completed
Temporarily disable
Microsoft SmartScreen
to download software below
only
if needed. Make sure to turn it back on once the downloads are completed
Disable-Fast-Startup
Show-Hidden-Folders-Files-Extensions
If you have not done so already -
Enable System Protection
and create a NEW
System Restore Point
Temporarily disable your antivirus real-time protection or other security software first
only
if it blocks or interferes with the scans or downloads.
.
Make sure to turn it back on once the scans are completed
Temporarily disable
Microsoft SmartScreen
to download software below
only
if needed. Make sure to turn it back on once the downloads are completed
Disable-Fast-Startup
Show-Hidden-Folders-Files-Extensions
That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.
Reports are saved here
C:\KVRT2020_Data\Reports
and look similar to this
report_20210123_113021.klr
Right-click direct onto that report, select > open with >
Notepad
. Save that file and attach it to your reply.
To start the scan select OK in the "Run" box.
A
EULA
window will open, tick all confirmation boxes then select "Accept"
In the new window select "Change Parameters"
In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...
When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"
When complete, or if nothing was found select "Close"
Attach the
report information
as previously instructed...
That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.
Reports are saved here
C:\KVRT2020_Data\Reports
and look similar to this
report_20210123_113021.klr
Right-click direct onto that report, select > open with >
Notepad
. Save that file and attach it to your reply.
To start the scan select OK in the "Run" box.
A
EULA
window will open, tick all confirmation boxes then select "Accept"
In the new window select "Change Parameters"
In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...
When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"
When complete, or if nothing was found select "Close"
Attach the
report information
as previously instructed...
Please open Malwarebytes. Click on the small gear icon to open the
Settings
and go to the
General
tab.
Then turn off "
Always register Malwarebytes in the Windows Security Center
"
Restart the computer
It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions
between Malwarebytes and Windows Defender
Malwarebytes for Windows antivirus exclusions list
https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list
NOTICE:
This script was written specifically for this user, for use on this particular machine.
Running this on another machine may cause damage to your operating system that cannot be undone.
The fix may possibly take up to 60 minutes to complete
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named
Fixlog.txt
in the same folder you ran the
Farbar
program from. Please attach that log on your next reply.
NOTE:
This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
NOTE:
As part of this fix
all temporary files
will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
Also, make sure you know the passwords for all websites as
cookies may possibly be removed
in some cases, but not all cases.
NOTE:
As part of this fix, it will also reset the
network
to
default settings
including the
firewall
. If you have custom firewall rules you need to save please export or save them first before running this fix.
Please open Malwarebytes. Click on the small gear icon to open the
Settings
and go to the
General
tab.
Then turn off "
Always register Malwarebytes in the Windows Security Center
"
Restart the computer
It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions
between Malwarebytes and Windows Defender
Malwarebytes for Windows antivirus exclusions list
https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list
NOTICE:
This script was written specifically for this user, for use on this particular machine.
Running this on another machine may cause damage to your operating system that cannot be undone.
The fix may possibly take up to 60 minutes to complete
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named
Fixlog.txt
in the same folder you ran the
Farbar
program from. Please attach that log on your next reply.
NOTE:
This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
NOTE:
As part of this fix
all temporary files
will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
Also, make sure you know the passwords for all websites as
cookies may possibly be removed
in some cases, but not all cases.
NOTE:
As part of this fix, it will also reset the
network
to
default settings
including the
firewall
. If you have custom firewall rules you need to save please export or save them first before running this fix.
My bad for not mentioning before, but I did in fact did turn off the "Register Malawarebytes with the Security Center" setting in the menu. As for any signs of infection, Windows Security says that there aren't anymore threats, same with Malwarebytes. Should I run an offline scan (with Windows Security) just to be safe? There aren't any problems, and my computer is running smooth, but I want to be sure either way.
I ran the Offline Scan and it said I was in the clear again. I attached the file from the Security Check scan below:
SecurityCheck.txt
Recommend using a
Password Manager
for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/780233/best-password-manager/
Make sure you're backing up your files
https://forums.malwarebytes.com/topic/136226-backup-software/
Keep all software up to date -
PatchMyPC
-
https://patchmypc.com/home-updater#download
https://patchmypc.com/about-us
Keep your Operating System up to date and current at all times -
https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
Further tips to help protect your computer data and improve your privacy:
https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
Please consider installing the following
Content Blockers
for your Web browsers if you haven't done so already. This will help improve overall security
Google Chrome:
https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
Microsoft Edge:
https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
Mozilla Firefox:
https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/
Google Chrome:
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
Microsoft Edge:
https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
Mozilla Firefox:
https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
