Sorr Posted July 5, 2018 ID:1254985 Share Posted July 5, 2018 Hey @AdvancedSetup, I'm posting this here because I think I had/have the same problem as jennytefft; I had Windows Defender detect a file in my user settings as "Trojan:O97M.DPlink.A," which it deleted and I haven't gotten any further detections since yesterday, however Malwarebytes never detected this file despite having run a full scan using it first. I posted this detection to the Microsoft Community and asked if it was a false positive, but I never got a definitive yes or no. The file in question is a file called "ControlPanel.settingcontent-ms" which is found in the "C:\Users\..........\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US" folder. As far as I could tell, the file in question is just something that helps the user access the control panel from the settings menu. I have my screenshot of my detection which is in the same folder that most people have been finding this Trojan. I hope this helps! I have a more in-depth description of what happened (since I posted this question to Microsoft Community), but I'm going to open my own thread for those questions so I'm not hijacking another's post. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 5, 2018 Root Admin ID:1255016 Share Posted July 5, 2018 Thanks @Sorr The original user in the other topic posted a log showing that our Business version of Malwarebytes was the one causing the threat to that file. Why I'm asking to get more information than just the path. Are you running Malwarebytes 3 on your system or the business version 1.80 ? Thanks Link to post Share on other sites More sharing options...
Sorr Posted July 5, 2018 Author ID:1255017 Share Posted July 5, 2018 Malwarebytes Premium Version 3 (3.5.1.2522; Components: 1.0.374; Update: 1.0.5789) If it helps, I did post another thread with a more detailed explanation of what exactly happened in the Windows Malware Removal Help & Support subforum titled, "Trojan:O97M/DPlink.A file infection". That thread details eveything that I did yesterday and my current questions now. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 5, 2018 Root Admin ID:1255020 Share Posted July 5, 2018 Thanks. Can you run this PowerShell command and post back the results. PowerShell should be on your start menu near the bottom. Get-MpThreatDetection Thanks Ron Link to post Share on other sites More sharing options...
Sorr Posted July 5, 2018 Author ID:1255021 Share Posted July 5, 2018 Here you are: ActionSuccess : True AdditionalActionsBitMask : 0 AMProductVersion : 4.18.1806.18062 CleaningActionID : 3 CurrentThreatExecutionStatusID : 0 DetectionID : {9017505B-A0DD-4B66-B8A1-201B131AE3F8} DetectionSourceTypeID : 1 DomainUser : DESKTOP-QCM0VIU\Stephen InitialDetectionTime : 7/4/2018 4:26:03 PM LastThreatStatusChangeTime : 7/4/2018 4:27:29 PM ProcessName : Unknown RemediationTime : 7/4/2018 4:27:29 PM Resources : {file:_C:\Users\Stephen\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2tx yewy\LocalState\Indexed\Settings\en-US\ControlPanel.settingcontent-ms, file:_C:\Window s.old\Windows\ImmersiveControlPanel\Settings\ControlPanel.settingcontent-ms, file:_C:\ Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..ngs-searchdataother_31bf3856ad36 4e35_10.0.14393.0_none_91dae98fc47b5ff8\ControlPanel.settingcontent-ms} ThreatID : 2147727924 ThreatStatusErrorCode : 0 ThreatStatusID : 4 PSComputerName : Sorry it's so discombobulating! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 5, 2018 Root Admin ID:1255024 Share Posted July 5, 2018 No, no. That's good. That is what I was looking for. When, Why, How it got there not sure but since Defender took care of it and no other issues all should be good. Thank you for taking the time to post this. Cheers Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2018 Root Admin ID:1255253 Share Posted July 7, 2018 Looks to probably be a FP at least in most cases. I'll go ahead and close your topic now but if you do run into any issues and need help please let us know. Have a great weekend Ron Link to post Share on other sites More sharing options...
Sorr Posted July 7, 2018 Author ID:1255317 Share Posted July 7, 2018 Okay, no problem. Have a nice weekend Ron! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 8, 2018 Root Admin ID:1255411 Share Posted July 8, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts