kelizabeth Posted June 17, 2022 ID:1520963 Share Posted June 17, 2022 (edited) Hi! I usually run quick scans with all of the programs suggested to me on here, but today I decided to run a full scan and MSERT found Trojan:Win32/Tiggre!rfn and now I'm terrified. I don't know how long it's been on my system? And I'm wondering if there is anything I should do now, like change passwords or reset anything or if anyone knows what kind of Trojan that is exactly? I have detailed all of the scan info I ran today here, which file should I find for the MSERT thing? I have a screenshot here though As for everything else, it was all clean save for a cookie in chrome. I've used MSERT, Eset online scanner, adwcleaner by malwarebytes, malwarebytes premium, Sophos Scan and Clean and they all came out completely clean and didn't find anything. Only MSERT found this trojan with a full scan. I'm honestly terrified right now and have no idea where to begin sjhdsddjshd I use 64 not 32 I think, so I'm unsure if that is something off about it? And my computer hasn't been acting strange or anything. No popups, no oddly installed programs (as you all have seen from the FRST logs I keep coming here with, it's all normal stuff?) so I'm unsure of how this would be in here and where it would come from sjkhdhdkjdh FRST.txt Addition.txt Edited June 17, 2022 by kelizabeth Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 17, 2022 Root Admin ID:1520968 Share Posted June 17, 2022 Can you please attach the Microsoft log? The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. Link to post Share on other sites More sharing options...
kelizabeth Posted June 17, 2022 Author ID:1520969 Share Posted June 17, 2022 (edited) @AdvancedSetupAbsolutely! I can't see where it was found or removed in the log at all, it's not showing it. I scanned twice today, one quick and one full, and I had to stop one full before it completed but the one I started back was the one where the trojan was found, so there may be 3 scan logs for the 17th. Thank you for your help! (removed this file as I found the correct one in reply to this) Edited June 17, 2022 by kelizabeth Link to post Share on other sites More sharing options...
kelizabeth Posted June 17, 2022 Author ID:1520970 Share Posted June 17, 2022 (edited) Sorry! I think I found the one with it here, it's attached I see it found and removed a 404.php page, which was code for a wordpress theme. Its an old backup of mine from forever ago, but it is indeed a wordpress file out of a wordpress theme. Maybe a false detection? Also thank you for all of your help! @AdvancedSetup msert.log Edited June 17, 2022 by kelizabeth Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted June 18, 2022 Root Admin Solution ID:1521011 Share Posted June 18, 2022 Here are the results. Notice though the path where this was found on a FULL scan. A normal quick threat scan would not detect this as it's not in a known folder or path location on a live system. It's in a dormant folder from a back up of an old system and not an active threat. The detected threat is within a zip file and a zip file by itself is not a threat unless an active process is reaching out to extract data from it which there are no signs that is happening on your system. Microsoft Safety Scanner v1.367, (build 1.367.1279.0) Started On Fri Jun 17 11:36:46 2022 Engine: 1.1.19200.7 Signatures: 1.367.1279.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Full Scan Results: ------------------ Threat Detected: Trojan:Win32/Tiggre!rfn and Removed! Action: Remove, Result: 0x00000000 file://D:\OldHardDrive\Again\Files\Code and Design\Design Site Backup\public.zip->public_html/test/wp-content/themes/sketch/404.php SigSeq: 0x00001667EF8CC76C containerfile://D:\OldHardDrive\Again\Files\Code and Design\Design Site Backup\public.zip Results Summary: ---------------- Found Trojan:Win32/Tiggre!rfn and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Fri Jun 17 15:40:52 2022 Basically, my guess is this was probably a False Positive but it also looks like you probably don't use that file either so no real harm in Windows Defender removing it. I see no reason to be alarmed or concerned about this detection at this time. Have a great weekend 1 Link to post Share on other sites More sharing options...
kelizabeth Posted June 18, 2022 Author ID:1521044 Share Posted June 18, 2022 @AdvancedSetupThank you so much! I have also removed that folder so it will no longer be an issue either, I have been meaning to sort through my old system files. Thank you so much again! Have a great weekend! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 19, 2022 Root Admin ID:1521066 Share Posted June 19, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts