Jump to content

Malwarebytes didn't detect Trojan:Win32/Wacatac.B!ml


Recommended Posts

@max1000000

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove pesky malware.

Please respond to all future instructions from your helper in a timely manner.

Please do the following so that we may take a closer look at your system for any possible infections.

Do these 2 steps FIRST so that files and folders are set to SHOW, plus also, Turn OFF Windows Fast Start.
Show-Hidden-Folders-Files-Extensions
https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

Disable-Fast-Startup
https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

Then please restart the computer and do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool. The tool also downloads and runs a file called FRSTEnglish. Please allow it to run.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • image.png.79d4442a821713608fa60808a98c2e69.png
  • image.png.98d86a6c3017d2bbba48877ea4f6ba45.png
  • A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply

    Then be patient for the next expert to take your case.

Thank you

Link to post
Share on other sites

You posted in the Malware Removal section so it is presumed you want to remove. remediate or verify that the malware is gone.

Win32/Wacatac is very generic detection and the "Why" can't be readily answered without seeing the actual log from Windows Defender.  What is needed is the fully qualified name and path to the file that was detected.

Malwarebytes does not apply signatures to all file types.  The Paid-For version uses the Anti Exploitation which prevents the malicious activity malware may present.  Thus many file types may not be detected via a Signature but what counts is the the malicious activity that file may present has been blocked.

For example Windows Defender may detect a HTML Phishing file that was received in email.  Malwarebytes will not, however it will block the malicious web site used by the HTML to harvest Phish'd credentials.

Link to post
Share on other sites

Thanks. That's all Greek to me I'm afraid - signatures and what not. I had the paid version and it didn't pick it up. I've therefore uninstalled it. Microsoft doesn't talk about signatures and need to see logs etc: it just does the job. Malwarebytes needs to simplify itself for ordinary users.

Link to post
Share on other sites

Again, what is needed is the fully qualified name and path to the file that was detected.   It may be a nothing burger and you are over reacting.

It is very important to understand malware and malicious activity because the knowledge about it will be your key in your actual prevention against it.

Link to post
Share on other sites

1 hour ago, max1000000 said:

I had the paid version and it didn't pick it up.

It depends on the type of file that it was. Please do this instead, it will tell us what Defender detected.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

  • Thanks 1
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.