Question Normal Windows Behavior? Or a Trojan/Virus?

[photodave]

I am hoping you can give me guidance and advice.

I am running Windows 10 and only have Windows Defender.

Recently Windows Defender found some threats, which it said it took care of.

The threats were:

Trojan:Win32/Vigorf.A
Trojan:Win32/Skeeyah.A!MTB
Trojan:Win32/Occamy.AA
Trojan:XML/Phish.J!eml

I ran Windows Defender full scans and off line scans several times since and it now says no threats

However, in the Protection History of Windows Security, I see a threat quarantined, the date, and under severe I see a downward pointing arrow. I am assuming this would give me more information about it, but when I click on the arrow to open it, a Windows Security pop up opens asking if I want “this app to make changes to your device” Which I say "no"

Is this normal Windows behaviour and safe to run it? Or is it a virus/Trojan that is still there?

If running Windows Defender states there are no threats, can I trust it that I am now secure?

Thanking you all in advance for your help and guidance,

Dave

 

[DrummerManSpike]

Post a screenshot of the security pop up. Generally, it should list the person/company that made the application that's trying to run. In most cases, if it has an author, it should be safe, however if there's no author then you may have cause to worry, depending on what application is trying to run and where it came from.

 

[photodave]

I originally wanted to post a screen shot of both the Windows Security Protection History, as well as theWindows Security popup, but I did not find a button to upload it. The closest I found was "Insert Image" but it gives me a http:// link. I do not find any button to directly upload a screen grab from my computer to the forum post.

What it does say is....

User Account Control
Do you want to allow this app to make changes to your device?
Windows Security
Verified Publisher: Microsoft Windows
CLSID: [6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF]
Show information about the publisher's certificate
Change when these notifications appear
Hide Details
YES NO (buttons and I press no)


Thank you again for your help and guidance

Dave

 

[USAFRet]

There is no direct image upload.
Upload your pic to imgur.com, and post the BBCode link here.

 

[photodave]

Here is the link for the Security Popup

https://imgur.com/a/1BVBYMW

View: https://imgur.com/a/1BVBYMW


Thank you again

Dave

 

[photodave]

And the Protection History screen grab is

https://imgur.com/a/jBmSI2P

View: https://imgur.com/a/jBmSI2P




Thank you again

Dave

 

[chuda]

that is basically telling you , that windows defender wants to access registry entry .
click yes and you should get remove option.

after , i would recommend in windows security under virus % protection , click scan option, pick offline scan, scan now.
as well as it`s handy to have Ccleaner, and i would run clean to remove temp folders and registry scan... as those are places what could left some leftovers after malware.

 

[photodave]

I did click allow it to run and instead of giving me any REMOVE OPTION, it said it is now "ALLOWED" and I got a message saying...... "This threat or app has been allowed and will not beremediated in the future."..... I could not find any button allowing me to remove or not allow it.

And it was for..... Trojan:XML/Phish.J!eml

I was online with Microsoft tech support and they had me run MSERT

It found no virus and now my Allowed Threats page shows no threats

Microsoft support seems to be saying that it is all ok and nothing to worry about... simply to re-run the scan.... but I feel that if it is allowed... I might scan and not find any other threats and it might skip over the allowed threat. Or am I being paranoid?

I no longer see anything under allowed threats, but I do see one threat quarantined in my "Protection History" and very afraid to click the down arrow for it. (there were more Quarantined Threats before but are no longer listed)

Does Windows Defender take care of it all automatically?

I can run CCleaner as you suggested, should I also run something like Malwarebytes?

Thank you again for your guidance

 

[Deleted member 14196]

Format and reinstall because this is not normal

 

[photodave]

Ouch.... I do know it is an option.... Helped for something else before such a step.

Will hope others might have other options to try.... but I do know that re-installing is the safest

thanks again

 

[Deleted member 14196]

It’s funny, people think reinstalling windows is so painful and I’m here to tell you that it’s not. If you have all your data backed up separately and safely packed away you can install windows in eight minutes flat and be back on your feet.

All of my data is backed up in the cloud and locally so my whole machine can blow up and it doesn’t matter

 

[Dean0919]

It’s funny, people think reinstalling windows is so painful and I’m here to tell you that it’s not. If you have all your data backed up separately and safely packed away you can install windows in eight minutes flat and be back on your feet.

All of my data is backed up in the cloud and locally so my whole machine can blow up and it doesn’t matter

I agree, it's easy, however people who aren't techies and just use computer for browsing or other casual things, they don't make backups and simply don't even know how to make them.

 

[Deleted member 14196]

I agree, it's easy, however people who aren't techies and just use computer for browsing or other casual things, they don't make backups and simply don't even know how to make them.

You can lead a horse to water, but you can't make him drink. They need to want to figure stuff out. To me, ignorance is no excuse.

my son pulls that crap all the time! LOL. I don't buy it. Look, it happened to me when I was a n00b. I learned my lessons from experience.

 

[mdd1963]

"
I was online with Microsoft tech support and they had me run MSERT
"

You'll know it was not MS if they asked for a credit card.... 🙁

 

[ankit213506]

This is a little bit confusing. ask to any experts

 

[Dean0919]

You can lead a horse to water, but you can't make him drink. They need to want to figure stuff out. To me, ignorance is no excuse.

my son pulls that crap all the time! LOL. I don't buy it. Look, it happened to me when I was a n00b. I learned my lessons from experience.

I agree with you that ignorance is no excuse. All you need to do is try to figure out about your problem and learning more on things and gather the information, but there are certain category of people who don't do this and they choose to ask others how to do this, how to do that and there are people who really don't care about computers at all, nor they want to learn, but just use it. I'm not justifying these people, but what I'm saying that such people exist and have seen them in real life too. I had a few neighbors who wanted me to fix their computer problems all the time because I was a "techie" guy. They could ask me "Hey, plz trim this video?", "hey, how can I download from youtube?", "hey, where can I watch this movie?". I came to conclusion that these people were just using me & they were lazy to do those things themselves. Why bother yourself when your awesome "techie" neighbor can do it for you? I learned my lesson and now I don't openly tell people that I know a bit more about computers. These people are like parasites. They don't care if they are taking free time from you. Thank god, they eventually stopped. I had to play dumb and tell them "oh, I don't know how to do this, sorry".

 

[Deleted member 14196]

yeah, i just tell people to take it to a tech and I don't work for free. i do not support lazy freeloaders. or i quote them $250 an hour with a two hour minimum--whether I work it or not, that usually scares them off