• Now's your chance win big! Join our community and get entered to win a RTX 2060 GPU, plus more! Join here.

    Pi Cast Episode 3 streams live on Tuesday, August 4th at 2:30 pm ET (7:30 PM BST). Watch live right here!

    Catch Scharon on the Tom's Hardware Show live on Thursday, August 6th at 2:00 pm ET (7:00 PM BST). Click here!

Question Normal Windows Behavior? Or a Trojan/Virus?

photodave

Distinguished
May 23, 2011
20
0
18,510
0
I am hoping you can give me guidance and advice.

I am running Windows 10 and only have Windows Defender.

Recently Windows Defender found some threats, which it said it took care of.

The threats were:

Trojan:Win32/Vigorf.A
Trojan:Win32/Skeeyah.A!MTB
Trojan:Win32/Occamy.AA
Trojan:XML/Phish.J!eml

I ran Windows Defender full scans and off line scans several times since and it now says no threats

However, in the Protection History of Windows Security, I see a threat quarantined, the date, and under severe I see a downward pointing arrow. I am assuming this would give me more information about it, but when I click on the arrow to open it, a Windows Security pop up opens asking if I want “this app to make changes to your device” Which I say "no"

Is this normal Windows behaviour and safe to run it? Or is it a virus/Trojan that is still there?

If running Windows Defender states there are no threats, can I trust it that I am now secure?

Thanking you all in advance for your help and guidance,

Dave
 
Jan 9, 2020
240
49
140
14
Post a screenshot of the security pop up. Generally, it should list the person/company that made the application that's trying to run. In most cases, if it has an author, it should be safe, however if there's no author then you may have cause to worry, depending on what application is trying to run and where it came from.
 

photodave

Distinguished
May 23, 2011
20
0
18,510
0
I originally wanted to post a screen shot of both the Windows Security Protection History, as well as theWindows Security popup, but I did not find a button to upload it. The closest I found was "Insert Image" but it gives me a http:// link. I do not find any button to directly upload a screen grab from my computer to the forum post.

What it does say is....

User Account Control
Do you want to allow this app to make changes to your device?
Windows Security
Verified Publisher: Microsoft Windows
CLSID: [6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF]
Show information about the publisher's certificate
Change when these notifications appear
Hide Details
YES NO (buttons and I press no)


Thank you again for your help and guidance

Dave
 

chuda

Commendable
Aug 28, 2017
60
5
1,535
0
that is basically telling you , that windows defender wants to access registry entry .
click yes and you should get remove option.

after , i would recommend in windows security under virus % protection , click scan option, pick offline scan, scan now.
as well as it`s handy to have Ccleaner, and i would run clean to remove temp folders and registry scan... as those are places what could left some leftovers after malware.
 

photodave

Distinguished
May 23, 2011
20
0
18,510
0
I did click allow it to run and instead of giving me any REMOVE OPTION, it said it is now "ALLOWED" and I got a message saying...... "This threat or app has been allowed and will not beremediated in the future."..... I could not find any button allowing me to remove or not allow it.

And it was for..... Trojan:XML/Phish.J!eml

I was online with Microsoft tech support and they had me run MSERT

It found no virus and now my Allowed Threats page shows no threats

Microsoft support seems to be saying that it is all ok and nothing to worry about... simply to re-run the scan.... but I feel that if it is allowed... I might scan and not find any other threats and it might skip over the allowed threat. Or am I being paranoid?

I no longer see anything under allowed threats, but I do see one threat quarantined in my "Protection History" and very afraid to click the down arrow for it. (there were more Quarantined Threats before but are no longer listed)

Does Windows Defender take care of it all automatically?

I can run CCleaner as you suggested, should I also run something like Malwarebytes?

Thank you again for your guidance
 

photodave

Distinguished
May 23, 2011
20
0
18,510
0
Ouch.... I do know it is an option.... Helped for something else before such a step.

Will hope others might have other options to try.... but I do know that re-installing is the safest

thanks again
 
It’s funny, people think reinstalling windows is so painful and I’m here to tell you that it’s not. If you have all your data backed up separately and safely packed away you can install windows in eight minutes flat and be back on your feet.

All of my data is backed up in the cloud and locally so my whole machine can blow up and it doesn’t matter
 

Dean0919

Commendable
Oct 25, 2017
67
5
1,535
0
It’s funny, people think reinstalling windows is so painful and I’m here to tell you that it’s not. If you have all your data backed up separately and safely packed away you can install windows in eight minutes flat and be back on your feet.

All of my data is backed up in the cloud and locally so my whole machine can blow up and it doesn’t matter
I agree, it's easy, however people who aren't techies and just use computer for browsing or other casual things, they don't make backups and simply don't even know how to make them.
 
I agree, it's easy, however people who aren't techies and just use computer for browsing or other casual things, they don't make backups and simply don't even know how to make them.
You can lead a horse to water, but you can't make him drink. They need to want to figure stuff out. To me, ignorance is no excuse.

my son pulls that crap all the time! LOL. I don't buy it. Look, it happened to me when I was a n00b. I learned my lessons from experience.
 

Dean0919

Commendable
Oct 25, 2017
67
5
1,535
0
You can lead a horse to water, but you can't make him drink. They need to want to figure stuff out. To me, ignorance is no excuse.

my son pulls that crap all the time! LOL. I don't buy it. Look, it happened to me when I was a n00b. I learned my lessons from experience.
I agree with you that ignorance is no excuse. All you need to do is try to figure out about your problem and learning more on things and gather the information, but there are certain category of people who don't do this and they choose to ask others how to do this, how to do that and there are people who really don't care about computers at all, nor they want to learn, but just use it. I'm not justifying these people, but what I'm saying that such people exist and have seen them in real life too. I had a few neighbors who wanted me to fix their computer problems all the time because I was a "techie" guy. They could ask me "Hey, plz trim this video?", "hey, how can I download from youtube?", "hey, where can I watch this movie?". I came to conclusion that these people were just using me & they were lazy to do those things themselves. Why bother yourself when your awesome "techie" neighbor can do it for you? I learned my lesson and now I don't openly tell people that I know a bit more about computers. These people are like parasites. They don't care if they are taking free time from you. Thank god, they eventually stopped. I had to play dumb and tell them "oh, I don't know how to do this, sorry".
 

ASK THE COMMUNITY

TRENDING THREADS