Question Normal Windows Behavior? Or a Trojan/Virus?

photodave

Distinguished
May 23, 2011
20
0
18,510
0
I am hoping you can give me guidance and advice.

I am running Windows 10 and only have Windows Defender.

Recently Windows Defender found some threats, which it said it took care of.

The threats were:

Trojan:Win32/Vigorf.A
Trojan:Win32/Skeeyah.A!MTB
Trojan:Win32/Occamy.AA
Trojan:XML/Phish.J!eml

I ran Windows Defender full scans and off line scans several times since and it now says no threats

However, in the Protection History of Windows Security, I see a threat quarantined, the date, and under severe I see a downward pointing arrow. I am assuming this would give me more information about it, but when I click on the arrow to open it, a Windows Security pop up opens asking if I want “this app to make changes to your device” Which I say "no"

Is this normal Windows behaviour and safe to run it? Or is it a virus/Trojan that is still there?

If running Windows Defender states there are no threats, can I trust it that I am now secure?

Thanking you all in advance for your help and guidance,

Dave
 
Jan 9, 2020
228
49
140
12
Post a screenshot of the security pop up. Generally, it should list the person/company that made the application that's trying to run. In most cases, if it has an author, it should be safe, however if there's no author then you may have cause to worry, depending on what application is trying to run and where it came from.
 

photodave

Distinguished
May 23, 2011
20
0
18,510
0
I originally wanted to post a screen shot of both the Windows Security Protection History, as well as theWindows Security popup, but I did not find a button to upload it. The closest I found was "Insert Image" but it gives me a http:// link. I do not find any button to directly upload a screen grab from my computer to the forum post.

What it does say is....

User Account Control
Do you want to allow this app to make changes to your device?
Windows Security
Verified Publisher: Microsoft Windows
CLSID: [6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF]
Show information about the publisher's certificate
Change when these notifications appear
Hide Details
YES NO (buttons and I press no)


Thank you again for your help and guidance

Dave
 

chuda

Commendable
Aug 28, 2017
60
5
1,535
0
that is basically telling you , that windows defender wants to access registry entry .
click yes and you should get remove option.

after , i would recommend in windows security under virus % protection , click scan option, pick offline scan, scan now.
as well as it`s handy to have Ccleaner, and i would run clean to remove temp folders and registry scan... as those are places what could left some leftovers after malware.
 

photodave

Distinguished
May 23, 2011
20
0
18,510
0
I did click allow it to run and instead of giving me any REMOVE OPTION, it said it is now "ALLOWED" and I got a message saying...... "This threat or app has been allowed and will not beremediated in the future."..... I could not find any button allowing me to remove or not allow it.

And it was for..... Trojan:XML/Phish.J!eml

I was online with Microsoft tech support and they had me run MSERT

It found no virus and now my Allowed Threats page shows no threats

Microsoft support seems to be saying that it is all ok and nothing to worry about... simply to re-run the scan.... but I feel that if it is allowed... I might scan and not find any other threats and it might skip over the allowed threat. Or am I being paranoid?

I no longer see anything under allowed threats, but I do see one threat quarantined in my "Protection History" and very afraid to click the down arrow for it. (there were more Quarantined Threats before but are no longer listed)

Does Windows Defender take care of it all automatically?

I can run CCleaner as you suggested, should I also run something like Malwarebytes?

Thank you again for your guidance
 

photodave

Distinguished
May 23, 2011
20
0
18,510
0
Ouch.... I do know it is an option.... Helped for something else before such a step.

Will hope others might have other options to try.... but I do know that re-installing is the safest

thanks again
 
It’s funny, people think reinstalling windows is so painful and I’m here to tell you that it’s not. If you have all your data backed up separately and safely packed away you can install windows in eight minutes flat and be back on your feet.

All of my data is backed up in the cloud and locally so my whole machine can blow up and it doesn’t matter
 

ASK THE COMMUNITY

TRENDING THREADS