Question Possible infection. Should I reset or not?

[hnsp18128]

Greetings to all,

under pressure I made a mistake. I opened an executable file, which I needed urgently, downloaded from an untrusted source and checked it beforehand only with Avira. Once started, it interacted with WerFault.exe.
Uploaded to Virustotal, 7 out of 70 providers indicated it as a Trojan or generic malware:
AliCloud -Trojan[spy]:Win/Zbot.AMW
Bkav Pro -W32.AIDetectMalware
Cylance -Unsafe
Google -Detected
Ikarus -Gen.Codenox
Jiangmin -Trojan/Refroso.aazt
Trapmine -Malicious.high.ml.score

I subsequently performed disk scans with 4 different programs (Avira, ESET, Kaspersky and Malwarebytes) and none of them reported anything.
OS: Windows 11.
I would still proceed with a reset. Is this an excessive countermeasure? Is there a more targeted and decisive check that I can perform quickly?

Thank you in advance

 

[punkncat]

WerFault is a Windows process which reports errors.

If you are already using an AV solution, does it show anything under detected or quarantine and so on? Defender has options for an online scan and an offline scan.

Have you seen anything strange working under processes in Task Manager?

 

[USAFRet]

Since you're asking the question, the system is still in question, in your mind.

No matter what we say out here...it will always be questionable. To you.

Me personally, I would recover from the Full+Incremental backup from a couple of days ago.
Lacking that....a full wipe and reinstall is warranted.

 

[punkncat]

Good point @USAFRet

 

[rgd1101]

under pressure? why? to do what?

 

[USAFRet]

And, I recently had almost exactly the same situation.

I wanted to try a different ISO creation tool.
(silly me)

Found one, started the install. It asked to install a bunch of other gunk.
I specifically clicked NO on all of them.

It installed them anyway.

It was far faster, for me, to simply recover the OS drive from the overnight backup, than to try to eradicate all of that junk.

But thats just me.

 

[hnsp18128]

WerFault is a Windows process which reports errors.

If you are already using an AV solution, does it show anything under detected or quarantine and so on? Defender has options for an online scan and an offline scan.

Have you seen anything strange working under processes in Task Manager?

For what I can see, in Processes I haven't noticed anything out of the ordinary. I've also kept an eye on Event Viewer without noticing anything suspicious.
The AV (Avira) hasn't detected anything. Trojan Killer found some adware and a few possible threats, but nothing related.

Since you're asking the question, the system is still in question, in your mind.

No matter what we say out here...it will always be questionable. To you.

Me personally, I would recover from the Full+Incremental backup from a couple of days ago.
Lacking that....a full wipe and reinstall is warranted.

Actually this is a good point. No backup, so I'll have to expedite a previously planned purchase of an external hard drive, save important stuff, and then... wipeout.

under pressure? why? to do what?

Well, I kept putting off a project until I was backed into a corner with a deadline looming… Same old.


Thanks

 

[rgd1101]

Well, I kept putting off a project until I was backed into a corner with a deadline looming… Same old.
Thanks

and how is downloading an exe and running it help solve your issue?