Question Trojan infection and using Windows Defender. Am I infected or not?

[_dawn_chorus_]

I plugged an old hard drive into my main system that I had scanned on another system with Windows Defender. I scanned again on the main system and it gave me a severe level threat for a trojan in an .iso file. I have windows set not to autorun external devices and I never opened the drive in file manager. Immediately after I got the alert I selected to run an offline scan and disconnected the ethernet cable (the computer has no wifi). Windows shut down and restarted a few minutes later but gave me no indication of what it had done. I opened defender again and performed a full scan and I got the same alert. It says this:

Alert level: Severe
Status: Active
Date: (Today)
Category: Trojan
Details: This program is dangerous and executes commands from an attacker

Then it has the infected file path which is one on the disconnected external drive.

This is the first time I have encountered a threat while using Windows defender and I am confused.
- Has it quarantined the trojan?
-Why does it say active still?
-Was my computer ever even infected or is it just recalling the infected file it scanned on the hard drive that is no longer connected?
-Why would Windows defender not have detected it on the first computer but did on the second?

EDIT: The infected file was a .iso file. called "your file is ready to download.iso" and WinDefender found a "Trojan:Script/Ulthar.A!ml" contained within it.

I am not sure where this file came from, and it has never been opened. Since it was never opened and the Trojan is a script, doesn't that imply it needs to be run? A google search shows other people with this virus have it actually infecting files and it has a name like Win32/Ulthar.A!ml which I assume is what I would find had I run the .iso file?

 

[Grobe]

Is it an acual .iso -file, or is it an EXE file that has an actual ending like "somefilename.iso.exe" (you cannot see the last part) ?

If it's an iso-file then it should in theory be harmless unless you mount it - but one can never know for sure (if the attacker has found a security hole in the way windows threats content on a file when right click it).

Try to upload that file to virustotal.com and see what it finds - that is information og what the file actually is (reveals if it turns out not being an actual iso file but something else).

Anyway, don't try to run (double click) it in case it's a hidden exe-file (or vbs, or other possible file endings that trick windows into executing it at double click).

 

[_dawn_chorus_]

Is it an acual .iso -file, or is it an EXE file that has an actual ending like "somefilename.iso.exe" (you cannot see the last part) ?

If it's an iso-file then it should in theory be harmless unless you mount it - but one can never know for sure (if the attacker has found a security hole in the way windows threats content on a file when right click it).

Try to upload that file to virustotal.com and see what it finds - that is information og what the file actually is (reveals if it turns out not being an actual iso file but something else).

Anyway, don't try to run (double click) it in case it's a hidden exe-file (or vbs, or other possible file endings that trick windows into executing it at double click).

Unfortunately I deleted it. I Plugged the drive back into the first computer and scanned it but got nothing.. So I deleted the file. I saved a picture of it though. WinDefender says:

Affected Items:

containerfile: F:\ Your File is Ready To Download.iso

file: F:\ Your File is Ready to Download.iso->Install.Ink

The file or container have never been opened (manually).