• 0

Am I clean? Potential infection in W11


Question

Hi,

Received a file from somebody which had an .exe infected with HackTool:Win32/AutoKMS!ml.

The ideea is that I didn't opened it, only saved it on my NAS.

After Defender from W11 detected the trojan.. I ran a quick-scan with it and  got the following :

image.png.34deb8a73c46433c8c6d8d3ef9b3efa5.png           image.png.05f7e1b996ecc6a597efbba5b346266c.png                          image.png.0b1e8362b0dcb3fbe34bc10fc842043f.png

 

I also ran Malwarebytes and got the following results. During the time Malwarebytes was installed I noticed that Defender icon was green.. not with the x as was before install MB. and after uninstalling Malwarebytes

Red : image.png.5ebd4c75e4957e0d5bf78936b0ae4684.png

 

image.png.230317f145dad6d78bd59d98286bee11.png

 

Conclusion :

1. Defender doesn't seem to be able to change something with quarantine or remove. I think that remembers the file as Affected items at that path.. but it's empty right now. Cannot get rid of the message anyway.

2. Malwarebytes gives a clean report.

3. That file was also manually removed from NAS. Should I scan the entire drive also?

What do you recommend? Thanks a lot!

 

 

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Hello,

As long as you do not run the file the computer should not be infected.  If you are concerned (and still have the file), you can try uploading it to Google's multi-engine scanning tool at https://www.virustotal.com and see what it reports.

 

Regards,

 

Aryeh Goretsky

 

  • Like 2
Link to comment
Share on other sites

  • 0

I think goretsky summed it up.

 

 

On 07/11/2021 at 14:05, Cosmin said:

Received a file from somebody which had an .exe infected with HackTool:Win32/AutoKMS!ml.

 

As a general rule... never open EXE files from a random person who sends you them. because there is a fair chance it will be a virus (or the like), especially if it's someone you don't know and you were not expecting to receive something specific.

  • Like 2
Link to comment
Share on other sites

  • 0

I did not open/run it but simply erased. Was saved on my NAS and now Windows Security from W11 "remembers" that something was there...

Indeed.. I've scanned my pc with both Windows Security & Malwarebytes & the NAS drive only with Windows Security. Can be NAS be infected by itself? It's not an O.S on it's own..

 

If everything is fine how can I get rid of the notification from Windows Security regarding it (with the path from the NAS) ? Thanks!

Link to comment
Share on other sites

  • 0
On 08/11/2021 at 17:46, Cosmin said:

I did not open/run it but simply erased. Was saved on my NAS and now Windows Security from W11 "remembers" that something was there...

Indeed.. I've scanned my pc with both Windows Security & Malwarebytes & the NAS drive only with Windows Security. Can be NAS be infected by itself? It's not an O.S on it's own..

 

If everything is fine how can I get rid of the notification from Windows Security regarding it (with the path from the NAS) ? Thanks!

Your NAS might have a network recycle bin (as in the file is not yet deleted and still available in the mapped network drive) if you can login to your NAS might want to check you have deleted the recycle bin.

Link to comment
Share on other sites

  • 0

It's a WD My Cloud 2TB - I don't see anything related to recycle bin.. but even so - as far as I know a file is not removed but overwritten.

Attached is the sample setup for Media Folder.. all the others are the same.

Do you suggest scanning everything with an additional tool? Any recommended?

image.png.87b4965c1c25be4bae83b5327f60599e.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.