Am I clean? Potential infection in W11

[Cosmin]

Hi,

Received a file from somebody which had an .exe infected with HackTool:Win32/AutoKMS!ml.

The ideea is that I didn't opened it, only saved it on my NAS.

After Defender from W11 detected the trojan.. I ran a quick-scan with it and  got the following :

                                   

 

I also ran Malwarebytes and got the following results. During the time Malwarebytes was installed I noticed that Defender icon was green.. not with the x as was before install MB. and after uninstalling Malwarebytes

Red :

 

 

Conclusion :

1. Defender doesn't seem to be able to change something with quarantine or remove. I think that remembers the file as Affected items at that path.. but it's empty right now. Cannot get rid of the message anyway.

2. Malwarebytes gives a clean report.

3. That file was also manually removed from NAS. Should I scan the entire drive also?

What do you recommend? Thanks a lot!

 

 

[goretsky Supervisor]

Hello,

As long as you do not run the file the computer should not be infected.  If you are concerned (and still have the file), you can try uploading it to Google's multi-engine scanning tool at https://www.virustotal.com and see what it reports.

 

Regards,

 

Aryeh Goretsky

 

[inactive]

I think goretsky summed it up.

 

 

On 07/11/2021 at 14:05, Cosmin said:

Received a file from somebody which had an .exe infected with HackTool:Win32/AutoKMS!ml.

 

As a general rule... never open EXE files from a random person who sends you them. because there is a fair chance it will be a virus (or the like), especially if it's someone you don't know and you were not expecting to receive something specific.

[Cosmin]

I did not open/run it but simply erased. Was saved on my NAS and now Windows Security from W11 "remembers" that something was there...

Indeed.. I've scanned my pc with both Windows Security & Malwarebytes & the NAS drive only with Windows Security. Can be NAS be infected by itself? It's not an O.S on it's own..

 

If everything is fine how can I get rid of the notification from Windows Security regarding it (with the path from the NAS) ? Thanks!

[Steven P. Administrators]

On 08/11/2021 at 17:46, Cosmin said:

I did not open/run it but simply erased. Was saved on my NAS and now Windows Security from W11 "remembers" that something was there...

Indeed.. I've scanned my pc with both Windows Security & Malwarebytes & the NAS drive only with Windows Security. Can be NAS be infected by itself? It's not an O.S on it's own..

 

If everything is fine how can I get rid of the notification from Windows Security regarding it (with the path from the NAS) ? Thanks!

Your NAS might have a network recycle bin (as in the file is not yet deleted and still available in the mapped network drive) if you can login to your NAS might want to check you have deleted the recycle bin.

[Cosmin]

It's a WD My Cloud 2TB - I don't see anything related to recycle bin.. but even so - as far as I know a file is not removed but overwritten.

Attached is the sample setup for Media Folder.. all the others are the same.

Do you suggest scanning everything with an additional tool? Any recommended?