• 0

Am I clean? Potential infection in W11

Asked by Cosmin,

 Share

Question

Grand Master

Cosmin

Posted
Posted

Hi,

Received a file from somebody which had an .exe infected with HackTool:Win32/AutoKMS!ml.

The ideea is that I didn't opened it, only saved it on my NAS.

After Defender from W11 detected the trojan.. I ran a quick-scan with it and  got the following :

image.png.34deb8a73c46433c8c6d8d3ef9b3efa5.png           image.png.05f7e1b996ecc6a597efbba5b346266c.png                          image.png.0b1e8362b0dcb3fbe34bc10fc842043f.png

 

I also ran Malwarebytes and got the following results. During the time Malwarebytes was installed I noticed that Defender icon was green.. not with the x as was before install MB. and after uninstalling Malwarebytes

Red : image.png.5ebd4c75e4957e0d5bf78936b0ae4684.png

 

image.png.230317f145dad6d78bd59d98286bee11.png

 

Conclusion :

1. Defender doesn't seem to be able to change something with quarantine or remove. I think that remembers the file as Affected items at that path.. but it's empty right now. Cannot get rid of the message anyway.

2. Malwarebytes gives a clean report.

3. That file was also manually removed from NAS. Should I scan the entire drive also?

What do you recommend? Thanks a lot!

 

 

5 answers to this question

Recommended Posts

  • 0
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

As long as you do not run the file the computer should not be infected.  If you are concerned (and still have the file), you can try uploading it to Google's multi-engine scanning tool at https://www.virustotal.com and see what it reports.

 

Regards,

 

Aryeh Goretsky

 

  • inactive and Cosmin
  • Like 2
  • 0
Grand Master

inactive

Posted
Posted

I think goretsky summed it up.

 

 

On 07/11/2021 at 14:05, Cosmin said:

Received a file from somebody which had an .exe infected with HackTool:Win32/AutoKMS!ml.

 

As a general rule... never open EXE files from a random person who sends you them. because there is a fair chance it will be a virus (or the like), especially if it's someone you don't know and you were not expecting to receive something specific.

  • Cosmin and goretsky
  • Like 2
  • 0
Grand Master

Cosmin

Posted
  • Author
Posted

I did not open/run it but simply erased. Was saved on my NAS and now Windows Security from W11 "remembers" that something was there...

Indeed.. I've scanned my pc with both Windows Security & Malwarebytes & the NAS drive only with Windows Security. Can be NAS be infected by itself? It's not an O.S on it's own..

 

If everything is fine how can I get rid of the notification from Windows Security regarding it (with the path from the NAS) ? Thanks!

  • 0
Grand Master

Steven P. Administrators

Posted
  • Administrators
Posted
On 08/11/2021 at 17:46, Cosmin said:

I did not open/run it but simply erased. Was saved on my NAS and now Windows Security from W11 "remembers" that something was there...

Indeed.. I've scanned my pc with both Windows Security & Malwarebytes & the NAS drive only with Windows Security. Can be NAS be infected by itself? It's not an O.S on it's own..

 

If everything is fine how can I get rid of the notification from Windows Security regarding it (with the path from the NAS) ? Thanks!

Your NAS might have a network recycle bin (as in the file is not yet deleted and still available in the mapped network drive) if you can login to your NAS might want to check you have deleted the recycle bin.

  • 0
Grand Master

Cosmin

Posted
  • Author
Posted

It's a WD My Cloud 2TB - I don't see anything related to recycle bin.. but even so - as far as I know a file is not removed but overwritten.

Attached is the sample setup for Media Folder.. all the others are the same.

Do you suggest scanning everything with an additional tool? Any recommended?

image.png.87b4965c1c25be4bae83b5327f60599e.png

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • MusicBee 3.6.9668

      By Copernic · Posted

      MusicBee 3.6.9668 by Razvan Serea MusicBee is an application geared toward managing extensive music collections, easy to use and with a comprehensive feature set. It makes it easy to organize, find, and play music files on your computer, on portable devices, and on the Web. It provides playback of a wide range of audio formats, smart playlists with the ability to discover and play new music from the web, advanced tag editing with automated artwork and tag look up, folder monitoring, automated file re-organization, portable device synchronization, and secure CD ripping with AccurateRip verification. MusicBee features: Supported formats: MP3, AAC, M4A, MPC, OGG, FLAC, APE, TAK, WV, WMA and WAV. Audio CDs: Audio CD playback and ripping (with CD-Text capabilities) is supported. CD tracks can be ripped (in fast or secure mode) as individual files or as a single album with embedded cuesheet. Conversion: Conversion from and to all supported formats as metadata are preserved. Synchronization of tags only (in case that the output file already exists) instead of reencoding is possible. ReplayGain support: both playback and calculation. File Organization: Organization and renaming of music files into folders and files based on tag values such as artist, album, name, track number, etc. that can be specified. MusicBee can do this automatically for all files in a music library or the user can choose the files or folders themselves. Web Browsing: Browsing of the web using Mozilla's XULRunner environment. Scrobbling: Tracks played from MusicBee can optionally be scrobbled to Last.fm. Customizable user interface layout. Customizable keyboard shortcuts. MiniLyrics support Download: MusicBee 3.6.9668 | MusicBee Portable | ~9.0 MB (Freeware) Download: Windows Store Edition View: MusicBee Home page | Release Notes | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Hey Google, these are the Gemini features I want in 2026

      By zikalify · Posted

      On xiaomi hyperos there's also an option to disable google assistant. I've got everything disabled. Only thing I do have installed is a web wrapped for duck.ai which claims to let you use various AIs anonymously
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By WrongHead™ · Posted

      I need to understand the rationale of not shipping all of these K2 improvements in a single update/release. It's giving "we will fix Windows 11 but no commitments". It seems to me that they just announce these improvements just to appease the community.
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By WrongHead™ · Posted

      The term "RTM" is long gone starting with Windows 10. Every current release is a GA build. This is the result of MS making Windows as a Service (WaaS).
    • This Samsung T7 external SSD deal lasts less than a day

      By Jaybonaut · Posted

      Looks like no official TBW rating, which should be a required listing in my opinion for sites like Amazon (hell, put it on the box too.)

  • Recent Achievements

    • Conversation Starter
      sumytbe earned a badge
      Conversation Starter
    • One Year In
      B4dM1k3 earned a badge
      One Year In
    • One Year In
      DarkWun earned a badge
      One Year In
    • Dedicated
      Almohandis earned a badge
      Dedicated
    • Dedicated
      JuvenileDelinquent earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      516
    2. 2
      +Edouard
      186
    3. 3
      PsYcHoKiLLa
      87
    4. 4
      Michael Scrip
      79
    5. 5
      Steven P.
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!