Gello 0 Posted November 24, 2022 Share Posted November 24, 2022 When i downloaded it ignored the Windows protection thinking it was a false positive, the downloaded content was in a zip file, when i tried to run it it was blocked luckily, and windows instantly started working to remove some of the Trojan, one thing it did not detect was found in malware-bytes, I'm wondering if I should be safe now or if i should take further action by installing another anti virus software, or should I also reinstall windows on a USB? The file Malware-bytes found was a trojan.smokeloader Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted November 24, 2022 Administrators Share Posted November 24, 2022 By Windows protection you mean SmartScreen? Do you have a free version of MBAM without real-time protection installed? Is the file detected by ESET? Please scan it at https://www.virustotal.com and post the link with results here. Link to comment Share on other sites More sharing options...
Gello 0 Posted November 24, 2022 Author Share Posted November 24, 2022 8 minutes ago, Marcos said: By Windows protection you mean SmartScreen? Do you have a free version of MBAM without real-time protection installed? Is the file detected by ESET? Please scan it at https://www.virustotal.com and post the link with results here. It was SmartScreen, it dectected two files that were quarantined then deleted, and it is the free version of MalwareBytes but im pretty sure i have a premium free trial. I do not currently have the ESET anti virus, and if i deleted the file is there a way to submit it to virustotal without having to re download it? Link to comment Share on other sites More sharing options...
itman 1,743 Posted November 24, 2022 Share Posted November 24, 2022 (edited) 8 hours ago, Gello said: when i tried to run it it was blocked luckily, and windows instantly started working to remove some of the Trojan Assumed here is it was Windows Defender that detected the malware and removed what it detected. Whatever WD detected and removed should be in its quarantine file. You can view what is in the quarantine file per instructions here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365-worldwide . You should be able to restore the file from quarantine and submit the file to VirusTotal for scanning. I don't know if this is really necessary since you don't have Eset installed. When @Marcosmade his posting, I believe he was under the assumption you had an Eset product installed. Note that this is an Eset forum and its primary purpose is to resolve issues with Eset installed products. Non-security product specific malware removal assistance can be provided at the following linked forums: https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/ https://malwaretips.com/forums/windows-malware-removal-help-support.10/ -EDIT- I also might be wrong about WD detecting this fake MSI afterburner malware. Here's a recent article on the malware: https://www.bleepingcomputer.com/news/security/fake-msi-afterburner-targets-windows-gamers-with-miners-info-stealers/ . Of note is the following: Quote Unfortunately, almost all of this fake MSI Afterburner campaign's components have poor antivirus software detection. VirusTotal reports that the malicious 'MSIAfterburnerSetup.msi' setup file is only detected by three security products out of 56, while the 'browser_assistant.exe' is only detected by 2 out of 67 products. There are only a handful of AV''s detecting both above malware components with Eset being one of them. VT showed neither WD or MalwareBytes detecting the components. Edited November 25, 2022 by itman Link to comment Share on other sites More sharing options...
Recommended Posts