A threat (msil/injector.fcd) was found in a file that microsoft teams tried to access

MasterMind6 · 2024-10-09T13:14:49Z

hello

i built an app from youtube to enhance my game graphics and now i keep getting this every 1 min * a threat (msil/injector.fcd) was found in a file that microsoft teams tried to access *

its so annyoing and whenever eset tell me that it got rid of it it ask me to restart and it all happens again

i have malwarebytes plus and eset smart security premium

both are detecting an outbound and blocking it but its so annoying because it happens every 30 sec to 1 min

please help anyone

Marcos · 2024-10-09T13:17:32Z

Please provide logs collected with ESET Log Collector from the machine.

MasterMind6 · 2024-10-09T13:21:19Z

ok am on it right now

MasterMind6 · 2024-10-09T13:22:25Z

its collecting now

Edited 4 hours ago by MasterMind6

MasterMind6 · 2024-10-09T13:28:19Z

here it is

essp_logs.zip

Marcos · 2024-10-09T13:43:56Z

The malicious files were created by C:\Users\acer\AppData\Local\Programs\Common\OneDriveCloud\taskhostw.exe so most likely when syncing with your files in your OneDrive storage. Log in to OneDrive in a browser and delete all suspicious files.

MasterMind6 · 2024-10-09T13:45:53Z

ok if i delete one drive would that fix it ?

i dont know how to go to that onedrive storage

Edited 4 hours ago by MasterMind6

MasterMind6 · 2024-10-09T13:49:16Z

i deleted everything in onedrive C:\Users\acer\OneDrive

MasterMind6 · 2024-10-09T13:50:27Z

i still get this

Marcos · 2024-10-09T13:50:45Z

You must delete the suspicious files in the cloud, otherwise the OneDrive agent will download them again during a sync.

MasterMind6 · 2024-10-09T13:51:28Z

i even did a restore repair windows files and did not fix the problem

MasterMind6 · 2024-10-09T13:52:31Z

i did delete all the files in the cloud and i deleted onedrive it self and i have revo uninstaller so it took all the files even from the reg

MasterMind6 · 2024-10-09T13:53:53Z

i get this every few seconds

MasterMind6 · 2024-10-09T14:00:50Z

now i only get the address has been blocked every 2 seconds

Screenshot2024-10-09155335.png.a2bba4fc05cca47c76482024ca6bbfe5.png

Edited 4 hours ago by MasterMind6

Marcos · 2024-10-09T14:03:54Z

What if you temporarily rename C:\Users\acer\AppData\Local\Programs\Common\OneDriveCloud\taskhostw.exe in safe mode? Does it stop the detections from occurring?

Also you have quite many performance and detection exclusions. Please remove the performance exclusions and use only detection exclusions with a detection name set.

MasterMind6 · 2024-10-09T14:04:40Z

could you guide me how to do it please ?

Edited 4 hours ago by MasterMind6

MasterMind6 · 2024-10-09T14:06:07Z

just to let you know i deleted all the files in C:\Users\acer\AppData\Local\Programs\Common\OneDriveCloud

so its totally empty now

Edited 4 hours ago by MasterMind6

MasterMind6 · 2024-10-09T14:08:03Z

good thing is no more *A threat (msil/injector.fcd) was found in a file that microsoft teams tried to access*

but i got that address has been blocked thing every 2 seconds

Marcos · 2024-10-09T14:10:57Z

Remove all performance exclusions as well as detection exclusions that have no detection name set, reboot the machine and see what happens.

Detection exclusions with no detection name:

C:\Users\acer\Desktop\KeyFlexor-v1\KeyFlexor v1\*
C:\Users\acer\Desktop\KeyFlexor-v1\KeyFlexor v1\KeyFlexor v1\STEP 2\*
C:\Program Files\keyflexor\Keyflexor.exe
C:\Program Files\keyflexor
C:\Program Files\keyflexor\Keyflexor.exe
C:\Program Files\keyflexor\Check_KF.exe
C:\Program Files\keyflexor\net8installer.exe
C:\Program Files\keyflexor\Keyflexor.exe.config

MasterMind6 · 2024-10-09T14:14:01Z

ok i will reboot now i just removed all performance exclusions

Marcos · 2024-10-09T14:15:55Z

1 minute ago, MasterMind6 said:

ok i will reboot now i just removed all performance exclusions

Don't forget to remove also detection exclusions listed above that have no detection name set.

MasterMind6 · 2024-10-09T14:18:08Z

i did and now am back and WOW man you are a beast ! no notifications no nothing

MasterMind6 · 2024-10-09T14:19:13Z

man i appretiate your help so much !!! have been a pain for me to fix this problem and now its fixed thanks to you !!

MasterMind6 · 2024-10-09T14:20:15Z

do i need to do more things or thats it ?

Marcos · 2024-10-09T14:27:14Z

That should be all. The whole problem was that you had actual malware excluded from scanning which allowed it to execute. Subsequently various payload was subsequently detected in memory by Advanced memory scanner and Startup scanner, such as:
MSIL/AsyncRAT.A trojan
Win64/Injector.EM trojan
MSIL/Injector.FCD trojan
MSIL/ClipBanker.AIF trojan

Sign In

A threat (msil/injector.fcd) was found in a file that microsoft teams tried to access

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Quick search

FAQ

Topics