Windows Defender Trojan:Script/Wacatac.H!ml keeps popping up, even

相关文章推荐

光明磊落的烤面包 · PHP&JAVA ...· 1 年前 ·

酷酷的红金鱼 · 函数（Windows 运行时） - ...· 1 年前 ·

无聊的葡萄酒 · Python 爬虫模拟登录方法汇总 - 掘金· 1 年前 ·

坚韧的丝瓜 · 32位和64位系统的区别 - ...· 1 年前 ·

高大的麦片 · CSV文件对逗号和引号字符的转义处理，使用E ...· 1 年前 ·

Windows Defender Trojan:Script/Wacatac.H!ml keeps popping up, even after going through multiple other scans which show: no threat detected

Hello,

I came here mainly to ask whether my Windows Defender can issue false positives because that is what it looks like to me. Since yesterday I have gotten continuous notifications (every 20 minutes or so when I use the laptop) about the mentioned Trojan script being detected and deleted by Windows Defender. According to Windows defender, it was located in my Temp files, like C:\Windows\Temp\NAV6E77.tmp. Every time it was detected it would be in a different NAV.tmp location.

I never had this before since I started using this Acer Travelmate | X in 2018 and to be fair I was quite concerned. However, after doing multiple things, like:

- Running an advanced Antivirus scan from my paid Panda Antivirus

- Running an offline Windows defender scan

- Running a Malwarebytes scan

- Running the DISM.exe /Online /Cleanup-Image /RestoreHealth command through the command prompt

They all turned out with no serious threat detections. I quarantined a few files based on what the Malwarebytes & Panda results showed me, but Windows Defender still gives me notifications of the same malware.

As my last resort I even tried simply deleting the .tmp files that were related to the script since that helped someone else as well, but that also did not help. Now the threat detection makes even less sense, since the location of where the malware should be does not exist anymore.

At this point I just deactivated the notifications of my windows defender since I was getting quite certain nothing was wrong, but I still wanted to know whether it is really possible that this malware detection is a false alarm.

Thanks for the help,

Emiel

Welcome to Microsoft community.

I'm glad to help you.

This virus is probably caused by the use of some third-party cracking programs or problematic programs. And Trojan:Win32/Wacatac.H!ml is just among them.

Trojan: Win32/Wacatac.H!ml malware is incredibly difficult to erase by hand. It puts its files in multiple places throughout the disk, and can restore itself from one of the parts. Moreover, a lot of alterations in the registry, networking configurations and also Group Policies are quite hard to find and change to the initial.

It is better to use an anti-malware app .

If your PC has a restore point, you can also use the restore point feature to restore your PC to a correct point in time.

If you need more help, please don't hesitate to let me know.

Best regards

Derrick Qian | Microsoft Community Support Specialist

Hello Derrick,

Thank you for your response. I think I know where the malware came from in that case: I had to download and run an .exe file for one of my classes, which was supposed to be safe open source software which just runs a code and that would be it. But I suppose something got in with that download / processing.

Either way, thank you for the suggestions. About the anti-malware app, which one do you recommend for my problem? Either way, I will try the restore option as well. If it works I will let you know.

Thanks again.

Emiel

Hi Emiel,

I have an exactly the same issue as you. The same type of malware located in similar temp files was detected every 20 minutes by Windows Defender since yesterday morning.

Though in my case the Malwarebytes scan and follow-up quarantine did stop the constant detections (edit: haven't used Malwarebytes until after this started happening).

Interestingly enough, I also have a paid version of Panda Antivirus (could it be a factor?).

I was curious what is the file that started the whole chain of events for you. In my case the first detection was caused by "nanosigs_1_20221007_100006.rar" also located in Temp folder then followed up by the 20 minute interval detections of the "NAV..." files. I don't recall downloading any rar files the last few days.

Cheers,

Harassment is any behavior intended to disturb or upset a person or group of people. Threats include any threat of suicide, violence, or harm to another. Any content of an adult theme or inappropriate to a community web site. Any image, link, or discussion of nudity. Any behavior that is insulting, rude, vulgar, desecrating, or showing disrespect. Any behavior that appears to violate End user license agreements, including providing product keys or links to pirated software. Unsolicited bulk mail or bulk advertising. Any link to or advocacy of virus, spyware, malware, or phishing sites. Any other inappropriate content or behavior as defined by the Terms of Use or Code of Conduct. Any image, link, or discussion related to child pornography, child nudity, or other child abuse or exploitation. Harassment is any behavior intended to disturb or upset a person or group of people. Threats include any threat of suicide, violence, or harm to another. Any content of an adult theme or inappropriate to a community web site. Any image, link, or discussion of nudity. Any behavior that is insulting, rude, vulgar, desecrating, or showing disrespect. Any behavior that appears to violate End user license agreements, including providing product keys or links to pirated software. Unsolicited bulk mail or bulk advertising. Any link to or advocacy of virus, spyware, malware, or phishing sites. Any other inappropriate content or behavior as defined by the Terms of Use or Code of Conduct. Any image, link, or discussion related to child pornography, child nudity, or other child abuse or exploitation.

Hi Mat,

So I assume it had something to do with an .exe file I had to download and run for school, since after running that I started getting these notifications. I do find it odd that for the both of us Panda antivirus is not really helping, I don't know if you used the cloud scanner? For me my problem has now been solved but to be honest I have no real clue how. There was an update for Windows I installed and afterwards my defender asked me for permission to send some files for further inspection and now my notifications are gone. It's all very weird. I am still happy to hear your problems have also been solved.

Cheers,

- Emiel

Hi Derrick,

I understand. I did use multiple scans for my problem, including the complete scans for both Panda and Windows Defender. However, as I just told Mat as well, my problems have been solved for some reason. I downloaded a new update for Windows, gave my Defender permission to send some files for inspection and now my notifications of malware are gone. Hopefully it stays that way. Either way, thank you for the support! At least I became a bit more knowledgeable with regards to ridding my computer of malware.

Have a good day,

- Emiel

Thanks for your reply.

I am glad that your problem has been solved.

In the future, if you encounter any difficult problems while using Microsoft products and services, you are welcome to consult the Microsoft community again, and we will try our best to help you.

Thank you very much for your trust and support of Microsoft, and I sincerely wish you a happy life and success in your work!

Best regards

Derrick Qian | Microsoft Community Support Specialist

Hi Derrick,

Well, unfortunately the problem returned, only in a different form. I now have a Defender alert every 20 minutrs for malware which is called Trojan:Script/Sabsik.FL.B!ml, again found in the temp folders. I just installed new security updates as well so I'm honestly baffled that this shows up again. As per usual, no scans can find a threat (not even a Defender complete scan while the Defender does find and remove it immediately for some reason). A system restore will not be handy in my case since the only options include times when I had the other malware notifications. So yeah I am now a bit clueless on what options I have.

Thanks for your help.

Kind regards,

Emiel

Thanks for your reply.

At present, the best way to clear this trojan is to format your system and reinstall it. Maybe your computer was injected into the Trojan horse by some third-party programs in a certain use, which caused the system infection. Scanning and updating does not solve the problem.

You can follow this link to format and reinstall your Windows.

Be careful to back up your data and files in advance.