Windows Defender reports Trojans: Wacatac.C & Woreflint - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Windows Defender reports Trojans: Wacatac.C & Woreflint - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer


Windows Defender reports Trojans: Wacatac.C & Woreflint - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 26 Apr 2020 07:22 AM PDT

My father received a suspicious email yesterday morning containing a .xlsx attachment. He was expecting an electronic payment from a client in Europe and this email purported to be from some financial institution. When he tried to preview the excel attachment in Outlook, the preview was blurred and said he would need to open in Office and enable editing. When he opened in Excel, the view was still blurry and never fully opened. That is when he called me for help viewing the attachment.

I immediately ran a scan with Windows Defender (he has a Dell laptop running Win10 and relies on Defender as his antivirus). Defender reported it had detected and deleted Trojan: Script/Wacatac.C.ml.  Looking at the detection history, I also saw that it had earlier that day prevented a malicious script from running -- Trojan: Script/Woreflint.A!cl.

I have since downloaded and run Malwarebytes, and also Webroot's online scan tool. Neither detected anything. I then ran Defender's offline scan tool which also reported no detections.

I have read that these are extremely dangerous, nasty, and sophisticated viruses that can evade detection and hide in memory. My father is very concerned as he has a lot of very sensitive client information on his computer. I am worried that a backdoor has been opened and is awaiting instructions from a hacker or that his data will get encrypted and held for ransom. He is backed up to an external drive using Veeam backup software, and also online using Crashplan but I worry that those could get encrypted or infected too.

Please help us make sure his computer is not still infected! I am also conflicted about whether he should be running a third party antivirus such as Webroot or BitDefender, or rely on Windows Defender for protection.

Thank you for the critical service you perform for the community. I will attach the Farbar reports on next post.


Comments

Popular posts from this blog

keyword

What Entrepreneurs Should Know About SEO - Business.com

Reasons You Should Be Using Keyword Benchmarking - Business.com