All Activity

I've now switched to Microsoft Defender because Kaspersky Free will be deactivated by the company. A few months or last year, some people accessed my Mega.nz accounts in other countries. I don't know how they accessed them, but I recently changed my password, and this didn't happen. I don't know if it was a leak within Mega or malware, but during this period, I always used Kaspersky Free and completed a regular complete scan. That's why I was concerned about this QT DLL found with Microsoft Defender after I uninstalled Kaspersky Free.

Там ссылка та же самая. Образ обновляют раз в сутки, поэтому, скорее всего, небольшая разница в размере. Про пароль не знаю, не встречал такого.

But did You notice the behaviors described there in Your system?

The link this malware refers to a backdoor. If the hacker has access to the system, he can delete, corrupt, and modify files.

Did You visit that link I posted before?

Yes, I will change the passwords. But what malware is this? Is it just a stealer, or does it also remove, modify, and corrupt personal files in hdd and ssd? It has many names, but the behavior is the same?

Добавьте в исключения папки с файлами конфигураций 1С и всё.... BIN каталог с *.exe файлом не вызывает задержек... Если информационных баз штук 80. То. вероятно, проверке подвергается каждая из них со служебными библиотеками типа *.DLL, которые рекомендовано по умолчанию размещать в базе данных...

That malware probably it is a stealer, that's why I told You suggestion to change passwords of Your online services. Not all malware have to corrupt, delete or encrypt Your files, there are others that are more stealthy...

Они меня снова решили посмешить😁

I very rarely download cracked software. When I download it, the antivirus detects it, and I remove it. These ISO, compressed, and EXE files, totaling 250GB, were downloaded from trusted sources. No malware. I don't know what placed that file and folder in the DLL file found by Microsoft Defender. My concern is whether the Trojan detected by Defender will alter, corrupt, or delete some of these files (250GB).

Добавьте в исключения папки с файлами конфигураций 1С и всё.... BIN каталог с *.exe файлом не вызывает задержек...

Also , I assume that the DLL is not showing up in the task manager ?

We can't know exactly, maybe only by the folder date/time of creation, but not necessary, this can be changed. But as You told, You download very risky stuff: ISO's, emulators, etc. and probably many come with infected cracks, keys gens, patches, etc. probably from torrent networks... So, I would scan all those stuff with different tools before installing them, even I would install them 1st in a virtual system to check them before You go to Your host system.

In my case, in my situation and your experience, what may have happened to me is that this dll file was present on my PC since 2024. i used kaspersky free and malwarebytes free in period

As I already told You, no antivirus is 100%, there are lots of daily new malware a day, so it's impossible to cope them all immediately, yes, this time Defender was faster, but that won't happen always hehe... also, Kaspersky Free has some shortcomings, paid product can be customized with stronger tweaks to avoid that type of attacks.

Thank you all guys. Sorry to bother you, I'm a newbie. I have a lot to learn about antivirus software. Microsoft Defender's full scan only found this DLL, and I thought that any infected file puts the PC at risk of being hacked, deleted, or modified. I also thought that a well-known antivirus like Kaspersky Free and Malwarebytes didn't detect this DLL in the scan. Their database was up-to-date, but these antiviruses don't recognize this malware. Without the database signature for this malware file, would Kaspersky Free's real-time protection, a few weeks ago, have been able to block these changes generated by this malware?

What additional info do You want? We have already told You all our thoughts, even also in MalwareTips thread, the malware is already detected, also I sent some suggestions about passwords after the "possible infection". Yes, Defender detected that file, BUT on demand, not with real-time, so AGAIN, probably was no active at that moment... just stop posting again and again the same... what else do You want us to reply? 🤷‍♂️

@carlos88 Please avoid bumping, thank you.

Перезаписал на тот же CD Без сторонних программ, в windows . Все работает. Откуда в той копии взялся ввод логина и пароля?

Да. Так оно и есть. Хотя папки я сжимал и убедился, что этих писем в почте не отображается. Поэтому убираю со своего "рецепта" отметку "решение".

Hallo, kriege ich noch ein Antwort / Hinweis etc.

Перед тем, как перезаписывать, почитайте внимательно всю информацию выше и пройдите по ссылкам. Иначе ничего не выйдет, так и будет беседа в одну сторону.

Спасибо всем, кто ответил. Резюмирую в одном сообщении все шаги, для чистки почтовых ящиков ThunderBird: Проверить, что указанные письма недоступны (удалены); Запустить в почтовом клиенте сжатие папок; В KES открыть сообщения о зараженных вложениях в почте, нажать три точки и выбрать пункт "Игнорировать" ("Игнорировать всё")

А у меня и записалось 692 мегабайта и загрузилось. Скачал еще раз 692 416 512 байт. На 135 168 б.больше чем прошлый файл. Перезапишу.

можно. Но до следующей проверки.