Question detections

[carlos88]

1) Recently, my Microsoft Defender removed a malicious file: AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)

Before migrating to Microsoft Defender, I used Kaspersky Free as my main antivirus and scanned with Malwarebytes Free.

2) The files in the secure folder are dated 08/12/2024. I found a Malwarebytes Free log, and this log shows that a removal occurred on the same day the secure folder was created, 08/12/2024.

3) Are these events interconnected? And why didn't Kaspersky Free's real-time protection block and remove the malware? Only Malwarebytes Free detected and removed these files from the log, and only Microsoft Defender later removed AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) after the full scan?

4) After infection, was this malware always active until the day of the Defender scan?

My scan sequence was: KFree then Malwarebytes Free

Both 08/12/2024

Log Malwarebytes Free:

Malwarebytes -Report Details- Scan Date: 08/12/2024 Scan Time: 15:38 Report File: 8ef8ddf6-b593-11ef-bcfd-bc5ff4cbae09.json -Software Information- Version: 5.2.3.156 Component Version: 1.0.5108 Definition Pack Version: 1.0.92804 License: Free -System Information- Operating System: Windows 10 (Build 19045.5198) Processor: x64 File System: NTFS User: DESKTOP-3DM2P71\Retrogamer87 SSD -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 213928 Threats Detected: 2 Threats in Quarantine: 2 Elapsed time: 15 min, 27 sec -Analysis Options- Memory: Enabled Startup: Enabled File system: Enabled Compressed files: Enabled Rootkits: Enabled Heuristics: Enabled Potentially Unwanted Program: Detect PUM (potentially unwanted modification): Detect -Analysis Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry key: 0 (No malicious items detected) Registry value: 0 (No malicious items detected) Registry data: 0 (No malicious items detected) Data stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Legit.MisusedLegit.AutoIt, C:\PROGRAMDATA\WAF.COM, Quarantine, 6823, 975772, 1.0.92804, , ame, , 3F58A517F1F4796225137E7659AD2ADB, 1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48 Malware.AI.4154888263, C:\USERS\RETROGAMER87 SSD\APPDATA\LOCAL\TEMP\IEWKRR1ONNHJAAUWNKX4VSIQR2.EXE, Quarentena, 1000000, -140079033, 1.0.92804, 59B09B4B01ECED57F7A69047, dds, 03122948, BEED7B1858D259FA2349B88E707E164E, 5C79501AD48DE8BD3F643E7F487C2D73FDA5EE10095E5E5A414ECAC91F951451 Physical sector: 0 (No malicious items detected) Windows Instrumentation (WMI): 0 (No malicious items detected) (end)

 

 

Edited 57 minutes ago by Berny