Question detections

2025-11-18T19:33:00Z

1) Recently, my Microsoft Defender removed a malicious file: AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)

Before migrating to Microsoft Defender, I used Kaspersky Free as my main antivirus and scanned with Malwarebytes Free.

2) The files in the secure folder are dated 08/12/2024. I found a Malwarebytes Free log, and this log shows that a removal occurred on the same day the secure folder was created, 08/12/2024.

3) Are these events interconnected? And why didn't Kaspersky Free's real-time protection block and remove the malware? Only Malwarebytes Free detected and removed these files from the log, and only Microsoft Defender later removed AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) after the full scan?

4) After infection, was this malware always active until the day of the Defender scan?

My scan sequence was: KFree then Malwarebytes Free

Both 08/12/2024

Log Malwarebytes Free:

Malwarebytes -Report Details- Scan Date: 08/12/2024 Scan Time: 15:38 Report File: 8ef8ddf6-b593-11ef-bcfd-bc5ff4cbae09.json -Software Information- Version: 5.2.3.156 Component Version: 1.0.5108 Definition Pack Version: 1.0.92804 License: Free -System Information- Operating System: Windows 10 (Build 19045.5198) Processor: x64 File System: NTFS User: DESKTOP-3DM2P71\Retrogamer87 SSD -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 213928 Threats Detected: 2 Threats in Quarantine: 2 Elapsed time: 15 min, 27 sec -Analysis Options- Memory: Enabled Startup: Enabled File system: Enabled Compressed files: Enabled Rootkits: Enabled Heuristics: Enabled Potentially Unwanted Program: Detect PUM (potentially unwanted modification): Detect -Analysis Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry key: 0 (No malicious items detected) Registry value: 0 (No malicious items detected) Registry data: 0 (No malicious items detected) Data stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Legit.MisusedLegit.AutoIt, C:\PROGRAMDATA\WAF.COM, Quarantine, 6823, 975772, 1.0.92804, , ame, , 3F58A517F1F4796225137E7659AD2ADB, 1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48 Malware.AI.4154888263, C:\USERS\RETROGAMER87 SSD\APPDATA\LOCAL\TEMP\IEWKRR1ONNHJAAUWNKX4VSIQR2.EXE, Quarentena, 1000000, -140079033, 1.0.92804, 59B09B4B01ECED57F7A69047, dds, 03122948, BEED7B1858D259FA2349B88E707E164E, 5C79501AD48DE8BD3F643E7F487C2D73FDA5EE10095E5E5A414ECAC91F951451 Physical sector: 0 (No malicious items detected) Windows Instrumentation (WMI): 0 (No malicious items detected) (end)

Edited 20 hours ago by Berny

2025-11-19T14:53:12Z

@carlos88

↓ VirusTotal Detections ↓

Malwarebytes :
→ ?????????????? : Undetected

Microsoft :
→ Trojan:Win32/Wacatac.C!ml : Detected

Kaspersky :
→ Trojan-PSW.Win32.Tepfer.unqi : Detected (*)
(*) https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Tepfer/ (Detect date 02/17/2016)

19 hours ago, carlos88 said:

And why didn't Kaspersky Free's real-time protection block and remove the malware

For privacy reasons we dont't request Sytem Logs ...

2025-11-19T15:15:18Z

In my specific case, these malicious files entered my PC on December 8, 2024. The first software to remove some files of them was Malwarebytes Free in scan (mentioned in the log). In 2025, Microsoft Defender removed AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

During 2024 and the beginning of 2025, I used Kaspersky Free System Watcher because it didn't detect anything; only the Malwarebytes Free scans and Microsoft Defender removed these files.

Edited 1 hour ago by carlos88

2025-11-19T15:27:40Z

@carlos88

Unfortunately I don't have a crystal ball and Kaspersky Technical Support is only available for paid versions.

I amicably close this Topic

Question detections

Recommended Posts

carlos88

Berny

carlos88

Berny

Forum

Products

Support

Personal Account