Question malware detected other software

[carlos88]

I ran a full scan with Microsoft Defender on my PC and it found the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

[AlexeyK]

6 часов назад, carlos88 сказал:

QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)

You've created too many threads on forums, don't you think? One, two, three, four, and plus one here. 🙂

Is this your file? If yes - upload this file via the link, wait for the analysis to be completed, and attach the link to the TIP's analysis here.

[carlos88]

https://www.virustotal.com/gui/file/935cd9070679168cfcea6aea40d68294ae5f44c551cee971e69dc32f0d7ce14b?nocache=1

 

https://hybrid-analysis.com/sample/935cd9070679168cfcea6aea40d68294ae5f44c551cee971e69dc32f0d7ce14b

[AlexeyK]

@carlos88 As I see, you didn't upload the file into TIP (no dynamic analysis and button "submit to reanalyze"). But now it is being detected by Kaspersky. Any other questions?

[carlos88]

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

 

QtWebKit4.dll Trojan:Win32/Wacatac.C!ml in Microsoft Defender

Edited yesterday at 10:53 AM by carlos88

[harlan4096]

https://threats.kaspersky.com/en/threat/Trojan.Win32.Agent/?orig=Trojan.Win32.Agent.xcajyl&utm_content=ti&utm_campaign=ti&utm_source=opentip&utm_medium=referral&icid=ti

[AlexeyK]

1 минуту назад, carlos88 сказал:

Why did it detect this now?

Because KSN works, it analyzes new files and adds detections. But it's impossible to say for sure, maybe someone sent a sample to virlab.

By the way, someone just uploaded a file to TIP, and now there is a dynamic analysis.

[carlos88]

this is type of malware QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) Trojan.Win32.Agent.xcajyl the kind that modifies, deletes, or corrupts files on the PC?

[AlexeyK]

13 минут назад, carlos88 сказал:

this is type of malware 

You have been given a link to the Kaspersky verdict description, we don't have any other links. There are no malware analysts here, and we don't know what exactly this malware is doing. You are copying the Microsoft Defender verdict - it's some kind of general machine-learning detection.

[carlos88]

what good forum communitys malware analysts?

[harlan4096]

This is not a forum for malware analysis, but a Support forum. I would just change password of online services, also enable 2FA authentication in online services.

 

Also, there is a file with same name, that is legit:

 

https://systemexplorer.net/file-database/file/qtwebkit4-dll/1374096

[carlos88]

result test file

 

https://opentip.kaspersky.com/935CD9070679168CFCEA6AEA40D68294AE5F44C551CEE971E69DC32F0D7CE14B/results?tab=upload

[harlan4096]

If You check carefully, both files have different hashes...

 

[carlos88]

this malware found in defender and kaspersky has modifies, deletes, or corrupts files on the PC?

[harlan4096]

Looks like that file was just probably a leftover, not resident in memory (detected via on demand scan).

 

We can't know it that file was once running or active, so if Your system is working fine... did You get previous detections from Defender or Kaspersky related with different files?

[carlos88]

i never used defender some recent use, i used kaspersky free, malwarebytes free, adwcleaner scan no results infections

 

i post photo folder localized file

 

 

 

Edited 20 hours ago by carlos88

[harlan4096]

Remove manually that folder and done.

[AlexeyK]

@carlos88 And perform a full scan using Kaspersky and/or MS Defender. It's strange that you still don't want to delete this malicious file and carefully store it in a folder.)

[carlos88]

I deleted him

My question now is whether this file is actually malware or a false positive.
What is the real name and type of malware?
And does it modify, delete, or corrupt my personal files on my PC?

I performed a full scan with Kaspersky Free, Malwarebytes Free, and AdwCleaner a week or two ago with the software’s updated definitions database, but only Microsoft Defender found AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)

i posted virus total result sca above

[AlexeyK]

26 минут назад, carlos88 сказал:

My question now is whether this file is actually malware or a false positive.

The request has been sent successfully.)

[AlexeyK]

31 минуту назад, AlexeyK сказал:

whether this file is actually malware or a false positive.

The detection is correct, screenshot (browser translation). This file is malicious.

[carlos88]

because my kaspersky free, malwarebytes free, adwcleaner not detected i update definitions file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)
What is the real name and type of malware? in microsoft defender is Trojan:Win32/Wacatac.C!ml
And does it modify, delete, or corrupt my personal files on my PC?

Edited 3 hours ago by carlos88

[harlan4096]

https://trojan--remover-net.translate.goog/es/trojan-win32-wacatac/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=wapp

[AlexeyK]

29 минут назад, carlos88 сказал:

What is the real name and type of malware?

Wacatac.C!ml - this name means almost nothing except detection using machine learning. Just a generic verdict.

You will laugh, but VirusTotal's MS engine doesn't detect this file anymore. 😄