Question malware detected other software

2025-10-10T15:40:58Z

Hum I don't think that happened, such a level of system modifications would have triggered K. System Watcher module.

2025-10-10T15:56:42Z

It's already been removed. My concern is whether this malware AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) detected by Microsoft Defender corrupted, deleted, or modified my personal files, especially the compressed ones. Before testing with Defender, I used Kaspersky Free as my main antivirus, but I also scanned with Malwarebytes Free and Adwcleaner, and according to all of them, the system was clean and without anything. I downloaded a lot of games, ISOs, emulators, and programs, totaling 250GB, and copied them to an external hard drive. Only after that did I switch from Kaspersky Free to Defender because Kaspersky Free was no longer free. In the first full scan of Microsoft Defender, this malware was found. So, after cleaning, will I have to download everything again to ensure they are intact and copy everything again to the four external hard drives? On VirusTotal, this same malware found by Defender has several different names for different antiviruses. It's hard to tell what it actually is, but I posted the test results at the beginning of the thread, along with a screenshot of the folder where it's located.

Because they said Kaspersky was one of the best antiviruses, I thought this also applied to the free version, but I think it's only the paid version. I used the free version for years, and from what I see in the file folder, it's been on my PC since 2024.

2025-10-10T16:03:04Z

As I already told You, that file probably was inactive as a leftover... also, no antivirus firm is 100% even "being the best av"...

2025-10-10T16:05:21Z

35 минут назад, carlos88 сказал:

And Kaspersky Free real-time protection didn't do anything because it didn't have a signature when I updated and started the full scan?

Real-time protection and full scanning are different processes. Yes, it didn't have a malware file signature.

You may install Kaspersky Free again, update the databases, and perform a full scan. If it finds nothing - you don't need anything else. Perhaps this file wasn't used at all, but only laid quietly in the folder.

35 минут назад, carlos88 сказал:

All of my personal files on these PCs and copied to an external hard drive were altered by this malware and need to be redownloaded?

Most likely, everything is fine with files. If there are documents, photos, archives, etc. - just open some number of them and check.

Edited yesterday at 04:07 PM by AlexeyK

2025-10-10T16:31:36Z

Also and in addition to @harlan4096 , a DLL is not directly running unless it’s solicited.

2025-10-10T17:18:24Z

When I used Kaspersky Free, there was no signature for the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) in the Kaspersky database. They use a different name.

Without a signature, what would real-time protection do if this file was active and damaging the PC? The full scan didn't detect anything.

I thought if the scan didn't detect anything, then real-time protection was letting the malware pass through and modify the file system.

In my case, what could have happened? The Malwarebytes scan also didn't detect anything.

2025-10-10T17:26:16Z

@carlos88

For privacy reasons we don’t request system logs but without detection from Kaspersky your system is clean.

2025-10-10T17:31:17Z

10 минут назад, carlos88 сказал:

In my case, what could have happened?

It seems to me that in your case could happened too much anxiety. 🙂

2025-10-10T17:49:07Z

28 minutes ago, carlos88 said:

When I used Kaspersky Free, there was no signature for the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) in the Kaspersky database. They use a different name.

Without a signature, what would real-time protection do if this file was active and damaging the PC? The full scan didn't detect anything.

I thought if the scan didn't detect anything, then real-time protection was letting the malware pass through and modify the file system.

In my case, what could have happened? The Malwarebytes scan also didn't detect anything.

You said in Your 1st post, the file was detected in a full scan (on demand scan) of Defender, but not in real-time, so that file clearly was inactive in that folder, as already told, probably a leftover or remnant of a previous detection.

2025-10-10T18:16:45Z

I just uninstalled Kaspersky Free and activated Defender, and there was no alert message. But after I started a full scan with Defender, it found this file.

When I used Kaspersky Free, it didn't issue any alerts about this file, and it didn't appear as malware in the full scan.

2025-10-11T15:38:58Z

@carlos88

Please avoid bumping, thank you.

2025-10-11T15:39:29Z

What additional info do You want? We have already told You all our thoughts, even also in MalwareTips thread, the malware is already detected, also I sent some suggestions about passwords after the "possible infection".

Yes, Defender detected that file, BUT on demand, not with real-time, so AGAIN, probably was no active at that moment... just stop posting again and again the same... what else do You want us to reply? 🤷‍♂️

2025-10-11T15:47:47Z

Thank you all guys. Sorry to bother you, I'm a newbie. I have a lot to learn about antivirus software.

Microsoft Defender's full scan only found this DLL, and I thought that any infected file puts the PC at risk of being hacked, deleted, or modified.

I also thought that a well-known antivirus like Kaspersky Free and Malwarebytes didn't detect this DLL in the scan. Their database was up-to-date, but these antiviruses don't recognize this malware. Without the database signature for this malware file, would Kaspersky Free's real-time protection, a few weeks ago, have been able to block these changes generated by this malware?

2025-10-11T15:52:43Z

As I already told You, no antivirus is 100%, there are lots of daily new malware a day, so it's impossible to cope them all immediately, yes, this time Defender was faster, but that won't happen always hehe... also, Kaspersky Free has some shortcomings, paid product can be customized with stronger tweaks to avoid that type of attacks.

2025-10-11T15:56:13Z

In my case, in my situation and your experience, what may have happened to me is that this dll file was present on my PC since 2024.

i used kaspersky free and malwarebytes free in period

Edited 4 hours ago by carlos88

2025-10-11T16:02:08Z

We can't know exactly, maybe only by the folder date/time of creation, but not necessary, this can be changed.

But as You told, You download very risky stuff: ISO's, emulators, etc. and probably many come with infected cracks, keys gens, patches, etc. probably from torrent networks...

So, I would scan all those stuff with different tools before installing them, even I would install them 1st in a virtual system to check them before You go to Your host system.

2025-10-11T16:08:12Z

Also , I assume that the DLL is not showing up in the task manager ?

2025-10-11T16:09:52Z

I very rarely download cracked software. When I download it, the antivirus detects it, and I remove it.

These ISO, compressed, and EXE files, totaling 250GB, were downloaded from trusted sources. No malware.

I don't know what placed that file and folder in the DLL file found by Microsoft Defender. My concern is whether the Trojan detected by Defender will alter, corrupt, or delete some of these files (250GB).

2025-10-11T16:23:01Z

That malware probably it is a stealer, that's why I told You suggestion to change passwords of Your online services.

Not all malware have to corrupt, delete or encrypt Your files, there are others that are more stealthy...

2025-10-11T16:27:28Z

Yes, I will change the passwords.

But what malware is this? Is it just a stealer, or does it also remove, modify, and corrupt personal files in hdd and ssd? It has many names, but the behavior is the same?

Edited 3 hours ago by carlos88

2025-10-11T16:28:49Z

On 10/10/2025 at 1:58 PM, harlan4096 said:

https://trojan--remover-net.translate.goog/es/trojan-win32-wacatac/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=wapp

Did You visit that link I posted before?

2025-10-11T16:35:34Z

The link this malware refers to a backdoor. If the hacker has access to the system, he can delete, corrupt, and modify files.

2025-10-11T16:40:55Z

But did You notice the behaviors described there in Your system?

2025-10-11T18:27:57Z

I've now switched to Microsoft Defender because Kaspersky Free will be deactivated by the company. A few months or last year, some people accessed my Mega.nz accounts in other countries. I don't know how they accessed them, but I recently changed my password, and this didn't happen. I don't know if it was a leak within Mega or malware, but during this period, I always used Kaspersky Free and completed a regular complete scan.

That's why I was concerned about this QT DLL found with Microsoft Defender after I uninstalled Kaspersky Free.

Question malware detected other software

Recommended Posts

harlan4096

carlos88

harlan4096

AlexeyK

Berny

carlos88

Berny

AlexeyK

harlan4096

carlos88

Berny

harlan4096

carlos88

harlan4096

carlos88

harlan4096

Berny

carlos88

harlan4096

carlos88

harlan4096

carlos88

harlan4096

carlos88

Please sign in to comment

Forum

Products

Support

Personal Account