Found traces of Malware when PC was being repaired.

[Whateverchan]

I sent my PC to a repair shop last week to fix some issues. Everything went well after that. Today, I was checking Windows Defender, and noticed that there were trojan in my PC, and it was found last Wednesday, while it was at the shop.

 

https://i.ibb.co/5kPGHDJ/pc.png

https://i.ibb.co/qr6QpCY/pc2.png

 

The Zbot has been removed, but there wasn't an option to remove the trojan. I ran a full scan with WD and MalwareByte just now, and found nothing, either. No risks, no malware, no virus, nothing. The guy said he only reinstalled some drivers, updated bios, and ran some test programs. And it wasn't a virus-related issue, either. Notice that it says D drive. My drives are C and X. I haven't asked him about this yet. Not sure how to ask him so I don't sound like I'm accusing him of installing malware on my PC. But these were found and quarantined while he was fixing it. I'm not sure if he accidentally went into some shady websites or this is just a coincident. But I remember checking my history, and there wasn't any suspicious link, either. I also did scan my PC before sending it in, and didn't see anything odd. I'm more worried about the trojan. It says remediation incomplete? What do I do now?

 

Thanks in advance for any help.

[JamesHewitt]

Tbh with it being an exe and downloaded directly to a drive and not hidden in some weird program, It does seem like the shop done it.

 

Does google reviews of the location have anything similar?

[Whateverchan]

30 minutes ago, JamesHewitt said:

Tbh with it being an exe and downloaded directly to a drive and not hidden in some weird program, It does seem like the shop done it.

 

Does google reviews of the location have anything similar?

Let me ask him. And no, other reviews were good. Which is why I took it to that shop. But then... the hell is this D drive?

 

Anything else I need to do with the trojan?

[Vishera]

5 minutes ago, Whateverchan said:

But then... the hell is this D drive?

If you don't have a D: drive,maybe at some point the shop plugged an infected drive into your PC.

[Whateverchan]

24 minutes ago, Vishera said:

If you don't have a D: drive,maybe at some point the shop plugged an infected drive into your PC.

He said not to worry about the message, the file was removed.

Let me ask back if he plugged in another drive or installed something.

 

He responded: sometimes cookies, but security essentials deleted, only left a message. 

 

What...?

 

I asked again if he plugged in another drive or installed anything. He said no.

 

So, what else do I have to do?

[Vishera]

1 hour ago, Whateverchan said:

He said not to worry about the message, the file was removed.

Let me ask back if he plugged in another drive or installed something.

 

He responded: sometimes cookies, but security essentials deleted, only left a message. 

 

What...?

 

I asked again if he plugged in another drive or installed anything. He said no.

 

So, what else do I have to do?

His response doesn't make any sense.

I suspect that he connected an infected USB drive to the machine,since Windows Defender points to a drive that you don't have.

Windows Defender scans every drive you connect so it probably detected the virus the moment it was connected.

It's all speculation but it's plausible.

 

1 hour ago, Whateverchan said:

So, what else do I have to do?

A lot of people choose the nuclear option in situations like that,just to be safe,

But it's possible that all is fine now.

 

At the end of the day it's your call.

[Whateverchan]

3 minutes ago, Vishera said:

I suspect that he connected an infected USB drive to the machine,since Windows Defender points to a drive that you don't have.

I guess, but even in that case, he didn't have to lie to me...

I can disregard the remediation incomplete trojan, too?

[Vishera]

2 minutes ago, Whateverchan said:

I guess, but even in that case, he didn't have to lie to me...

There are a lot of possible reasons why he said what he said,but that doesn't excuse the lack of transparency. 

6 minutes ago, Whateverchan said:

I can disregard the remediation incomplete trojan, too?

I guess so,The drive is not there so now there is no way for Windows Defender to remove files from there

Do a full scan just to be safe.

[Whateverchan]

2 minutes ago, Vishera said:

Do a full scan just to be safe.

I did. With both WD and MB. Well, I only have expired trial version of MB, if that matters. It can still clear malwares, right?

[Vishera]

1 minute ago, Whateverchan said:

I did. Well, I only have expired trial version of MB, if that matters. It can still clear malwares, right?

As long as the data base is updated it will be fine,but first try a full scan with Windows Defender.

[Bitter]

Sometimes Windows flags things as malware that are not. I had to add an exclusion for a program that tests for fake flash drives because Windows didn't like how it was accessing hardware, it's possible a software he used in testing may have that issue with a false detection?

[Whateverchan]

9 minutes ago, Vishera said:

As long as the data base is updated it will be fine,but first try a full scan with Windows Defender.

Did a second full scan. No threat. Nothing...

[Vishera]

7 minutes ago, Whateverchan said:

Did a second full scan. No threat. Nothing...

Did you do a full scan or a quick scan?

Full scan is more thorough.

[Whateverchan]

Just now, Vishera said:

Did you do a full scan or a quick scan?

Full scan is more thorough.

 

Full scan, for sure. Both times.

[Vishera]

1 minute ago, Whateverchan said:

 

Full scan, for sure. Both times.

So far things seem fine.

[Bitter]

I've also had phantom positives before, experienced an issue with a work PC where Windows defender kept saying it took action on something in notifications but there was never anything there in the logs and scans returned nothing. Eventually it quit happening after a few months and some updates.