Microsoft Defender detected Trojan:Win32/Wacatac.B!ml

[Passi]

So yeah, I went to pull pictures from my dad's old HDD to my PC to then easily write to them to the new SSD. And while I was doing that, windows defender: "action required" Trojan:Win32/Wacatac.B!ml found in (HDD file).

So the ofc. I shut my PC down, disconnected it, and the rebooted.

Microsoft Defender doesn't seem to be upset anymore.

Is there a possibility that it infected my PC tho? 

Because it doesn't let me sleep, I will be away for the next 5 days that I am away...

 

I already let Malwarebytes run over my full data system, it seems all fine (only a couple of shit pup's (9 in the first scan) got detected.... Fucking Avira)

 

 

[OhYou_]

1 minute ago, Passi said:

from my dad's old HDD to my PC

how old, when was the drive last used?
 

 

Defender scans any drive you plug in by default and if any file on that drive matches a signature of a virus, it will quarantine it.
it also scans anything autorun tries to run before it is run.
theres no way for that particular trojan it detected to have done anything to your pc.
your only worry is any other potential viruses that may also exist
if the drive has been out of service for a year or two, it's a guarantee that any viruses that exist on the drive would already be in defender's list.

[Passi]

6 minutes ago, OhYou_ said:

how old, when was the drive last used?

The drive itself is a 2009 Hitachi 640GB HDD.

It was last used I think a year and a half ago

 

So I don't have to worry about my PC might be infected?

 

That's good to hear.

Can I somehow clean the drive to make it my backup without putting my PC at risk before it's cleared?

[OhYou_]

3 minutes ago, Passi said:

So I don't have to worry about my PC might be infected?

I myself would not worry about it, no.

there is no additional risk to be had by putting it back in your pc, just put it in and format it to erase everything.

[da na]

Chances are that was a false positive anyway. Even if it wasn't, the virus would not have run on its own - just formatting the drive would make it vanish forever.

[Mark Kaine]

this warning alone doesn't say anything tbh... what's the program and location its originating from (not the hard-drive,  the actual location on the disk) that's the important part.

 

defender calls everything it doesn't recognize a trojan lol... so this is impossible to say if you don't tell us what it actually is!

[OddOod]

99.9% chance you're fine. If you're hyper paranoid you can def just reinstall windows. But this is an absolutely ancient virus and it's definitely been patched. Same with any and all other viruses it might have picked up. 
If it were my old man, I'd def give him some ribbing over it.
 

1 hour ago, Passi said:

Can I somehow clean the drive to make it my backup without putting my PC at risk before it's cleared?

A quickformat will nuke any little nasties. Though given the age of the drive you should never trust it. I'd treat it as basically a big jump drive. Always nice to have, never to be trusted
 

32 minutes ago, Mark Kaine said:

defender calls everything it doesn't recognize a trojan

This is specifically incorrect. While Windows will warn before running unsigned programs, Defender only pops up if it detects a known malware signature. Sure, it will also proc on crypto miners, but given the ongoing existence of mass cryptojacking rings, it's not a bad idea and it's pretty easy to just add exceptions to those programs. 

 

 

34 minutes ago, Mark Kaine said:

impossible to say if you don't tell us what it actually is

I too would be curious. There is a pretty cool thing called VirusTotal where, for free, you can upload a file and see if it has/is a virus. If you do find the file and upload it, let us know!

[Mark Kaine]

13 hours ago, OddOod said:

This is specifically incorrect. While Windows will warn before running unsigned programs, Defender only pops up if it detects a known malware signature

nope *that* is definitely incorrect.

 

it has repeatedly called mods that don't even contain any executable code a "Tr0jAn!" (including ones i made myself on the very same system) 

 

its just textures dude, how could it be a "known signature"? 

[Mark Kaine]

14 hours ago, OddOod said:

too would be curious. There is a pretty cool thing called VirusTotal where, for free, you can upload a file and see if it has/is a virus. If you do find the file and upload it, let us know!

yep i always use defender,  any downloads etc get scanned with Malwarebytes additionally,  and in case something isn't quite clear, like a "pup, trojan, worm, etc, thats really just like some textures, trainers,  mods, etc..." gets scanned with VT... in 99% turns out its literally nothing and Defender and or Malwarebytes are just tripping again lol

[OddOod]

On 4/5/2024 at 9:58 AM, Mark Kaine said:

nope *that* is definitely incorrect.

k

[Passi]

On 4/5/2024 at 2:32 AM, Mark Kaine said:

this warning alone doesn't say anything tbh... what's the program and location its originating from (not the hard-drive,  the actual location on the disk) that's the important part.

 

 

"file: E:\users\(name of my dad's system)\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\00375BB

 

That file doesn't exist on my PC tho, only on the HDD.