C
Clark_y
Guest
My friend was using my laptop and he clicked on a microsoft word file and Windows defender said that it was a threat so immediately we scanned it. He did not open the word file and I deleted the word file as well as the stated affected file in windows defender
Here's the status in the protection history
After that I decided to check event viewer to see what was going on and I saw this in the log:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Emotet.ARJ!MTB
ID: 2147747854
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-H1FST728\Mom Dad
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4
I see in the Process name that it's powershell? Does that mean it's infected? Another warning states that the Process name was unknown:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Emotet.VC!MTB
ID: 2147757854
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: LAPTOP-H1FST728\Mom Dad
Process Name: Unknown
Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4
What should i do? I also hope I can solve this remediation incomplete problem in protection history
More...
Here's the status in the protection history
After that I decided to check event viewer to see what was going on and I saw this in the log:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Emotet.ARJ!MTB
ID: 2147747854
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LAPTOP-H1FST728\Mom Dad
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4
I see in the Process name that it's powershell? Does that mean it's infected? Another warning states that the Process name was unknown:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Emotet.VC!MTB
ID: 2147757854
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: LAPTOP-H1FST728\Mom Dad
Process Name: Unknown
Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4
What should i do? I also hope I can solve this remediation incomplete problem in protection history
More...