Jump to content

Trojan?


X-ray Doc

Recommended Posts

I just downloaded ImgBurn from the ImgBurn mirror site.  During the install Windows Defender identified a trojan, namely Trojan:Win32/Wacatac.D!ml.  It says it was incompletely "remediated".  In other words, I guess Defender did not completely remove it.  There is no "delete" or "remove" or even "quarantine" available. My only option in Defender is to "allow" the  program to make changes.  That seems really bad.  It tells me the affected file is: C:\Users\dad\AppData\Local\Temp\ns1FBABC9C\ctn3y\zhw1.exe.  When I look for that file, it doesn't exist.  Why is this trojan in the official download?  Any advice on what to do?

Edited by X-ray Doc
Link to comment
Share on other sites

The MD5 and the other two lines are the same.  If you suspect Installcore, what can be done?  There has to be a safe way to install your program if the program is trojan free.

I don't remember now if I chose "save" or "run" when I downloaded ImgBurn.  Would choosing save and then double clicking your file afterwards avoid this problem?

Edited by X-ray Doc
Link to comment
Share on other sites

Houston, we've got a problem!

As a test, I uninstalled ImgBurn, rebooted, then reinstalled from the saved exe.  At the end of the installation I got the same pop up message from Windows Defender saying there was a Trojan.  Below is a screen shot of the second installation.  This time Defender gave me the option to "remove" or "restore".  The first time my only option was to "allow" the threat.  Something isn't right.

Any advice?

Windows Defender Trojan Screen Shot.jpg

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.