Jump to content

Recommended Posts

Posted (edited)

I just downloaded ImgBurn from the ImgBurn mirror site.  During the install Windows Defender identified a trojan, namely Trojan:Win32/Wacatac.D!ml.  It says it was incompletely "remediated".  In other words, I guess Defender did not completely remove it.  There is no "delete" or "remove" or even "quarantine" available. My only option in Defender is to "allow" the  program to make changes.  That seems really bad.  It tells me the affected file is: C:\Users\dad\AppData\Local\Temp\ns1FBABC9C\ctn3y\zhw1.exe.  When I look for that file, it doesn't exist.  Why is this trojan in the official download?  Any advice on what to do?

Edited by X-ray Doc

Share this post


Link to post
Share on other sites

Are you sure you downloaded the correct file?

Does the MD5 of the file you downloaded match the one shown on the website?

Share this post


Link to post
Share on other sites
Posted (edited)

The MD5 and the other two lines are the same.  If you suspect Installcore, what can be done?  There has to be a safe way to install your program if the program is trojan free.

I don't remember now if I chose "save" or "run" when I downloaded ImgBurn.  Would choosing save and then double clicking your file afterwards avoid this problem?

Edited by X-ray Doc

Share this post


Link to post
Share on other sites

The other 6 mirrors host files without installcore... or at least were originally given a version without it.

Opting to save or run makes no difference.

Share this post


Link to post
Share on other sites

Houston, we've got a problem!

As a test, I uninstalled ImgBurn, rebooted, then reinstalled from the saved exe.  At the end of the installation I got the same pop up message from Windows Defender saying there was a Trojan.  Below is a screen shot of the second installation.  This time Defender gave me the option to "remove" or "restore".  The first time my only option was to "allow" the threat.  Something isn't right.

Any advice?

Windows Defender Trojan Screen Shot.jpg

Share this post


Link to post
Share on other sites

I just downloaded and installed from Mirror 5.  The downloaded file was named slightly different with "clean" at the end.  It installed without upsetting Windows Defender!

Share this post


Link to post
Share on other sites

×

Important Information

By using this site, you agree to our Terms of Use.