Announcement

Collapse
No announcement yet.

trojan script Wacatac.H!ml.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    trojan script Wacatac.H!ml.

    Just in case anybody else encounters this. Windows Defender flagged a couple of VRay dlrs for trojan script Wacatac.H!ml.

    Uninstalling VRay, rebooting then reinstalling seems to have fixed it.

    Click image for larger version Name: キャプチャ.png Views: 462 Size: 35.5 KB ID: 1181783

    Tags: None
  • #2
    Uninstalling VRay, rebooting then reinstalling seems to have fixed it.
    If those files had been infected, your doing the above would have surely cleaned them.
    Your PC may have other issues, be wary.
    Lele
    Trouble Stirrer in RnD @ Chaos
    ----------------------
    emanuele.lecchi@chaos.com

    Disclaimer:
    The views and opinions expressed here are my own and do not represent those of Chaos Group, unless otherwise stated.
    • Likes 1

    Comment

    • #3
      Will do. Thanks.
      • Likes 1

      Comment

      • #4
        Well this is a pain.
        Now I'm getting the same warnings for other VRay files. vrayclipper, vrayinstancer, vraymetaball. I tried uninstalling and reinstalling without a reboot (I have a process running I can't stop right now), and windows defender picked the same files up as infected on booting max. Surely this is a false positive?
        • Likes 1

        Comment

        • #5
          Did you scan your whole drive and see if any other files are showing this infection? It would be odd for malware to infect ONLY VRay (and make me think false positive).

          More info here, and a suggestion for testing your binaries online:
          https://www.makeuseof.com/windows-wacatac-trojan/
          Last edited by Joelaff; 25-05-2023, 09:34 AM.
          • Likes 1

          Comment

          • #6
            I ran a full scan for a couple of hours and nothing came up. I'm just running another scan of the system drive. Nothing yet.
            • Likes 2

            Comment

            • #7
              Originally posted by Joelaff View Post
              Did you scan your whole drive and see if any other files are showing this infection? It would be odd for malware to infect ONLY VRay (and make me think false positive).

              More info here, and a suggestion for testing your binaries online:
              https://www.makeuseof.com/windows-wacatac-trojan/
              Thanks for the link. Makes me think it is a false positive. I've done nothing at least on that list that would have got my PC infected.

              Comment

              • #8
                Bugger it. Defender gives me the warning on a fresh install that I've used many times before. The page you linked gives a negative. I haven't got time for this. I'm adding a folder exception.

                Thanks both of you for the help.

                Comment

                Previous template Next
                Working...
                X