Wacatac.H!ml found by Microsoft Defender but not anything else


This has been very interesting. Yesterday, I reported (here) that my copy of CrystalDiskMark64 had triggered a "Severe" trojan threat warning from Defender, and MBAM flagged it, too. MBAM quarantined it, and I deleted the files in MBAM.

Downloaded another copy, and the same triggers fired on both Defender and MBAM. Scrapped that copy of the software.

I have a copy on my other machine that has never triggered a threat warning, so I copied the files of that one to the "threatened" machine, and now all is well. Defender and MBAM scans are both clear. I have run CrystalDiskMark64 (portable) about ten times on the "threatened" machine now, and no flags have gone up.

If this trojan is, in fact, real, it's an odd trojan, to say the least. It didn't affect anything else on my machine, and all it took to get completely rid of it was deleting the source. Hmmm.

See also: CrystalDiskMarkPortable64: Trojan reported here
 

My Computers

System One System Two

  • OS
    11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i7-9700 @ 3.00GHz
    Motherboard
    Lenovo 3132
    Memory
    32GBDDR4 @ 2666MHz
    Graphics Card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    LG E2442
    Screen Resolution
    1920x1080
    Hard Drives
    1 x Samsung 970 EVO PLUS 500GB NVMe SSD, 1 x WD_BLACK SN770
    250GB NVMe SSD (OS and programs), 1 x WD_BLACK SN770
    500GB NVMe SSD (Data)
    Case
    Lenovo SFF
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Mouse
    LogiTech M510 wireless
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome, sometimes Firefox
    Antivirus
    Malwarebytes Premium & Defender (working together beautifully!)
  • Operating System
    11 Pro 23H2 22631.3374
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i5-8400 @ 2.80GHz
    Motherboard
    Lenovo 3132
    Memory
    32GB DDR4 @ 2600MHz
    Graphics card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek High Definition Audio onboard
    Monitor(s) Displays
    LG FULL HD (1920x1080@59Hz)
    Screen Resolution
    1920 x 1080
    Hard Drives
    1 x Samsung 970 EVO PLUS NVMe; 1 x Samsung 980 NVMe SSD
    Case
    Lenovo Think Centre SFF
    Mouse
    LogiTech M510 wireless
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome
    Antivirus
    Malwarebytes Premium and MS Defender, beautiful together
My advice would be to be wary of portable apps not offered by the app's author. And certainly to be wary of mirrors.
 

My Computers

System One System Two

  • OS
    11 Pro 23H2 OS build 22631.3296
    Computer type
    Laptop
    Manufacturer/Model
    Acer Swift SF114-34
    CPU
    Pentium Silver N6000 1.10GHz
    Memory
    4GB
    Screen Resolution
    1920 x 1080
    Hard Drives
    SSD
    Cooling
    fanless
    Internet Speed
    13Mbps
    Browser
    Brave, Edge or Firefox
    Antivirus
    Webroot Secure Anywhere
    Other Info
    System 3

    ASUS T100TA Transformer
    Processor Intel Atom Z3740 @ 1.33GHz
    Installed RAM 2.00 GB (1.89 GB usable)
    System type 32-bit operating system, x64-based processor

    Edition Windows 10 Home
    Version 22H2 build 19045.3570
  • Operating System
    Windows 11 Pro 23H2 22631.2506
    Computer type
    Laptop
    Manufacturer/Model
    HP Mini 210-1090NR PC (bought in late 2009!)
    CPU
    Atom N450 1.66GHz
    Memory
    2GB
if it is a portable app that Defender will not let you exclude at the file level, try putting it in a folder and see if Defender will let you exclude the folder. If that doesn't work, put it on a flash drive and disable Defender before you run it.
It's detecting the test files on the device I'm testing, I cannot exclude it.
I would think the app creates it's file in a folder somewhere whenever it is run. Surely it uses the same folder each time. Usually such apps create a folder in appdata. Just exclude that folder the app created.
OR
Turning off defender before you run the app should correct your problem since the app will create a new file each time it's run if its previous file has been removed. After Defender is turned back on, the next time it scans your computer it will remove the suspicious file from the 'whatever' folder, but the app will create it again the next time you use it. (as long as Defender is turned off at the time)
I am not willing to turn it on and off every 5 minutes.
Yup Defender flagged up the threat but I allowed it. 🤷‍♂️ Still scanning.

View attachment 56403
I allowed it too. It found it again the next time I ran it. The second time I said allow, but defender dozed off.
Just submitted the file to Ms (me not being lazy for a change) 🤷‍♂️

View attachment 56406
I didn't see a way to do that. AVG presents me with a button to report.
Perhaps it depends where you downloaded it? I suggest OP uninstalls it and gets a fresh copy straight from the horse's mouth.
I've been running it for a year and it's not detected by AVG, or indeed defender until the latest update. I find it hard to believe tit's a real virus sat there for a year doing no noticeable damage and MS only just spotting it.
wacatac virus even caught in wordweb dictionary app by Microsoft defender. just install other antivirus of your choice or ignore defender threats. i never care defender threats at all. i just exclude important folders from defender and move on. use virustotal.com if something feels like virus. defender is a joke.
Easiest just to install another AV program so defender is disabled.
Windows defender is actually way better than most AVs out there. But sometimes it is a bit "too good".
Too good is not good, it's bad. Like saying my car is really safe because it only goes 30mph.
 

My Computer

System One

  • OS
    Windows 11 Professional (not the cut down rubbish)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home built, of course
    CPU
    Ryzen 9 3900XT (on this one anyway, I have 8)
    Motherboard
    MSI X470 Gaming Plus Max
    Memory
    72G and 72GB and 64GB and 32GB and 32GB and 8GB and 8GB and 8GB
    Graphics Card(s)
    Fury and 12 Tahitis
    Sound Card
    People still use cards for those?
    Monitor(s) Displays
    7 of them.
    Screen Resolution
    All sorts.
    Hard Drives
    1TB NVME, 4TB rust spinner
    PSU
    Several kW
    Case
    Unimportant
    Cooling
    Big Zalman 6 inch thing
    Keyboard
    Really?
    Mouse
    Yes
    Internet Speed
    32Mbit/7Mbit
    Browser
    Opera
    Antivirus
    AVG
    Other Info
    [Crosses legs] Exactly what info are you looking for?
Too good is not good, it's bad. Like saying my car is really safe because it only goes 30mph.
Speed has nothing to do with this.

I'd rather get a few false positive every now and then, than not finding some infections or suspicious files. Once an infection gets foothold, it may be a matter of seconds before all data is gone, and not to forget stolen passwords and session tokens. May take months to recover from such disaster, and it could cost millions.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card
Speed has nothing to do with this.
I never said it did, that was an analogy!

I'd rather get a few false positive every now and then, than not finding some infections or suspicious files. Once an infection gets foothold, it may be a matter of seconds before all data is gone, and not to forget stolen passwords and session tokens. May take months to recover from such disaster, and it could cost millions.
Finding actual viruses with names is all I want. Whenever it gives it a generic name, it's just the heuristics guessing. I happen to use a lot of suspicious programs. Many of the Boinc science projects are suspicious, merely because they download other executables. Cracked software always triggers AV. Bitcoin wallets too.
 

My Computer

System One

  • OS
    Windows 11 Professional (not the cut down rubbish)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home built, of course
    CPU
    Ryzen 9 3900XT (on this one anyway, I have 8)
    Motherboard
    MSI X470 Gaming Plus Max
    Memory
    72G and 72GB and 64GB and 32GB and 32GB and 8GB and 8GB and 8GB
    Graphics Card(s)
    Fury and 12 Tahitis
    Sound Card
    People still use cards for those?
    Monitor(s) Displays
    7 of them.
    Screen Resolution
    All sorts.
    Hard Drives
    1TB NVME, 4TB rust spinner
    PSU
    Several kW
    Case
    Unimportant
    Cooling
    Big Zalman 6 inch thing
    Keyboard
    Really?
    Mouse
    Yes
    Internet Speed
    32Mbit/7Mbit
    Browser
    Opera
    Antivirus
    AVG
    Other Info
    [Crosses legs] Exactly what info are you looking for?

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card
Nope, mostly not...except when they actually contain malware. Nether does Bitcoin wallets.
Incorrect. My gridcoin wallet just triggered AV - the new installer for the update released yesterday.

Cracks always contain "malware". AV programs think that sort of tinkering is wrong. They are altering the code in another executable I suppose.
 

My Computer

System One

  • OS
    Windows 11 Professional (not the cut down rubbish)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home built, of course
    CPU
    Ryzen 9 3900XT (on this one anyway, I have 8)
    Motherboard
    MSI X470 Gaming Plus Max
    Memory
    72G and 72GB and 64GB and 32GB and 32GB and 8GB and 8GB and 8GB
    Graphics Card(s)
    Fury and 12 Tahitis
    Sound Card
    People still use cards for those?
    Monitor(s) Displays
    7 of them.
    Screen Resolution
    All sorts.
    Hard Drives
    1TB NVME, 4TB rust spinner
    PSU
    Several kW
    Case
    Unimportant
    Cooling
    Big Zalman 6 inch thing
    Keyboard
    Really?
    Mouse
    Yes
    Internet Speed
    32Mbit/7Mbit
    Browser
    Opera
    Antivirus
    AVG
    Other Info
    [Crosses legs] Exactly what info are you looking for?
Incorrect. My gridcoin wallet just triggered AV - the new installer for the update released yesterday.
And you're 100% certain it is a false positive?
Cracks always contain "malware". AV programs think that sort of tinkering is wrong. They are altering the code in another executable I suppose.
Incorrect! With background in studying, reverse engineering and cracking small apps for educational purposes during my assembly and security studies, I can 100% guarantee that you're completely wrong.

Always is a too strong word here.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card
Only AV trigger I have had in the past 9 years, is one single file, and this is a 5.5MB Zip file which I know contains malware. It is a study file. 😄
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card
And you're 100% certain it is a false positive?
Gridcoin is not a virus.

There are fake bitcoin apps which do work for other people, to earn them coins from your electricity. The AV has difficulty telling them apart.

Incorrect! With background in studying, reverse engineering and cracking small apps for educational purposes during my assembly and security studies, I can 100% guarantee that you're completely wrong.

Always is a too strong word here.
English isn't that precise. And it depends on how fussy the AV is. Presumably most cracks alter the program's executable, they're patches. that tends to trigger AV. Of course some just replace an executable.
 

My Computer

System One

  • OS
    Windows 11 Professional (not the cut down rubbish)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home built, of course
    CPU
    Ryzen 9 3900XT (on this one anyway, I have 8)
    Motherboard
    MSI X470 Gaming Plus Max
    Memory
    72G and 72GB and 64GB and 32GB and 32GB and 8GB and 8GB and 8GB
    Graphics Card(s)
    Fury and 12 Tahitis
    Sound Card
    People still use cards for those?
    Monitor(s) Displays
    7 of them.
    Screen Resolution
    All sorts.
    Hard Drives
    1TB NVME, 4TB rust spinner
    PSU
    Several kW
    Case
    Unimportant
    Cooling
    Big Zalman 6 inch thing
    Keyboard
    Really?
    Mouse
    Yes
    Internet Speed
    32Mbit/7Mbit
    Browser
    Opera
    Antivirus
    AVG
    Other Info
    [Crosses legs] Exactly what info are you looking for?

Latest Support Threads

Back
Top Bottom