Advice Request EEK Files Detected as Malware by Microsoft Defender

Please provide comments and solutions that are helpful to the author of this topic.

blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I have used Emsisoft Emergency Kit a lot in the past. I may not use it as a common 3rd party scanner for now in combination with Microsoft Defender. Any time I run an update and scan Defender deletes some of the signatures during the scan. Emsisoft has confirmed it's a false positive on Defender's part, but I don't know what effect this is having on the scan for EEK. Just a heads up to anyone using it. Interestingly it is the first Real Time block I've ever seen from Defender. Apparently they changed something and made it more sensitive.

CaptureTrojan.PNG
 
Last edited by a moderator:
  • Like
  • Wow
Reactions: Trident, Venustus, Nevi and 9 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Is it this thread you're referring to? That was already in December 2020 and it's still happening. Hmmm. Well it wouldn't do much good to log into there only to say, "hey, here's another Trojan notification from Defender after running EEK" b/c the rep maintains it's on Microsoft's end.

If I was using EEK presently, this would turn me right off. I mean: who needs this? Would it be worth submitting a false-positive report to Microsoft? Probably someone already did. :unsure::whistle::coffee: Annoying, imo.
 
  • Like
  • +Reputation
  • Thanks
Reactions: Venustus, Nevi, blackice and 6 others
blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
plat1098 said:
Is it this thread you're referring to? That was already in December 2020 and it's still happening. Hmmm. Well it wouldn't do much good to log into there only to say, "hey, here's another Trojan notification from Defender after running EEK" b/c the rep maintains it's on Microsoft's end.

If I was using EEK presently, this would turn me right off. I mean: who needs this? Would it be worth submitting a false-positive report to Microsoft? Probably someone already did. :unsure::whistle::coffee: Annoying, imo.
Click to expand...
Good find. I guess that’s around when I built my new computer and hadn’t loaded all my second opinion scanners yet. EEK is going to come off my machines running MD for now. It was super unnerving to get the Trojan warning, now knowing what it is it is just annoying and doesn’t instill confidence.
 
  • Like
  • Applause
Reactions: Venustus, Nevi, upnorth and 4 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Interesting report, even if of course EEK is no malware. That's way too far fetched, but if it constant happens, it wouldn't hurt to send Emsisoft a new report about it. I just read the linked one from member @plat1098 and that case is 100% solved as the culprit was adwcleaner.
support.emsisoft.com

Emsisoft Help

support.emsisoft.com support.emsisoft.com

I personal have zero issues with EEK, and other then it's updates can be somewhat slow and some parts of the UI could be improved, I'm not gonna throw it out the system. Also makes me extra happy I use another AV ( not Microsoft Defender and not Emsisoft btw :p ) as my default.
 
  • Like
Reactions: Zartarra, Venustus, plat and 5 others
blackice

blackice

Level 39
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
upnorth said:
Interesting report, even if of course EEK is no malware. That's way too far fetched, but if it constant happens, it wouldn't hurt to send Emsisoft a new report about it. I just read the linked one from member @plat1098 and that case is 100% solved as the culprit was adwcleaner.
support.emsisoft.com

Emsisoft Help

support.emsisoft.com support.emsisoft.com

I personal have zero issues with EEK, and other then it's updates can be somewhat slow and some parts of the UI could be improved, I'm not gonna throw it out the system. Also makes me extra happy I use another AV ( not Microsoft Defender and not Emsisoft btw :p ) as my default.
Click to expand...
It’s the strangest thing. I can run a scan and watch files pop into their temp folder and almost every time 2 of them are detected by Microsoft Defender. Kind of interesting watching it happen in real time. According to Emsisoft they use that temp folder to unload the updated Bitdefender signatures. Definitely put my mind at ease about it being something else.

Upon rereading their reply they say that is during the update, but I get the detection during a scan. So, maybe I need to revisit with Emsisoft. In fact I just realized both times I left the EEK ‘installer’ in my downloads folder. I think it’s possibly Defender detecting Emsisoft scanning it’s own install file. Similar to the thread @plat1098 found.
 
  • Like
Reactions: Ville, Zartarra, Venustus and 6 others
C

Can't Decide

Level 1
Dec 15, 2023
37
blackice said:
I have used Emsisoft Emergency Kit a lot in the past. I may not use it as a common 3rd party scanner for now in combination with Microsoft Defender. Any time I run an update and scan Defender deletes some of the signatures during the scan. Emsisoft has confirmed it's a false positive on Defender's part, but I don't know what effect this is having on the scan for EEK. Just a heads up to anyone using it. Interestingly it is the first Real Time block I've ever seen from Defender. Apparently they changed something and made it more sensitive.

View attachment 253240
Click to expand...
Not Sure should I make a new thread or post here, but I decided to post here since I got there same problem as @blackice last week and it only happen when it scanning DDrive. But it got 2 files got detected and removed as Trojan:Script/Wacatac.B!ml & Trojan:Win32/Wacatac.B!ml. I tried full scan again, this time only 1 files detected and removed as Trojan:Win32/Wacatac.B!ml. It got detection and Since this never happen before so I full scanned it with Malwarebytes, adWCleaner, Eset online scanner and Windows defender all come out nothing.

I also confirm it's inside EEK temp folder when it scanning.

Thus can I assume it false positive and not infected? Or do I need to submit to Microsoft to check whether is false positive or not?
 

Similar threads

O
    • Like
Serious Discussion Microsoft Defender Antivirus and firewall = 100 % clean?
Replies
44
Views
2,542
General Security Discussions
lokamoka820
lokamoka820
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
1,183
Windows Malware Removal Help & Support
Can't Decide
C
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
3,284
Video Reviews - Security and Privacy
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top