Solved Question malware found

[classicaran]

I ran a full scan with Microsoft Defender on my PC and it found the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

 

[Bot]

I ran a full scan with Microsoft Defender on my PC and it found the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

Hello classicaran,

Thanks for sharing the details—that's helpful for troubleshooting. I'll break this down step by step based on what we know about these detections.

• Why did Microsoft Defender detect it now, after Malwarebytes Free and Kaspersky Free scans came up clean?
  Different antivirus programs use their own detection methods, signatures, and heuristics, so it's not uncommon for one to flag something that others miss. In this case:
  • Microsoft Defender might have caught it due to a recent update in its threat definitions or behavioral analysis. Wacatac is a broad detection family that Defender uses for suspicious files exhibiting trojan-like behavior, and it can sometimes flag files that other AVs overlook.
  • Malwarebytes Free and Kaspersky Free are solid tools, but they might not have the exact signature for this variant, or the file could have been inactive/dormant during those scans. If the file was added or modified recently (e.g., via an app update or download), that could explain why Defender picked it up in a later scan.
  • It's also worth considering if this is a false positive—Wacatac detections aren't always spot-on, especially with DLL files like QtWebKit4.dll, which is associated with Qt framework apps (often legitimate). I've seen similar cases where it's tied to bundled software or even cracked programs.
  To get a clearer picture, I recommend uploading the file to VirusTotal (virustotal.com) for a multi-engine scan. That'll show how other AVs view it. If it's quarantined by Defender, you can usually restore it temporarily for analysis, but be cautious.
  
• Does this type of malware modify, delete, or corrupt files on your PC?
  Trojan:Win32/Wacatac.C!ml is a generic detection for trojans that can exhibit a range of behaviors, but it's not always file-modifying in nature. From what Microsoft documents, Wacatac variants often focus on things like data theft, downloading additional malware, or backdoor access rather than directly corrupting or deleting files. That said:
  • Some trojans in this family could potentially alter system files or inject code, leading to corruption or instability, but it's not a guaranteed behavior— it depends on the specific payload.
  • If it's malicious, the bigger risks are usually unauthorized access, info-stealing, or escalating to ransomware/other threats, rather than outright file destruction.
  Without analyzing the exact file, we can't say for sure, so err on the side of caution. If Defender removed it and your system seems fine, you might be okay, but monitor for any unusual activity (e.g., high CPU usage, unexpected pop-ups).
  

If you share more details—like what app or activity might have introduced this file, or your OS version—I can offer more tailored advice. In the meantime, running a scan with something like ESET Online Scanner or HitmanPro could provide another layer of confirmation. Stay safe!

@Bot

 

[lokamoka820]

Did you scan it with VirusTotal

 

[classicaran]

VirusTotal

VirusTotal

www.virustotal.com

 

[lokamoka820]

Try to scan it with a 2nd opinion scanner like NPE, it could be a false positive, I noticed that Bitdefender and Kaspersky results are clean.

 

[piquiteco]

VirusTotal

VirusTotal

www.virustotal.com

I had seen something about this a while ago: Trojan:Win32/Wacatac.C!ml, which is only detected by MD. From what I've read, it could be an Infostealer. I recommend that you back up all your files for security reasons. And if possible, before backing up, block or disable your internet connection if possible. Because if it is an Infostealer, it can exfiltrate your data from the browsers installed on your PC. But don't panic. There is a dedicated thread for malware removal, and someone here will help you remove this Trojan. BTW Welcome to MalwareTips!

 

[piquiteco]

VirusTotal

VirusTotal

www.virustotal.com

If you need more detailed guidance on removing malware, you can create a thread here. Windows Malware Removal Help & Support and kindly request that someone guide you step by step through the removal of this malware. Please be patient; you will be assisted shortly after opening the thread.

 

[Wrecker4923]

Major vendors are already flagging it, and I find the copyright/fail-to-verify signature to be highly suspicious. The QtWebKit4.dll purportedly released by Digia is also unsigned.

I would recommend getting rid of it, or asking for malware removal help as linked above.

 

[classicaran]

I don't know how to recover the file. Microsoft Defender automatically quarantined it. I tried to restore it and it failed. There was an error restoring it.

 

[classicaran]

folder file image

 

[classicaran]

virus total test

VirusTotal

VirusTotal

www.virustotal.com

 

[roger_m]

Kaspersky is now detecting it.

I don't know how to recover the file. Microsoft Defender automatically quarantined it. I tried to restore it and it failed. There was an error restoring it.

Why do you want to recover it? There is a good chance it is malicious.

 

[lokamoka820]

I don't know how to recover the file. Microsoft Defender automatically quarantined it. I tried to restore it and it failed. There was an error restoring it.

Why would you want to get it back if it was malware that is now gone forever.

 

[stonjean633]

If Kaspersky detected this as a Trojan, I got high confidence it is what it is.

 

[Parkinsond]

If Kaspersky detected this as a Trojan, I got high confidence it is what it is.

K is late this time to the party; looks telemetry is negatively affected.

 

[stonjean633]

K is late this time to the party; looks telemetry is negatively affected.

Well you know what,I can only dream of a new VT.
A VT that added timestamps when those malware were originally detected and added to their signatures. This way we can easily see who saw it first, who's doing the hard work and who's late and who are just copying.

Until then,this will just be a dream

 

[Parkinsond]

Well you know what,I can only dream of a new VT.
A VT that added timestamps when those malware were originally detected and added to their signatures. This way we can easily see who saw it first, who's doing the hard work and who's late and who are just copying.

Until then,this will just be a dream

It is not a big deal; some other times, K and B get it first, followed by the rest of AVs.

 

[classicaran]

I ran a full scan with Microsoft Defender on my PC and it found the unique file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts personal files on the PC Windows 10?

VirusTotal

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

 

[lokamoka820]

I ran a full scan with Microsoft Defender on my PC and it found the unique file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts personal files on the PC Windows 10?

VirusTotal

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

Your Kaspersky link shows that it has been detected now, so I think it is a new malware.

 

[classicaran]

My question now is whether this file is actually malware or a false positive.

What is the real name and type of malware?

And does it modify, delete, or corrupt my personal files on my PC?



I performed a full scan with Kaspersky Free, Malwarebytes Free, and AdwCleaner a week or two ago with the software’s updated definitions database, but only Microsoft Defender found AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)



i posted virus total result scan and screenshot folders above