If you decide to stick with Microsoft Defender, take a look at this tool and read the info carefully. Maybe it gives you more peace of mind:
Question malware found
- Thread starter classicaran
- Start date
- Featured
- Status
It is hard to achieve, that is why Windows re-install is the safest option.
Your antivirus logs will show that. But Kaspersky was already uninstalled. It might have done something with the dropper of this DLL.
Seems the OP is having doubts with his system. This reinstall might give him peace of mind. Just use Media Creation Tool. Easier and safer.
I don't see the need to reinstall Windows because I cleaned it with Microsoft Defender. The question is whether this malware DLL found by Defender in this photo folder is malware that corrupts, modifies, and deletes the personal files I downloaded in 2025 and copied to the external hard drive. I used Kaspersky Free until two weeks ago, and it didn't detect anything in the full scan. Then I downloaded the files without malware and copied them to the external hard drive. Then I uninstalled Kaspersky Free and activated Defender. I ran a full scan and found this malware. I removed it.
It's a Trojan meant for stealth access. It can do any of those.
To ensure nothing was modified is to compare the Hashes of the Original files in the Source of download and the files you have in the USB.
Time consuming-yes it is for that 250gb size.
There is no shortcut.
To ensure nothing was modified is to compare the Hashes of the Original files in the Source of download and the files you have in the USB.
Time consuming-yes it is for that 250gb size.
There is no shortcut.
Yes, you need to scan your entire PC and even your external hard drive to make sure that your PC and external hard drive are free of threats. Please follow the instructions provided by the members here in the forum to remove the malware, otherwise nothing will work. If you prefer, you can create a thread here. Windows Malware Removal Help & Support . Deleting just one .DLL does not mean that you have successfully removed this malware from your computer. There may be remnants in the Windows registry or malware remaining on your PC that only a dedicated tool can remove, as @Trident suggested above.
Check your user folders (Documents, Pictures, etc.) If there are encrypted files, then the malicious DLL has corrupted them, if they open normally, and you can view them, then the malicious DLL has not touched them.
I'm just going to leave this here.
Post in thread 'Question malware found' Question - Question malware found
These cases of anti-viruses not detecting files happen.
Often, the user is the culprit. They won’t tell you that and possibly they won’t even know, but most of the time on discussions that involve “this antivirus detected 5 trojans, the other one didn’t “, it is user fault and error.
Kaspersky may have asked you whether or not to remove and you may have chosen to leave it or create an excusion.
If the timestamps are correct, this was almost a year ago.
You won’t really remember what buttons you’ve clicked a year ago.
Other possible reasons could include Kaspersky settings being tampered with, heuristic checks lowered (or even disabled) or having entire modules disabled.
If Kaspersky was up and running and everything was configured properly (which I doubt) then the file was just unknown to Kaspersky. You may have disabled the cloud as well for privacy (for example you may have encountered some pro-privacy-fanatic instructions how to configure it for privacy). I wouldn’t be surprised.
We can’t really give you the full picture. If you don’t know what’s going on on your system, we know even less than you.
We have the file and we have a few screenshots, for us to be able to tell you what, why, when, we are gonna need the Kaspersky logs and configuration (which are already gone) and some other Windows logs (most of which are disabled by default).
As it was already noted by @Khushal , @Divergent, @stonjean633 and other users, the trojan is gone, removed and it is an infostealer built from the ground up for quiet and continuous exfiltration.
Whoever purchased a toolkit for ~50 bucks a month to build this infostealer has no interest whatsoever in damaging your files, games, mods and anything else that you keep on your drive.
The Lumma Stealer by Kaspersky and Eset is reported as very prevalent and the main 2 paths of arrival are fake captcha and pirated content. It is highly likely that you thought Kaspersky yet again was blocking some cracked content, you’ve switched off or excluded the file but it was actually real malware.
Lumma Stealer: A fast-growing infostealer threat
ESET Research reports a 369% rise in Lumma Stealer detections between H1 and H2 2024, highlighting to growing threat to consumers and businesses.
www.eset.com
How Lumma Stealer sneaks into organizations
During incident response activities, our GERT team discovered Lumma Stealer in a customer’s infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail.
securelist.com
Kaspersky can protect you from malware but it can’t protect you from happy clicking.
To avoid this in the future:
-do not visit the same websites
-do not exclude files
-the antivirus settings are not something that you open when you are bored and got nothing better to do. Anything that you don’t understand—you don’t touch. If you did touch, revert to defaults.
Last edited:
Many times when I downloaded a contaminated file, my Kaspersky Free would issue a malware alert. I would manually quarantine and delete it. I would keep its settings at default or improve them with an internet tutorial. I have already removed many malware with it. In this case, only this DLL remained on my Windows 10, and only Defender said it was a Trojan, but I don't know if it was operating by damaging the file system, corrupting, deleting, and modifying files. Every Trojan has the same behavior of invading and controlling the machine to make malicious changes. If I had known before, I wouldn't have uninstalled Kaspersky Free and looked for logs.
Can the Virus Total DLL test show any information about when this malware was removed and whether the malware was active or inactive when the DLL was found by Defender?
I don't know how to download the Virus Total test log.
Can the Virus Total DLL test show any information about when this malware was removed and whether the malware was active or inactive when the DLL was found by Defender?
I don't know how to download the Virus Total test log.
Last edited:
To help understand the communication breakdown, can you confirm if you are a person, using translation software, or if you're not seeing previous messages?
Friend i use translate software portuguese for english
Please translate this post.
Post in thread 'Question malware found' Question - Question malware found
- Status
You may also like...
-
-
Testing Orion Malware Cleaner Designed by Me- Started by Trident
- Replies: 8
-
Help Needed: Suspicious Activity & Possible Malware on Windows 10 PC- Started by Thomas Ellias
- Replies: 4
-
40+ Passwords Found in Data Breach - Help Me Understand What Actually Happened- Started by vaultedlogic
- Replies: 24
-
Testing real-time protection of antiviruses with 10.124 Sample- Started by Dexter_Morgan31
- Replies: 120