New
#1
Defender keeps finding the same "Trojan downloader"
For the past week Defender has been going off for a TrojanDownloader:O97M/Donoff or TrojanDownloader:O97M/Dornoe.C!ams. I'm not sure how to stop this happening, I don't download random email attachments or anything like that but the description of it seems to suggest that's how it's executed. Malwarebytes isn't finding anything else besides PUPs.
The location always seems to be in a similar area in AppData:
Not sure what to do with this one. I feel like it might be a false positive, but then I don't know where the docs are coming from.PHP Code:
C:\Users\Craig\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\75\Facture_Num_J691534[673].doc