Trojan:Win32/Occamy.AA

Sweetsweetcorn said:

What did the Status: Failed literally mean? Does it mean that the malware failed to work, or that Windows Defender failed to deal with it?

I did a full drive scan with Malwarebytes and there was no relevant malware found.

- - - Updated - - -

If I do a system restore to a point before I installed what was on that .iso, it will likely remove any virus that came from that .iso?

And doing a system restore will not delete any of my files that I have made/modified since that restore point.. right? Only new programs that I installed or uninstalled?

- - - Updated - - -

So I did a system restore. That is not supposed to affect files, however some files that I had deleted before have resurfaced.

And some folders have sort of resurfaced partially... difficult to explain.

Is this possibly the working of a virus?

As previously stated - yes. Windows Security failed to deal with whatever it deemed to be malware. This is pretty common, especially among genuine encounters with sophisicated malware. Most well packaged malware will create this very issue whether your antivirus solution is Windows or Avast or ESET or BitDefender etc. When it fails it means that the files thought to be malware couldn't be quarantined, deleted, modified etc. Antivirus has built into it actions which work based on specific threats, call it a contingency plan of sorts. Depending on what the threat is your AV will act in certain ways in order to try and remove the threat or at least minimize it. When these fail your antivirus has basically ran out of options. It's now pretty much just a fancy looking program without any punching power. It is now useless and offers you no protection. And this is a genuine concern with ALL antivirus solutions as they really don't offer guaranteed solutions to malware threats like everybody believes. When and if you encounter malware that has been created very well you'll find antivirus is the first to fall. I guess situations like this can therefore become an eye opener. You're not as protected as you once thought you were.

To take this further, if the threat highlighted is not an actual threat and yet Windows Security failed to deal with it - what does that say about the protective abilities of Windows Security? The files in question could have been the latest greatest variant of malware, or be something completely benign and Windows Security failed to protect you either way. This is the reality of relying on antivirus protection. Antivirus really only does 5% of the job when it comes to security. The rest is down to the user. But the truth is peoples ability to protect and secure their own computers and networks has long since been dwarfed by the bad guys ability to attack and take advantage of the huge gap in knowledge and experience 99% of the world lacks when it comes to things like this.

All you can do is ensure that everyday you use your computer/network with the knowledge in the back of your mind that at any minute your peace of mind can be disturbed. What does that mean? Protect your computers and networks to the best of your ability. Keep as much sensitive information encrypted. Encrypt your devices. Make regular backups and ensure these backups ideally remain offline. Use software that allows you to configure them to harden them, such as browsers, email clients, messaging etc. Run sandboxing, virtual machine environments etc. Use your common sense and don't do stupid stuff. Learn about best practices that give you an edge when and if something comes along and causes you pain and misery in trying to fix everything.

You also didn't mention whether you ran Autoruns in safe mode w/ networking. I suggested that because this handy tool will be able to tell you what is starting when your computer starts up or you login. If this was malware the chances are it's tried to get a stranglehold over the operating of your system and it will do this by trying to gain persistence so that whenever your computer turns on, or you login etc the operations of the malware can be executed.

supermammalego said:

As previously stated - yes. Windows Security failed to deal with whatever it deemed to be malware. This is pretty common, especially among genuine encounters with sophisicated malware.

Unless we know what kind of software did user download it is impossible to judge who is to blame, user or anti virus?

Sweetsweetcorn said:

Well what happens if someone on this site admits to piracy. out of pure curiosity
- - - Updated - - -
I retract my thank from going to you, because you are blaming me/being rude.

My apologies, I didn't mean to offend you, I was replying to supermammalego because he seems to have problems with how Microsoft deals with security without taking real reasons into account, for example according to Microsoft:

Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in pirated software or in other files or programs that you might download.

I don't think it's against forums rules to tell you've been infected by dubious software and no my primary goal was not to offend you. I'm just being realistic here.

For more info see:
https://support.microsoft.com/en-us/...-other-malware

I suspect it is something you've found that is pirated, it nearly always is when encounters situations like this. Like I said genuine software doesn't usually come with these issues because the process from development to distribution is regulated far more than black market digital goods. I would just bare in mind that over using genuine software from genuine sources you'll always get malware time and time again from software and sources that are not genuine. I don't want to get into a debate about piracy though as it's down to you what you want to do.

The point is not what you downloaded but the potential situation that has presented itself as a result. In my opinion you're likely looking at a false positive. Some behaviour might be malicious to a certain extent but this could simply be down to whatever it is you have downloaded and what it does. Keygens and cracks by their very nature exploit vulnerabilities in software, some will take advantage of the operating system itself to garner a particular outcome. You could in some ways say these are security threats. AV picks up software like this as malware because of how stuff like this works. That being said most of the time the actions performed are purely to make software free, to manipulate the licensing/activation process, to modify installations to unlock features etc. They are not harmful to the system nor do they hack the system, most of the time anyway.

And you mentioned the file was from 2005. That is a LONG time ago now and you can guarantee that if this file has been around for so long it will have been long since flagged as malware by all known antivirus. This means you'd get far more than a handful of detections. Then again, image files are notoriously tricky to scan because you don't get to see what they contain and the damage they can do until malware has been executed from the image file. In order to execute the malware there needs to be a process in which the malware can be ran. Until then you're looking at flat packed files. You're only looking at a threat when the threat has been assembled. With an .exe it is clear what is happening as soon as it is executed because it will start behaving in certain ways. Moreover in ways that correspond to malware. An image file on the other hand is not an .exe (PE - Portable Executable) and therefore is dormant until it is used in conjunction with some other malicious action.

I would be pretty confident in saying you're probably looking at a false positive. There's very little chance this threat has gone so undetected for 15 years. The latest threats have a shelf life of a few months at the best, perhaps even less, before the security community have responded with solutions which then get implemented into security software everybody uses. Some may only have a few days as a window to cause as much damage as possible. Think about that and then compare that to this file from 2005. Unless it has been modified since then and injected with malware it's likely whatever is there has long since been detectable. We are talking Windows XP territory here. Only a year later did Windows Vista get released. That a LONG time for a threat to remain undetected.

- - - Updated - - -

zebal said:

Unless we know what kind of software did user download it is impossible to judge who is to blame, user or anti virus?

You're the only one looking to someone or something to blame. And unless you are a godlike virus scanner never seen before, or some equally powerful entity capable of knowing what every file on the planet contains and whether it's harmful or not how are you going to be able to tell someone whether it's malware? Even if it's pirated doesn't mean it's going to malware. Spurious and empty way of trying to deal with an issue if I've ever seen one. Seems like you just want to point the finger and get into a battle. Focus on the main problem at hand and not on trying to point score. This isn't a fight of the egos.

We had a discussion not so long ago about the reality of security software and the innate weaknesses of Windows. I don't know how many topics you really need to see before you start to see how small and insignificant Windows is when it comes to real threats out there in the world. You'll find millions of threads like this started by people all over the world and throughout the history of computing and especially the internet where computers/networks have potentially been compromised and antivirus software (whether Windows or not) has failed to act. Why isn't my antivirus working? Why didn't it stop the threat? You see this everyday in the real world. You see this everyday if you've ever done any amount of hacking whether completely beginner or otherwise. You're fighting a losing battle trying to convince me that since Windows inception all the issues faced with it's security have somehow been a fluke and completely exaggerated. You're looking at a situation now whether even if malware didn't exist the one security software responsible for dealing with it failed.

If you really want help you have to be willing to do whatever is requested. Or alternatively research ways in which you can test to see if your computer has been infected. I provided you with a way to check to see if your computer had things starting up but you haven't replied with a screenshot yet of what is scheduled to run when your computer is running. This is a very important part of checking to see if malware is on your computer as like I have said now several times it will attempt to remain on your computer by making changes. These changes will be reflected (usually) in what starts when your computer starts. At this point it's futile to continue trying to help because it seems like you simply want someone to give you all the answers without you having to engage in the process. No-one can help you if you are not willing to help yourself.

There are many ways you can check to see if you have been infected with malware. You can use Google as a great starting point for studying the basics of malware removal. And no, you're not safe enough but then again, no-one is. That is the reality we face living in a digital world that 99% of the population can just about understand by pressing a button to turn the computer on. When you're asking about file extensions in order to try and get answers for whether you've been infected with malware you're missing the point by a huge stretch.