Trojan.Downloader Detected

[Patrick2]

Hi There

Asked in another forum, which they recommended to use Defender after upcoming clean install,  Defender so far has quarantined the file which is TrojanDownload.JS/Nemucod.HC

 I can't do Clean install today, stuff to do, you know, anyways is it safe to use Avast if I choose to after Windows 10 Pro clean install?  Use Ms Edge and IE for browsing, how I got it, I'm not really sure, probably from a site I would guess, or email possibly

I can provide logs from all the scans I ran if need be, I just wanna feel comfortable the machine is totally clean, and doesn't spread to entire network of systems.   So in morning doing clean install

[Eddy]

https://forum.avast.com/index.php?topic=53253.0

[Patrick2]

Oops wrong area sorry there...

[Pondus]

Clean install of what?  ... wipe the computer and resinstall?

[Patrick2]

Yeah thinking doing that, Another forum suggested after clean install done, to stick with Windows 10 Defender,  I forgot I had Avast installed yesterday, should've asked here in the first place,  (last week or two was switching between Defender/Avast trying to decide which protection program to stay with, and may have gotten the infection then possibly, not sure)


Moral of the story is I guess I have to be more careful, stay with 1 Antivirus program.

[Pondus]

If you are going to reinstall then why all this?

[Eddy]

a .dat file can be detected as malicious, but it doesn't run without something else.
I suggest you provide the log files and let us have a look at them.
A good check will not hurt

As far as Defender or avast...
Defender has (to put it simple) just a database that is used to scan files.
avast has a lot more other protection methods than just a database (VPS).

[Patrick2]

Will do, Keep in mind original detection quarantined in Defender still, so maybe that is why other programs found nothing

[Rednose]

Hi Patrick

As far as providing log files, Eddy is meaning the log files from the sticky as well :

https://forum.avast.com/index.php?topic=53253.0

Greetz, Red.

[Patrick2]

Sure can do that, one moment here

*Note Getting Rest of the logs might be a bit, checking External drives as well, maybe not such a good idea lol, 500gb times x 2,  usb 2.0 speeds, rest of logs posted soon as possible though*

Checking externals will make sure files are fully clean anyways before full clean system install early tomorrow anyhow, last night I only checked Internal C Drive

[Michael (alan1998)]

To add to what Rednose mentioned, the main log needed was FRST.txt and Addition.txt.

[Patrick2]

Well I can provide those logs, but those showed clean when I ran those, wasn't sure if previous Antivirus removed the Threat fully, so went ahead with Clean PC install anyways, despite all the other scans and programs showed clean, can re run those scans, to make sure still clean though after data restored and such

[Pondus]

Well I can provide those logs, but those showed clean when I ran those

Do you know how to read those logs?

FRST is a diagnostic program and will not show any detection

[Patrick2]

Ohhh didn't know that, well that programs logs are posted now, will get rest posted in a few moments here, or after lunch....got a lot to learn still I guess on various programs, and such it appears, Still wonders if I hadn't switch to Defender if Avast would've seen the original threat, which I paniced on a bit, and ended up rushing thru Windows 10 Clean install, changed all account passwords even.   

Little back story on this situation

Had some folks in another forum telling me to stick with Windows Defender, Malwarebytes, and Malwarebyes Anti Exploit,  Well then I felt a little unsafe after Defender blocked a Severe Threat--Trojan Downloader, (exact name I can get easily), then reinstalled Avast remotely via Remote desktop from my phone that late night, didn't feel safe after that even, so decided to do a complete clean install, and so far so good

[Michael (alan1998)]

Ah, cheers. As Pondus mentioned these are custom logs. Most people can't read them.

@Pondus, have you PM'd dbrise?

@Patrick2, is this a commercial PC? The reason I ask is because you're running Windows 10 Pro, and you have a commercial version of Windows Defender. "Windows Defender Advanced Threat Protection"

More on that here: https://www.microsoft.com/en-us/WindowsForBusiness/Windows-ATP

Also, can you find this file: C:\Users\amdma\AppData\Local\Temp\sonarinst.exe

Scan it at www.virustotal.com and post results back here.

Someone else will take care of you, dbrisendine I'm sure.