I got a popup from Windows Defender about a threat that was blocked and removed. The threat was: TrojanSpy:Win32/Ursnif!ml. The file path was:
C:UsersXXAppDataLocalTemptmp0000012ftmp0000b685.
Defender removed the issue so I think I am good. But I am confused on how I got this. I wasn’t doing much on my computer. I was watching YouTube. I ran a scan with Emsisoft Emergency Kit and Malwarebytes (before I even got this popup from Defender) and both of them didn’t find anything. It was only a minute or two after both of those scans finished that I got the Windows Defender notification about a threat. I wasn’t downloading anything, or visiting strange websites. I was just passively listening to a YouTube video and doing some AV scans that weren’t in relation to anything. Just my normal routine of scanning. No reason really behind the scans from MBAM and Emsisoft before I got the Defender popup.
I tried to get the file back that was quarantined just to throw it into Virustotal but I couldn’t get it back. I clicked “Allow” but it seems like the file is completely gone.