January 13, 2021

Should I Be Concerned? TrojanSpy:Win32/Ursnif!ml

I got a popup from Windows Defender about a threat that was blocked and removed. The threat was: TrojanSpy:Win32/Ursnif!ml. The file path was:
C:UsersXXAppDataLocalTemptmp0000012ftmp0000b685.

Defender removed the issue so I think I am good. But I am confused on how I got this. I wasn’t doing much on my computer. I was watching YouTube. I ran a scan with Emsisoft Emergency Kit and Malwarebytes (before I even got this popup from Defender) and both of them didn’t find anything. It was only a minute or two after both of those scans finished that I got the Windows Defender notification about a threat. I wasn’t downloading anything, or visiting strange websites. I was just passively listening to a YouTube video and doing some AV scans that weren’t in relation to anything. Just my normal routine of scanning. No reason really behind the scans from MBAM and Emsisoft before I got the Defender popup.

I tried to get the file back that was quarantined just to throw it into Virustotal but I couldn’t get it back. I clicked “Allow” but it seems like the file is completely gone.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.