July 8, 2021

Two identical Trojans detected by Windows Defender at the same time (most likely clicked on something malicious twice), status of the first one is quarantined, status of the second one is failed/remediation incomplete – please help

When I restarted my laptop, the firewall I use – an open source app called Simplewall – launched automatically, as I’ve set it to do. I was prompted to update the app in the app itself (not an external notification), and when I clicked install, I received two notifications back to back from Microsoft Defender. Looking back, I think I clicked install twice because there was a slight lag the first time.

In protection history, both entries list the same basic info:

Detected: Trojan:Win32/Emali.A!cl

Affected items: C:UsersnameAppDataLocalTempsimplewall-simplewall-3.3.5.exe

The first one’s status is listed as quarantined, the second and most recent one’s status is listed as failed/remediation incomplete. What does this mean? A full system scan by Windows Defender and a full system scan by Malwarebytes both come back clean. I’ve received several notifications from controlled folder access over the past fifteen minutes though, listing various apps/processes that are being blocked:

– pcdrsysinfostorage.p5x (protected folder: DeviceHarddisk0DR0)
– svchost.exe (protected folder: DeviceHarddiskVolume1)
– VSSVC.exe (protected folder: DeviceHarddiskVolume1)
– DDVDataCollector.exe (protected folder: DeviceHarddisk0Dr0)
– SOSInstallerTool.exe (protected folder: DeviceHarddisk0DR0)

I recognize some of these processes because they pop up every now and then. The ones I don’t recognize are pcdrsysinfostorage.p5x, VSSVC.exe, and SOSInstallerTool.exe. All blocked actions are listed as low threat, but it’s still making me nervous.

What should my next steps be?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.