When I restarted my laptop, the firewall I use – an open source app called Simplewall – launched automatically, as I’ve set it to do. I was prompted to update the app in the app itself (not an external notification), and when I clicked install, I received two notifications back to back from Microsoft Defender. Looking back, I think I clicked install twice because there was a slight lag the first time.

In protection history, both entries list the same basic info:

Detected: Trojan:Win32/Emali.A!cl

Affected items: C:UsersnameAppDataLocalTempsimplewall-simplewall-3.3.5.exe

The first one’s status is listed as quarantined, the second and most recent one’s status is listed as failed/remediation incomplete. What does this mean? A full system scan by Windows Defender and a full system scan by Malwarebytes both come back clean. I’ve received several notifications from controlled folder access over the past fifteen minutes though, listing various apps/processes that are being blocked:

  • pcdrsysinfostorage.p5x (protected folder: DeviceHarddisk0DR0)
  • svchost.exe (protected folder: DeviceHarddiskVolume1)
  • VSSVC.exe (protected folder: DeviceHarddiskVolume1)
  • DDVDataCollector.exe (protected folder: DeviceHarddisk0Dr0)
  • SOSInstallerTool.exe (protected folder: DeviceHarddisk0DR0)

I recognize some of these processes because they pop up every now and then. The ones I don’t recognize are pcdrsysinfostorage.p5x, VSSVC.exe, and SOSInstallerTool.exe. All blocked actions are listed as low threat, but it’s still making me nervous.

What should my next steps be?

submitted by /u/OnlyHat8
[link] [comments]

Go to Source of this post
Author Of this post: /u/OnlyHat8

By admin