BlueMustache

Estimable
Aug 5, 2015
9
0
4,510
Hello Tom's Hardware,
Today I mounted an ISO file, and and an autorun ran.
TrendMicro called it a generic Trojan and quarantined it.
I don't know exactly what went down, as I mounted it, then left the room for 5 minutes.
TrendMicro said to restart to finish getting rid of the Trojan.
I did so.
My question is, since real time scanning caught the file, did the file do any damage?
As far as I know, the exe would have run, and stuff could have been changed, or does Trend Micro act as a surrogate, and prevent the program from launching?
I would like to know if I should worry about files having been changed. Trojans are nasty, and I've been smart enough to evade viruses and malware for years. I have some data backed up, but not all. I don't want to infect my backups before I know what's going on.

Please help me put my mind at ease,
Thanks!
-Tom
 
Solution
I'm not sure if they changed from the malware or from some other reason, but im not sure why someone would want to edit those files.

And yes, a full scan normally covers all drives that are currently connected to the machine.

Eldy

Estimable
Jun 5, 2015
36
0
4,610
Its possible that it made changes but very unlikely. If it did make changes all i can really suggest is make sure all malicious files are removed from the computer (i suggest malwarebytes for doing this, but also doing a full system scan with your antivirus wouldn't hurt) and if nothing is found then you should be good. Apart from making sure there are no traces of any harmful software on your computer, there isnt really a bunch more you can do.
 

TMTOWTSAC

Estimable
Jun 27, 2015
97
0
4,610
You should be good. Trend Micro is antivirus software btw, and it looks like it did its job. The restart was probably to verify and restore any system files that the Trojan attempted to change, even if the Trojan was not successful.

Edit: And yeah, run another scan after restart, and also check your antivirus software's security report/logs etc for a breakdown of what happened.
 

BlueMustache

Estimable
Aug 5, 2015
9
0
4,510
Trend Micro didn't go indepth. I uploaded some of my open program exes to VirusTotal. The checksums are fine.
The only thing I noticed was a large hiber.sys, pagefile.sys, and swapfile.sys, which were all modified right before I restarted. Do those normally change?

I'm also running a full scan on my 2.5TBs of storage. Does fullscan cover all drives connected?
 

Eldy

Estimable
Jun 5, 2015
36
0
4,610
I'm not sure if they changed from the malware or from some other reason, but im not sure why someone would want to edit those files.

And yes, a full scan normally covers all drives that are currently connected to the machine.
 
Solution