Windows 10: severe threat is windows defender?! What?!

I dont get it is this false positive?





:)

 

Severe threat detected

Going by this example of the same infection,
CCleaner Backdoor Win32 Floxif

MalwareBytes' is all it took to clean it up. Malwarebytes Free

CCleaner was injected with that malware between certain dates, because Piriform's server was hacked. So if you still want to use it, uninstall that version and download the latest.

 

Severe threat detected

downloading cCleaner I had been running Windows Defender ,but it never showed any problems

 

I actually scanned with malwarebytes and found nothing yesterday

 

Personally I would select the 'Remove all' option, as it looks positive to me. This isn't the Windows Defender application itself, as that's located in C:\Program Files\Windows Defender\.

At a guess, I think the bottom location (FilesStash) is probably the location where Windows Defender is storing the file that it has quarantined.

The top location (LocalCopy) is where Microsoft has made it's own copy of the suspicious file, in order to prepare and send a copy of the file to Microsoft for sample submission and evaluate the file.

When I've had Windows Defender ask to send a sample file submission to Microsoft before, it makes it's own copy of the suspicious file. It then sends the files listed below to watson.telemetry.microsoft.com.nsatc.net, which ties in with the location in your screenshot:

\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{Identifier Number}-Filename.exe
C:\Users\USER\AppData\Local\Temp\MPSampleSubmit\client_manifest.xml
C:\Users\USER\AppData\Local\Temp\WER1C6.tmp.WERInternalMetadata.xml

You can read about the file that has been quarantined by Windows Defender here:
Trojan:Win32/Spursint.A!cl