Windows 10: trojan:script/foretype.a!ml attached to Chrome???? False?? Is it gone now? How to...

Okay so this morning I got an alert from Windows Defender, out of nowhere, that they detected a threat on my device and quarantined it. When I checked it read to be "trojan:script/foretype.a!ml" located at C:\Users\Name\AppData\Local\Google\Chrome\User Data\Profile 1 and Quota Manager or something like that.


I immediately let Windows Defender remove it, before re-activating and installing Webroot along with Malware Bytes Premium + Privacy.



HOWEVER. I do not know how to tell if the "removal" actually worked. I don't know how the heck I even GOT a Trojan. It wasn't detected or anything until today, apparently. And I haven't done anything on my computer at all today. I'm very careful about my online security. I don't click on strange emails, links, nothing. The only thing I can think of is my boyfriend and I used a somewhat questionable site last night to watch anime, but in virustotal nothing has shown up for it in the past and I've never had any issues with it the site being gogoanime.so


I'm not certain if it was a false positive or not either. Regardless, Webroot & Malware Bytes aren't detecting anything, after like 2 deep scans, plus highlighting and scanning EVERYTHING in the Chrome folder as well.


Would deleting Chrome entirely help? Does Profile 1 allude to WHICH google chrome profile was infected?

What the heck IS the Quota Manager?

What type of Trojan is this???

I'm so confused. And google is NOT helping whatsoever.


UPDATE:
Found out Profile 1 is my personal/irl account for google and I did NOT use that one for watching anime last night. And I never use that profile for anything like anime on sus websites or other things. So I genuinely have no idea.

:)

 

Virus Trojan:32/Wacatac.DC!ml not completely remediated on Windows PC

This is a "Backdoor" trojan. Read about it here: Trojan:Win32/Wacatac.D!ml - Virus Lists and Removal Steps

These are the most dangerous, and most widespread, type of Trojan.

Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.

 

Virus Trojan:32/Wacatac.DC!ml not completely remediated on Windows PC

Can anyone assist?

Earlier today a .zip file was downloaded onto my Windows 10 PC which contained a Trojan:32/Wacatac.DC!ml virus. I am not sure if the virus was run or not but it was detected by Windows Security.

As a precaution I have performed a System Restore in Windows but I still see the following message in Windows Security (allowing for some security details to be blacked out):






The only Action allowed for the above is Allow and all the affected items, as can be seen above, appear to be in the Downloads folder.

Neither Windows Defender or Malwarebytes indicate a problem in the Downloads folder, but can anyone suggest a tool that I can use to verify that the virus has been removed?

Also, is it possible for me to seek to clear the warning above, and does anyone know how that can be done?

Thanks

.

 

Virus Trojan:32/Wacatac.DC!ml not completely remediated on Windows PC

Thxs, I'll think about it. I'm a little reluctant to add another antivirus program (besides WD I have Emisoft and the script noted above).

Also, the problem is not finding and blocking wacatac, Windows Defender does a good job of that. I'm puzzled as why after running/deleting everything to ensure my machine is clean, the act of shutting down my computer activates it, or triggers WD to find and block it. Deleting the WD service history file was supposed to prevent a false positive, deleting all temp files (where WD says the trojan is) was supposed to ensure it was actually gone, and the script was supposed to ensure it couldn't be reactivated.