Windows 10: Windows defender detected HTML/Phish.refb!MTB in VHDX file

Today Windows defender has detected Malware HTML/Phish.refb!MTB in VHDX file in the hyper-v host server. When checked the VHDX file is added in quarantine for action. Also in C:\ProgramData\Microsoft\Windows defender\Resource data\97 a file is present with the same size of the VHDX file. This occupied Hyper-V host machines C:\ space. VHDX file is nearly 900 GB so equivalent to 900 GB another file is created in Windows defender quarantine folder.I need to remove the quarantine file but, i am afraid removing the quarantine file will delete the original VHDX file from VMs folder.I am stuck with

:)

 

Recurrent trojan, HTML/Phish quarantined by Windows Defender, and don't have active option/button to remove as suggested.

Hi!

Currently have,

edition Windows 10 Pro

version 1803

OS Build 17134.48

Slow ring with active development

For the last several build downloads, Windows Defender has been quarantining a severe trojan, HTML/Phish, providing file details, the suggestion to remove, but no obvious way to do so, like a "remove threat" button.

Two file examples are:

trojan : HTML/Phish

affected items:

file: C:\Users\3orch\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\116\GEUSE7738644[1175].html

C:\Users\3orch\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\116\GEUSE7738644[1719].html

Now, I will share my lack of expertise by asking why does this trojan keep recurring once quarantined by Windows Defender from build to build?

Is a clean install the only option I have? Kinda' thought that was done with each new build download? Also thought Windows Defender is adaptive/preventive in it's way of staying ahead of threats?

Thank you for any kind instruction and enlightenment.

Kind Regards,

 

DualBoot Windows 10 with native boot on vhdx file.

Thanks for the tip but it's been a long time since I made the script and I don't remember much.

I'd like to check everything with you.

I read this tutorial to create the VHDX Create and Set Up New VHD or VHDX File in Windows 10. and this Problem creating GPT VHD automatically even if I haven't understood much.

For the installation of windows on the vhd I had found a tutorial but now I can't find it.

Can you help me find the remaining tutorials?

Do you know if there is a script already ready?

In the meantime, I fix the script a little (which is not finished) and place it as soon as it is done.

This is the steps in the script

1. backup bcd
2. create vhdx
3. apply windows image to vhdx (install?)
4. add entry in bcd
5. restore bcd

 

Windows Defender notification of malware detection

Hello,

Thank you for keeping us posted and we appreciate your continued patience on this issue.

At this point, I suggest you to update the Windows Defender program and check if it helps.

To check for new Windows Defender definitions manually:

• Open Windows Defender.
• Click the arrow next to the Help button, and then click Check for updates. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Also, check if the detection is of the same malware file or not. Again, see if it is any specific program or a file you try to access which triggers the detection.

Additionally, view the log in Event Viewer to check if the malware is removed every time it is prompted.

To open the Event Viewer. To do so, follow the below steps.

• Go to the Control Panel and choose to click on the
  Administrative Tools icon.
• The above action will open up a new window of the Administrative Tools where you will see the
  Event Viewer.
  

You can view Windows Defender "Operational" events in Event Viewer under Applications and Services Logs -> Microsoft -> Windows -> Windows Defender.

Kindly keep us posted, for us to be able to assist you further.

Thank you.