Trojan and exploit virus's found on machine

Hi Everyone, I was wondering if anyone can help me help a friend of mine who has recently found the following viruses after running a full scan:
CVE-2014-0515
(cannot access CVE codes for the other 2 right now-antivirus doing its thing)

Windows virus and threat protection seems to be having abit of trouble removing this malware, but Malwarebytes says there are no threats detected. We are still new to the cyber security community and trying to figure this out as newbies seems to be quite a challenge…any help or direction would be appreciated

Hi Aine,
Preliminary lookups suggest it might be something that attacked through Adobe Flash Player.
https://nvd.nist.gov/vuln/detail/CVE-2014-0515

I think you have already taken the best steps, antivirus solution should help a long way. Try running something other than Malwarebytes such as Avast or Kaspersky. Make sure you uninstall the previous antivirus because these software tend to clash with each other.

The best thing now would be to triage through the files that the antivirus quarantines, searching these files on google would give a possible indication of what actually attacked your machine, its persistence mechanism and how to remove it.

Hope this helps!

1 Like

Thank you so much for your help, hopefully Windows Defender is able to remove it, otherwise the whole laptops going out the window :rofl:

You wouldn’t have to necessarily junk the entire laptop. If the data is recoverable from other backups or if you feel that the data is not worth the effort of saving it, you can simply format the hard disk drive and put in a clean install of windows. That should do the trick. Of course this should only be the very last resort.

1 Like
1 Like

Thank you both for your help. Turns out we needed to not quarantine but allow" the malware in order to delete the actual iso image. The malware was showing up in the Kali Lunix iso image container, windows defender isolated this container but because it isolated it we were unable to delete the iso image which is where the threats were located, we then had to disable windows defender, restart the system and then after doing this we were able to delete the iso image and remove the malware :slight_smile: