Share via

Windows defender won't remove Trojan:Win32/Ymacco.AA86

Anonymous
2021-10-01T13:36:35+00:00

Hi, yesterday I downloaded a program to download from MEGA without limits, right after I clicked it my Windows Defender deleted it and notified my that there was Trojan:Win32/Ymacco.AA86 in that file, then i did press Quarentine and take actions and just a minute later the notification was still there and even after I deleted that file, I ran Microsoft Safety Scanner and it found nothing, I ran SpyHunter and found nothing too.

I already checked in Task Manager for a strange process and found nothing, did the same on all my programs and still found nothing.

I tried everything and only Windows Defender detects it and WD won't delete it, theres this message that says something like "Active threats have not been fixed and are running on the device".

I ran the offline analysis and it was the same result, found the Trojan:Win32/Ymacco.AA86 but it won't quarantine or delete it.

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-10-01T23:26:37+00:00

    Hi Andrik,

    You are experiencing a false positive, that is being created by Defender, only.

    https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Ymacco.AA86&ThreatID=2147757366

    Since the Microsoft Safety Scanner does not detect the malware, that indicates that Defender has

    already remediated it. Defender is continuing to "Detect" it, because it is in Defender's Protection

    History. If it was still a current threat, the Scanner would detect it as well. They both use the same

    intelligence definitions.

    You can eliminate the "false detection" by deleting Defender's "Detection History" folder.

    This is a safe procedure. Windows rebuilds the folder, the next time that it is needed.

    This link supplies the instructions for deleting Detection History.

    https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828

    Glen

    4 people found this answer helpful.
    0 comments
  2. Anonymous
    2021-10-01T14:19:04+00:00

    Hi AndrikVp,

    I'm Paul and I'm here to help you with your concern.

    I recommend that you try to use the Microsoft Safety Scanner.

    You can download it from the link below.

    https://docs.microsoft.com/en-us/windows/securi...

    I hope this helps. Feel free to ask back any questions and keep me posted.

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2021-10-01T15:14:51+00:00

    Sorry about that.

    Can you try to use the Windows Malicious Software Removal Tool?

    https://www.microsoft.com/en-us/download/detail...

    If still didn't work, try to use the Malwarebytes program.

    https://www.malwarebytes.com/mwb-download

    I hope this helps. Feel free to ask back any questions and keep me posted.

    Disclaimer: There are links to non-Microsoft websites.

    The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

    0 comments
  4. Anonymous
    2021-10-01T15:11:05+00:00

    Hi, as I said in the post, I already used Microsoft Safety Scanner and it found nothing.

    0 comments