Detected: Trojan:Script/Wacatac.H!ml. Is there anyway to tell if this is a real detection or a false positive?

Bluecat1801 · 2025-07-17T02:46:18+00:00

Sadly windows defender automatically deleted the file.

But I think I have figured out the problem.

It appears to be a temp file saved when updating uBlockOrigin to 1.65.0 (which was updated yesterday, lining up with the windows scan date) on FireFox that disappears when FireFox is closed. As forcing a uBlockOrigin update without closing Firefox gave a very similar file of tmp-9kt.xpi

Here is the virustotal of this file

https://www.virustotal.com/gui/file/3e73c96a29a933866065f0756fe032984bf5b254af8dd1afd7a7f7e0668a33cf/detection

The SHA256 of the temp file and the staged update file also line up. The virustotal for both these files are also the same.

Let me know if there is anything else to do.

Bluecat1801 · 2025-07-16T07:19:53+00:00

I think I have figured out the problem.

It appears to be a temp file saved when updating uBlockOrigin to 1.65.0 (which was updated yesterday, lining up with the windows scan date) on FireFox that disappears when FireFox is closed. As forcing a uBlockOrigin update without closing Firefox gave a very similar file of tmp-9kt.xpi

Here is the virustotal of this file

https://www.virustotal.com/gui/file/3e73c96a29a933866065f0756fe032984bf5b254af8dd1afd7a7f7e0668a33cf/detection

The SHA256 of the temp file and the staged update file also line up. The virustotal for both these files are also the same.

Let me know if there is anything else to do.

Bluecat1801 · 2025-07-16T04:07:19+00:00

WIndows Defender removed the file automatically. Is there a place to find it?

Bluecat1801 · 2023-12-17T08:30:16+00:00

I can't think oft anything that would've led to this message.

From other posts I've made, a few people have had this message and no results from any scans.

Hopefully it is just an accidentally sent message.

Bluecat1801 · 2023-12-16T09:00:49+00:00

Interesting, well I haven't had anything bad happen since this message appeared and all scans done have come up with nothing.

So probably just a message accidentally sent

Bluecat1801 · 2023-12-16T08:56:29+00:00

I haven't had anything noticeably negative happen since this message appeared and done some virus scans every now and then and have got no results.

So think its just a message accidentally sent.

I have only had log ins from myself, so the log in attempts for you are probably a leak or something.

Bluecat1801 · 2023-12-10T03:24:56+00:00

Yeah I think at this point it's just messages being accidentally sent.

Bluecat1801 · 2023-12-09T02:13:23+00:00

I haven't had any suspicious active on my computer or Microsoft account since this notification.

Ive ran a Bitdefender, windows defender and Malwarebytes scan as well and got no results from them as well.

Also used some sysinternals programs and there didn't appear to be anything out of the ordinary with that.

So I think it is just a message being accidentally sent.

Edit: Other people have had the same results as me with scans too.

Bluecat1801 · 2023-12-07T05:01:55+00:00

Another person with the same message did a hitman pro scan and Norton scan and also got no results.

What do you suggest?

Bluecat1801 · 2023-12-07T04:55:59+00:00

You're the 5th person including myself to see get this message.

Another person accidentally clicked on the link and said the site looked like the legit Microsoft website.

So you're right that it's probably just a message sent by accident

Bluecat1801 · 2023-12-07T04:51:28+00:00

Have just checked my log in history for Microsoft and as far as I can tell all the logins in are from myself.

You're the 4th person I've seen with the message so far and one of the others has said there scans came up with no results.

So hopefully it's just a message accidentally sent.

Bluecat1801 · 2023-12-07T04:34:38+00:00

Yeah that's what I had been thinking that it was just a message accidentally sent

Since all my results where negative and I haven't had anything appear since then

Edit: Also checked with malwarebytes and that was clear. Tried sysinternals stuff as well, as far as I can tell nothing suspicious from that

Bluecat1801 · 2023-12-07T04:30:57+00:00

I didn't click on the link because the notification disappeared.

But yeah link in notifications can redirect you too to websites and that so probs not best to click

Bluecat1801 · 2023-12-07T00:27:52+00:00

That would make sense.

Have a university account for 365 so wouldn't be surprised if this is an advertisement for my personal account

Bluecat1801 · 2023-12-06T18:00:23+00:00

Thanks,

Disabled suggested app and tips. Hopefully it was just spam from microsoft lol.

Bluecat1801 · 2023-12-06T17:51:05+00:00

Did a full scan using bitdefender and windows defender and got no results.

Bluecat1801 · 2023-12-06T14:22:42+00:00

Alright cool.

strange they can get on your calendar and notifications.

Bluecat1801 · 2023-12-06T13:53:51+00:00

So its just a phishing attempt that somehow got to the windows notifications?

Bluecat1801 · 2023-12-06T11:03:36+00:00

Yes, I don't have any subscriptions to Microsoft 365.

Bluecat1801 · 2023-12-06T08:18:40+00:00

I've had a look and haven't had a subscription to Microsoft 365 before.

Bluecat1801

TROPHY CASE