Avast keeps reporting a WanaCry trojan

Since the beginning of June, I’ve had popup notifications from Avast every few hours that it has quarantined mssecsvc.exe from C:\WINDOWS because it was a trojan (WanaCry) or something. I currently have 14 copies of said files quarantined by Avast. One of these cases spooked me as it occurred just as I opened my bank’s identification page to log in to my bank account.

Last time I did a full scan was first of June, nothing alarming there. I also check periodically with Malwarebytes’ Anti-Malware, nothing found until today when it found Ransom.WannaCrypt (log file included).

I am using the free version of Avast 170605-0, 17.4.2294. My OS is Windows 7 x64.

Looking at properties of mssecsvc.exe from Avast quarantine, it’s grouped as infected, its description is “Win32:WanaCry-A [Trj]” and for viruses it has a bunch of strings that all include either WanaCry or WannaCry with letters A, C, D, E, F, H and J. Each string also includes “[Trj]Always!strg”.

How should I react to this? Thanks in advance.

Malware expert is usually online early morning european time, so there may not be a reply before tomorrow

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

How is your sytem now?

Thanks! Since the fix, Windows has asked me program-specific permissions to access the internet whenever I launch the program for the first time, but I haven’t had any more alerts from Avast. Looks like it worked.

Can you post (attach) the Fixlog.txt file please? I would be interested in exactly what transpired.

Some of it is in Finnish. I’ve translated liberally.
Windowsin resurssien suojaus ei voinut suorittaa pyydetty„ toimintoa. = Windows resource protection could not execute requested action (This is maybe due to the file not existing there. I’ve looked several times too and it wasn’t there even though Avast kept reporting it so I guess something created it and Avast instantly quarantined it whenever that happened. I’ve no idea about these things.)
Windows IP-m„„ritykset = Windows IP definitions
DNS-tulkintatoiminnon v„limuistin tyhjent„minen onnistui. = Emptying the cache of the DNS interpreter function was successful.
Toiminto suoritettiin. = Successfully executed.

Vernie,Wannacry can spread across a network if there is a vulnerable system.This means its crucial to do your updates.Maybe there is some computer on the network attacking your system because it isnt patched? :slight_smile:

Thanks for the warning! There are no other devices in my network. As for updates however, the last time my PC managed to install Windows Updates was 12th of August 2016. I’m trying to update as we speak but it does what it usually does, which is being stuck at 0%. I probably should look into that somehow.

Windows Update Repairs info and tools ==>> https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components