Since the beginning of June, I’ve had popup notifications from Avast every few hours that it has quarantined mssecsvc.exe from C:\WINDOWS because it was a trojan (WanaCry) or something. I currently have 14 copies of said files quarantined by Avast. One of these cases spooked me as it occurred just as I opened my bank’s identification page to log in to my bank account.
Last time I did a full scan was first of June, nothing alarming there. I also check periodically with Malwarebytes’ Anti-Malware, nothing found until today when it found Ransom.WannaCrypt (log file included).
I am using the free version of Avast 170605-0, 17.4.2294. My OS is Windows 7 x64.
Looking at properties of mssecsvc.exe from Avast quarantine, it’s grouped as infected, its description is “Win32:WanaCry-A [Trj]” and for viruses it has a bunch of strings that all include either WanaCry or WannaCry with letters A, C, D, E, F, H and J. Each string also includes “[Trj]Always!strg”.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please close any other programs you are using and save your work / files. The FRST script will close all unneeded processes and then reboot the system (if needed) when finished.
Thanks! Since the fix, Windows has asked me program-specific permissions to access the internet whenever I launch the program for the first time, but I haven’t had any more alerts from Avast. Looks like it worked.
Some of it is in Finnish. I’ve translated liberally.
Windowsin resurssien suojaus ei voinut suorittaa pyydetty„ toimintoa. = Windows resource protection could not execute requested action (This is maybe due to the file not existing there. I’ve looked several times too and it wasn’t there even though Avast kept reporting it so I guess something created it and Avast instantly quarantined it whenever that happened. I’ve no idea about these things.)
Windows IP-m„„ritykset = Windows IP definitions
DNS-tulkintatoiminnon v„limuistin tyhjent„minen onnistui. = Emptying the cache of the DNS interpreter function was successful.
Toiminto suoritettiin. = Successfully executed.
Vernie,Wannacry can spread across a network if there is a vulnerable system.This means its crucial to do your updates.Maybe there is some computer on the network attacking your system because it isnt patched?
Thanks for the warning! There are no other devices in my network. As for updates however, the last time my PC managed to install Windows Updates was 12th of August 2016. I’m trying to update as we speak but it does what it usually does, which is being stuck at 0%. I probably should look into that somehow.