I got a popup from Windows Defender about a threat that was blocked and removed. The threat was: TrojanSpy:Win32/Ursnif!ml. The file path was: C:UsersXXAppDataLocalTemptmp0000012ftmp0000b685.
Defender removed the issue so I think I am good. But I am confused on how I got this. I wasn’t doing much on my computer. I was watching YouTube. I ran a scan with Emsisoft Emergency Kit and Malwarebytes (before I even got this popup from Defender) and both of them didn’t find anything. It was only a minute or two after both of those scans finished that I got the Windows Defender notification about a threat. I wasn’t downloading anything, or visiting strange websites. I was just passively listening to a YouTube video, having LibreOffice opened and doing some AV scans that weren’t in relation to anything. Just my normal routine of scanning. No reason really behind the scans from MBAM and Emsisoft before I got the Defender popup.
I tried to get the file back that was quarantined just to throw it into Virustotal but I couldn’t get it back. I clicked “Allow” but it seems like the file is completely gone.