Malware/Trojan PUA

New Contributor

tma_1.JPG

 

Surface Laptops 3 & 4's i5/i7. General windows versions 2004 build through 20H2 Sophos Endpoint installed and Teramind.

Anyone have any ideas as to what could be creating these random tma_.* files that pretty much are bogging down a few of our systems. Sophos has not detected a thing and when it does and we manually clean it up it seems to subside. Definitely stemming from an email but not sure how to trace this back down to it's source and terminate it. No event viewer info found. Help is appreciated.

8 Replies
Try run scan with different Anti-Malware, for example you may consider running a full scan with Safety Scanner, take a look at:
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-down...
Do you have any sample of this malware?

@GOLAN3 

Hi

Please read this - I think it will be helpful.

Protect your PC from unwanted software (microsoft.com)

 

@GOLAN3 

If you have reasonable suspicions that the files are infected, you can send them to Microsoft

Submit a file for malware analysis - Microsoft Security Intelligence

@Reza_Ameri 

No sample available have to find another PC this is happening on. Than you for the MSERT, didn't even know this was a thing! Trying it now.

 

MSERTScan.JPG

 Didn't seem to find much, trying a few other things

@Reza_Ameri 

@GOLAN3 

How Cyberattacks Are Changing with New Microsoft Digital Defense Report - Microsoft Security Blog

https://www.microsoft.com/security/blog/2021/10/11/how-cyberattacks-are-changing-according-to-new-mi...

Thank you for the screenshot, this a virus where it damage the Windows Defender and hopefully it has been removed.
If you had any sample, then I could guide you to send them to Microsoft for analyze.
You may perform a scan with Microsoft Defender Offline too, take a look at:
https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d...

@GOLAN3 

I think this discussion should be in this Community - try asking there - add a link to this post.

Security, Compliance, and Identity - Microsoft Tech Community