Antivirus Basics

PrimitiveRaccoon2400 · June 10, 2024, 5:38am

#Q3, could not find other than this, Why not this result “Torjan:MSIL/Rozena.KAE!MTB” accepted ???

#Q3 . According to Windows Defender Antivirus, what is the name of the malware record reported for Sample2?

JosephWhite · June 10, 2024, 1:07pm

Microsoft does change the way they designate malware from time to time. It’s possible the answer needs to be updated. I will check and get back to you.

JosephWhite · June 10, 2024, 4:25pm

Sample 2 is not Trojan:MSIL/Rozena.KAE!MTB

The answer I got from Defender matches the answer expected in the lab.

Targis · June 10, 2024, 8:40pm

This is also what is happening to me.

Just to be clear, I am extracting sample2.zip and windows defender is giving me Trojan:MSIL/Rozena.KAE!MTB. I’ve done it twice just to make sure and it gave me this both times.

admvet5 · June 11, 2024, 2:50pm

I am also having the exact issue and Defender has the name as Trojan:MSIL/Rozena.KAE!MTB. I tried doing the steps again, same result

JosephWhite · June 11, 2024, 3:30pm

I will add this as an accepted answer since multiple students are reporting the same thing.

Cirity · June 12, 2024, 12:19pm

Has anyone been able to find a solution to this?

yucoder14_v2 · June 12, 2024, 1:28pm

I have the same problem.

JosephWhite · June 12, 2024, 1:30pm

Trojan:MSIL/Rozena.KAE!MTB should be an accepted answer now.

RigidPlanarian4384 · June 12, 2024, 6:22pm

I don’t accept that answer

JosephWhite · June 12, 2024, 6:22pm

Try that answer one more time. I may have fat fingered something.

RigidPlanarian4384 · June 12, 2024, 6:40pm

ready, I accept the answer, thank you

AegisMachina · August 16, 2024, 4:34pm

When checked with Defender sample 2 on my version is Ransom:Win32/StopCrypt.CRIS!BTB but the answer gets marked as wrong.

TealRaven9749 · March 18, 2025, 7:51pm

When I try to do step 5 in 1.2 this comes up

CalmQuail2332 · March 19, 2025, 1:52pm

Hey there - can you try again in a fresh lab session? I just tested this lab and it seemed to work fine.

TealRaven9749 · March 19, 2025, 6:53pm

Yes I just retried it and it still showing interrupted action unexpected error

CalmQuail2332 · March 19, 2025, 7:33pm

Hmmm - okay bear with me. Can you try one more time and do exactly this?

-Open the File Explorer, navigate to C:\Evil.
-Right-click the Sample1.zip file, select 7-Zip > Extract Here, then enter the password (Infected) to decompress the file.
-Right-click the resulting file (beginning 1a1c) and select Copy.
-Return to the C folder, then right-click anywhere and select Paste.

Does that work? If not, does copy/pasting the file to the Desktop work?

TealRaven9749 · March 19, 2025, 7:52pm

It says same thing for both error

CalmQuail2332 · March 20, 2025, 1:13am

Thanks - I’m not sure how this could be the issue, but we did just move this lab to our new backend a few days ago, so I just moving it back to the old one. Can you let me know if you get a different result?

TealRaven9749 · March 20, 2025, 6:26pm

Still showing the error