0

1Starting yesterday windows defender has found and quarantined 5 copies (pic 1) of the following threat (pic2) Exploit:O97M/DDEDownloader.C see here.

I tried contacting Microsoft tech support but they were not helpful at all. The guy just said to let windows defender take care of it and be careful on the internet. Also tried googling but couldn't seem to find the answer to any of my questions.

My Questions are:

  1. If I'm understanding correctly, based on the link shared, is this exploit only an issue if I open up a shaded Microsoft office file? Which should be an easy thing to avoid.
  2. Wondering how this got on my computer in the first place? or was it something already there? these questions feel important to protect myself in the future. I haven't downloaded anything recently
  3. Also wondering if there's any way to permanently get rid of it since it seems to be repeatedly popping up and why that might be? and what exactly does permanently removing it mean? As it seems windows defender hasn't done that. Do I need to reformat my computer? Would it be safe to not do so?
  4. Any information to better understand exactly what's going on here as I'm quite confused. Like is the malware already on my computer or is this just an exploit in the Microsoft code would be one way I'm confused.

Thanks so much for the help :o)

5 quarantine attempts of same issue [Threat image]

James
  • 1
  • 1
  • 1
    *"Wondering how this got on my computer in the first place?"* .- we know nothing about your computer and how you use it. Therefore we cannot really help here. Maybe you got some phishing mails which contained the malware, but this is just wild speculation. *"(see pic 1)"* - there is no pic. – Steffen Ullrich Jan 15 '22 at 18:20
  • @MechMK1 I think it answers most things. Thanks for the share. It doesn't answer what exactly this exploit is in the sense of whether it's something in the Microsoft code that needs to be fixed or whether it's something I downloaded onto my computer. Obviously if it's a part of windows then "nuking from orbit" will not solve the issue – James Jan 15 '22 at 20:03
  • 1
    Unfortunately, we are not a malware removal site. There is ***no*** way we can tell you how you got it. Which means we have no idea how/why it keeps showing up. When I google the exploit string, this is the top hit: https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=exploit:o97m/ddedownloader.p and it explains more about what it does. – schroeder Jan 15 '22 at 22:23
  • Regarding the edit, again, since we don't know how you got it, and ultimately don't know what the malware is or how it behaves, we can't tell you how "safe" your computer is. – schroeder Jan 16 '22 at 08:45

0 Answers0