Unsolved
1 Rookie
•
19 Posts
0
91
February 16th, 2025 19:13
Trojan SterlaStealer.JS found in SupportAssist directory
Hoping for some clarification.
McAfee reported and quarantined a Trojan it called SterlaStealer.JS following a full scan. The directory shown for its location was:
C:\ProgramData\Dell\SupportAssist\Agent\reports\my service tag no._SupportAssistClient_**************_autofix.zip
I don't know much about malware but I'm puzzled how this got on my laptop and the fact that it was located in a Dell SupportAssist directory.
Wondering if perhaps this is a false positive as one of the modules of SupportAssist is a virus scan.
I have deleted the quarantined file and re-run SupportAssist and the McAfee full scan again and all seems clear.
McAfee called the Trojan SterlaStealer.JS but I could find any mention of that name on a search. However there is one called StrelaStealer.
Anyone shed some light on this.
Thank you.
RoHe
10 Elder
•
45.2K Posts
0
February 17th, 2025 02:24
Exact PC model and version of Windows?
What version of SupportAssist is installed?
Just because it's in a SupportAssist folder doesn't necessarily mean it came with SupportAssist. Malware can find sneaky places to hide. And there have been false positives with SupportAssist in the past.
I'll ping my Dell contacts...
(edited)
Macrophoto
1 Rookie
•
19 Posts
0
February 17th, 2025 19:25
@RoHe Hi. Thanks for the reply.
Dell XPS 9520 running Windows 11 Pro 24H2 Build 26100.3194
SupportAssist V4.6.2.0
RoHe
10 Elder
•
45.2K Posts
0
February 18th, 2025 01:17
I passed the system info along, together with a link to this thread...
Imken33
1 Rookie
•
1 Message
0
February 20th, 2025 18:41
I have the same exact issue in the same exact location. Instead of allowing it to sit in quarantine I deleted it. A few weeks later….. it’s back in the same exact location.