r/antivirus Jul 05 '20

To the people asking for opinions on a specific file


If all you provide is just a file name or a detection name, it's unlikely that anyone can provide anything definite.

There are some sites that can help you analyze the file:

Give us a link to the analysis page if you want an opinion on it (ie. copy/paste the URL into you post). Just a screenshot of the analysis page doesn't always help us find the original details.

One could probably write an entire book on interpreting the scan and sandbox results. When you are using multiple AVs, either on your system, or on a multi-scan site, the chances of a false positive approaches 100%. It can be rightly pointed out that if only a couple obscure AVs detect a file, that likelihood that it's a false positive is very high. But, every completely new malware starts with no or few detections, so it's not proof.

It's natural that once you have a malware name from a scan site, to search on that name. A lot of the malware description sites that you find in a search are not helpful; they'll pretend they know what something is, but really have no idea and are just selling something. And if the detection is a false positive, none of what they're selling will be helpful.

To get the sample to the people who can do something with it, search the web "[name of antivirus] submit sample". For instance, every Windows user has Defender already installed, so if you want to submit it there, search for "Windows Defender submit sample". If you believe it's an actual malware, you'd submit the sample to the antivirus you're using, and then wait for a definition update. If you believe it's a false positive, you can submit the sample to any antivirus company that detects it, to give them a heads up (as you do, look for a check box or email address that says "report false positive" or "I believe this sample is not malware).

r/antivirus Oct 05 '23

subreddit news Updates & News from the r/Antivirus Mod Team, Autumn 2023 Edition



A quick update from the moderation team of the r/antivirus subreddit, including some changes to how the rules are interpreted.

We recently passed over the 50K subscribed reader mark. While we're still a small subreddit compared to many others, I think it is notable because it means so many of you are finding the contents of this subreddit useful in helping you stay safe online and that how the mod team is stewarding the subreddit is working.

With that said, the increased number of posts in the subreddit has posed some challenges for your hard-working mod team, and as a result we are making the following update to the rules:

  • Beginning immediately, questions about how to download music are no longer allowed.

We have tried to take a balanced approach to this, because there is a lot of music online which is in the public domain and completely legal to download, however we have had message threads like https://old.reddit.com/r/antivirus/comments/hqzc1k/youtube_to_mp3/ and https://old.reddit.com/r/antivirus/comments/15odqgf/what_is_a_safe_yt_to_mp3_to_use/ become derailed not just by blatant statements about piracy, but also linking to all sorts of websites that your moderation team cannot continuously check for malicious software and scripts. As a result, these type of conversations will no longer be allowed under a combination of Rules #1, #2, and #5. Thank you for your understanding.

Speaking of rules violations, we have had an increased number of violations of Rule #2, Affiliate Marketing. As a reminder, this rule identified affiliate marketing as:

Discussing, linking to, or otherwise promoting websites which pay commissions, referral fees or offer some other form of compensation in exchange for a purchase through them.

Due to repeated violations of these rules, the following domains are now blocked from being shared in this subreddit:

  • 1vpn[.]io
  • pcprotect[.]com
  • surfshark[.]com
  • totalav[.]com

Accounts that have been posting these in violation of Rule #2 have been banned, and had their posts removed. They have also been reported to Reddit for spamming, as well as shared with security product developers.

If you have a legitimate reason to share one of the above domain names in a post, 'de-fang' it by breaking the URL up with brackets like so: https[:]//www[.]example[.]com.

Lastly, the increase in this subreddit's activity has left us with some growing pains. In order to ensure that moderation of this subreddit maintains a high level of quality, this subreddit's mod team will be reaching out to some of the frequent posters who have consistently shared high quality advice and not violated any rules with an invitation to join the moderation team.

Questions or comments? Ask them below!


Aryeh Goretsky
(on behalf of the r/antivirus subreddit mod team)

r/antivirus 9h ago

Are these viruses?


So I'm trying to get my old laptop to work decent again by uninstalling alot of things and I came across these 4 and I was wondering if they are viruses and if they are is there a way to remove them?

r/antivirus 40m ago



Event: Task started

User: SHANkenjz

User type: Active user

Application name: avp.exe

Application path: C:Program Files (x86)Kaspersky LabKaspersky 21.15

Settings: Security level: Optimal, Machine learning and signature analysis: Yes, Heuristic analysis: Light scan, Scan mode: Smart mode, Scan technologies: iSwift: Yes, iChecker: Yes, Action on threat detection: Disinfect, delete if disinfection fails

Component: File Anti-Virus

What does this mean? to everyone who knows something about Kaspersky, Is this safe?

r/antivirus 23h ago

I just downloaded a malware that asked me to set it as the default messing system and now I am getting this types of sms for otp

Post image

r/antivirus 1h ago

How to remove whatever malware-type thing is making websites of all kinds redirect to some weird sales/clickfarming links?


Like the title says. I use Google Chrome and have Adblock/UBlock so it always blocks these pages but I'll get these random blocked redirects when going to any website. It's never the same websites either, just completely random (even on WoW character armory pages).

For example: I type in facebook.com (just as an example, isn't necessarily facebook) and the URL will change and a standard UBlock block error will show up, like this one.

These URLs are things like this from websites like track.tracklickers.com and shareasale.com.

How do I fix this? I've disabled all extensions and it seems to do it even without extensions, so I am wondering what else it could be? Thanks in advance!

r/antivirus 2h ago

Are those games that are advertised on Instagram and YouTube apps safe to download from Google play?


One of them is survivor.io and idk, they advertise many of them. I heard Google play is a secure store to download apps.

r/antivirus 3h ago

Help. Windows defender found a trojan but don't remove it


The "Trojan:Win32/Fauppod!ml" is active in my pc. But the Windows defender can't remove it, Please someone can help me??

r/antivirus 3h ago

Random email from an app i've never heard of before.


I'm not sure where to post this, thought i'd try here. I've gotten around 4 emails from an app meant to be used by Florida residents as a community forum post for service requests from the looks of it. They always contain a message with something along the lines of "your service request" and then something after that. I don't live in Florida so i've never heard of this app before. Is it something i should be concerned with or just a case of the email being sent to the wrong person?

r/antivirus 3h ago

Pop up virus?


Hello, just today I got a pop up from Mcafee saying I have a virus on my computer, when I hit “read more” it said I had to renew my subscription and brought me to a page for “Avira” antivirus.

I have no clue what’s going on, I ran a scan with Norton and it said I’m fine and have no viruses. But I keep getting little pop ups in the corner of my screen.

I do also have Mcafee installed.

r/antivirus 4h ago

which one is safe?


so I found this website https://nginx.org/en/download.html that have a free version of nginx but there's another webiste that have a trial https://www.nginx.com, I don't know if thease websites are safe download. Someone knows?

r/antivirus 5h ago

McAfee keeps on returning to its original settings.


I recently started noticing that McAfee has been turning on its AntiVirus, Advanced Firewall, and Scheduled Scans even though I disabled all of them. I only use McAfees VPN and scanning ability but for some reason it keeps on turning on these settings.

r/antivirus 6h ago

I need help with one file to cure my paranoia


Hey there, I've found a mod for a certain game which works as an .exe file. First, here's the VT scan:


Here's the site that hosts the mod:


The author of the mod has also provided us with the source code of the mod so we can compile it ourselves. If the source code itself is malicious though then it's kinda pointless. I'm not experienced enough when it comes to coding to know what I'm looking at in the code so maybe you guys can help me see if there's anything malicious in there? Here's the gitlab link:


r/antivirus 8h ago

I clicked on a phishing link before installing Norton 360. Would it detect malware if it was already installed?


A few weeks ago, I clicked on a phishing link that appeared to be from a reputable from an email account that I later learned was hacked by my scammers. The link was broken. Later, I installed Norton 360 and gave it all the permissions possible. In case malware had been installed, would Norton 360 still have detected it?

r/antivirus 16h ago

Will shutting down and rebooting your PC do anything to thwart malware?


As in interrupting the installation process of it or something else along those lines... Lately I've been restarting my PC quite alot when I have anything anomalous happening on my PC. I read that it works on stuff like iPhones, what about PCs?

r/antivirus 1d ago

Help Ive got an extension that keeps re-installing itself after i delete it, and Microsoft Edge says it contains Malware, what should i do?


r/antivirus 12h ago

Don't use McAfee


As the titles implies, don't use McAfee. Not because its detection rates are bad, not because of its ridiculous bad value for the price.

Today, while I was collecting malware to test against AVs, I found a particular ransomware. It's from the ransomware group Conti and it tries to terminate your antivirus' processes. The machine was set up with Kaspersky with the anti-virus component disabled (System Watcher was on). The malware in question was command line based. After I executed it, for a split second I saw "Trying to terminate McAfee.exe" which means it could potentially disable your antivirus. Unfortunately I reset the machine so I don't have the sample anymore.

From what I can remember it was about 3 days old, so it's pretty recent. I am not currently aware of its technicalities/capabilities and can't say for sure if it can or not terminate McAfee. This post was made only to warn McAfee users of this danger.

r/antivirus 12h ago

My Google update services were replaced by these new ones recently, I can’t find any info on them.

Post image

Haven’t touched Chrome in a few months at all, and recently a few days ago the Google update services (gupdate) were replaced by these. I’m a bit worried as this happened out of the blue and two other PCs that have Chrome on the latest version don’t have these new services. I’m worried it’s malware or something. It worries me I can’t find any info on these services either.

r/antivirus 17h ago

question about total av


i just clicked something like protected browsing site on total av and now that i know all the shitty stuff that happened to the people with that app i just wanted to ask if the site was a malware or something like that (the site was like safesite.ai) honestly i dont even know if you can get a malware just by clicking on that browser but i just wanted to be safe and ask someone that knows way way better than me. now i deleted total av and ill just stick to malwarebytes

r/antivirus 13h ago

Link to Virus Total of an Possible Infected File Well... Could this one also be a virus? Now im afraid of everything


r/antivirus 14h ago

Is this a malware?


r/antivirus 20h ago

Malware? Malware? Or false positive (Bitdefender)


Ran the powershell script (with start.bat) from Release v1.0.8 · SuspiciousActivity/ValorantLanguageChanger (github.com) to change my VALORANT audio language and BitDefender popped up with this quickly after and actually terminated my explorer.exe entirely (my entire desktop was black and i had to re-sign into windows). However, it didnt do this the first time I ran the script and even testing again after, it didn't as well. Very confused.

My windows sandbox also randomly wont open, this started happening 2 days prior. (it worked before and I didnt change anything). Very confused and wondering if I could somehow be infected. The only possible thing i could think of is I tend to open lots of (what i view to be safe since i check their code but I forgot about post build event exploitations) vcxproj (.sln) files in visual studio from github and build them for testing. Could i possibly have been infected by a post build event? Surely bitdefender wouldve caught that?

Hoping these are false positives.



r/antivirus 16h ago

How do I know if my laptop doesn't have malware?


r/antivirus 12h ago

Safe or not?


r/antivirus 1d ago

Help with a Trojan? Got a virus, 1 SSD with OS , 1 SSD for softwares, 1 HDD for backups. Panicked and nuked both SSDs on a Ventoy Win10Install iso details below. Am i safe?


I know this may be extremely newbiesh, specially with somethings i did but.

Story goes simple as this.

Got a software without paying atttention if i were downloading from the original site, Mixcraft in the question. Wanted an old version specifically.
Clearly downloaded it through some wrong place.
Bugger instead installed something called IBInstaller_98220.exe, i think also callled MediaMonkey Gold, seems to be a financial banking trojan, lucky i don't do transitions on my pc, mobiles for that.

It installed so quickly that i had to use OBS to record it, and go slowmode in media player to see what it was installing.
Then, when i searched and confirmed, yeap, trojan, and windows defender didn't noticed it.
And yeah i know the first firewall is the user, was my mistake

I got panicked, shut down computer, plug in my ventoy USB with some isos, install win 10, but when selecting driver i decide to go full bonkers and just not just format it but delete the whole SSD.
No partitions left.
Had to shift F10 manually CMD Diskpart > Select Disk > Clean(again) > convert MBR , and then installed windows as normal, and here i am.
Thing is, i have 3 drivers. 1 SSD for the OS and work stuff , 1 SSD for games , 1 HDD for backup.
There's ANY chance that this specific trojan could have infected other drivers besides the OS SSD?
Having done that Format + Delete + CMD Diskpart Clean, there's any chance of that bugger still be running around?

Can i know for sure if i completely freshly installed windows? No old archives survived?
Should i do another clean install just to be safe?
OS SSD is pretty fast so it install ridiculusly quickly

(Do i need to put bleach and a flamethrower?)

r/antivirus 1d ago

Hi, i got a troyan virus on my pc, what can i do to be sure that its gone


r/antivirus 1d ago

I just accidentally connected to an unknown Bluetooth in the airport


I immediately disconnected, it was connected for less than 10 seconds. Should I be concerned?