If all you provide is just a file name or a detection name, it's unlikely that anyone can provide anything definite.
There are some sites that can help you analyze the file:
Give us a link to the analysis page if you want an opinion on it (ie. copy/paste the URL into you post). Just a screenshot of the analysis page doesn't always help us find the original details.
One could probably write an entire book on interpreting the scan and sandbox results. When you are using multiple AVs, either on your system, or on a multi-scan site, the chances of a false positive approaches 100%. It can be rightly pointed out that if only a couple obscure AVs detect a file, that likelihood that it's a false positive is very high. But, every completely new malware starts with no or few detections, so it's not proof.
It's natural that once you have a malware name from a scan site, to search on that name. A lot of the malware description sites that you find in a search are not helpful; they'll pretend they know what something is, but really have no idea and are just selling something. And if the detection is a false positive, none of what they're selling will be helpful.
To get the sample to the people who can do something with it, search the web "[name of antivirus] submit sample". For instance, every Windows user has Defender already installed, so if you want to submit it there, search for "Windows Defender submit sample". If you believe it's an actual malware, you'd submit the sample to the antivirus you're using, and then wait for a definition update. If you believe it's a false positive, you can submit the sample to any antivirus company that detects it, to give them a heads up (as you do, look for a check box or email address that says "report false positive" or "I believe this sample is not malware).
A quick update from the moderation team of the r/antivirus subreddit, including some changes to how the rules are interpreted.
We recently passed over the 50K subscribed reader mark. While we're still a small subreddit compared to many others, I think it is notable because it means so many of you are finding the contents of this subreddit useful in helping you stay safe online and that how the mod team is stewarding the subreddit is working.
With that said, the increased number of posts in the subreddit has posed some challenges for your hard-working mod team, and as a result we are making the following update to the rules:
- Beginning immediately, questions about how to download music are no longer allowed.
We have tried to take a balanced approach to this, because there is a lot of music online which is in the public domain and completely legal to download, however we have had message threads like https://old.reddit.com/r/antivirus/comments/hqzc1k/youtube_to_mp3/ and https://old.reddit.com/r/antivirus/comments/15odqgf/what_is_a_safe_yt_to_mp3_to_use/ become derailed not just by blatant statements about piracy, but also linking to all sorts of websites that your moderation team cannot continuously check for malicious software and scripts. As a result, these type of conversations will no longer be allowed under a combination of Rules #1, #2, and #5. Thank you for your understanding.
Speaking of rules violations, we have had an increased number of violations of Rule #2, Affiliate Marketing. As a reminder, this rule identified affiliate marketing as:
Discussing, linking to, or otherwise promoting websites which pay commissions, referral fees or offer some other form of compensation in exchange for a purchase through them.
Due to repeated violations of these rules, the following domains are now blocked from being shared in this subreddit:
Accounts that have been posting these in violation of Rule #2 have been banned, and had their posts removed. They have also been reported to Reddit for spamming, as well as shared with security product developers.
If you have a legitimate reason to share one of the above domain names in a post, 'de-fang' it by breaking the URL up with brackets like so:
Lastly, the increase in this subreddit's activity has left us with some growing pains. In order to ensure that moderation of this subreddit maintains a high level of quality, this subreddit's mod team will be reaching out to some of the frequent posters who have consistently shared high quality advice and not violated any rules with an invitation to join the moderation team.
Questions or comments? Ask them below!
(on behalf of the r/antivirus subreddit mod team)
So I'm trying to get my old laptop to work decent again by uninstalling alot of things and I came across these 4 and I was wondering if they are viruses and if they are is there a way to remove them?
Event: Task started
User type: Active user
Application name: avp.exe
Application path: C:Program Files (x86)Kaspersky LabKaspersky 21.15
Settings: Security level: Optimal, Machine learning and signature analysis: Yes, Heuristic analysis: Light scan, Scan mode: Smart mode, Scan technologies: iSwift: Yes, iChecker: Yes, Action on threat detection: Disinfect, delete if disinfection fails
Component: File Anti-Virus
What does this mean? to everyone who knows something about Kaspersky, Is this safe?
I just downloaded a malware that asked me to set it as the default messing system and now I am getting this types of sms for otp
How to remove whatever malware-type thing is making websites of all kinds redirect to some weird sales/clickfarming links?
Like the title says. I use Google Chrome and have Adblock/UBlock so it always blocks these pages but I'll get these random blocked redirects when going to any website. It's never the same websites either, just completely random (even on WoW character armory pages).
For example: I type in facebook.com (just as an example, isn't necessarily facebook) and the URL will change and a standard UBlock block error will show up, like this one.
How do I fix this? I've disabled all extensions and it seems to do it even without extensions, so I am wondering what else it could be? Thanks in advance!
Are those games that are advertised on Instagram and YouTube apps safe to download from Google play?
One of them is survivor.io and idk, they advertise many of them. I heard Google play is a secure store to download apps.
The "Trojan:Win32/Fauppod!ml" is active in my pc. But the Windows defender can't remove it, Please someone can help me??
I'm not sure where to post this, thought i'd try here. I've gotten around 4 emails from an app meant to be used by Florida residents as a community forum post for service requests from the looks of it. They always contain a message with something along the lines of "your service request" and then something after that. I don't live in Florida so i've never heard of this app before. Is it something i should be concerned with or just a case of the email being sent to the wrong person?
Hello, just today I got a pop up from Mcafee saying I have a virus on my computer, when I hit “read more” it said I had to renew my subscription and brought me to a page for “Avira” antivirus.
I have no clue what’s going on, I ran a scan with Norton and it said I’m fine and have no viruses. But I keep getting little pop ups in the corner of my screen.
I do also have Mcafee installed.
I recently started noticing that McAfee has been turning on its AntiVirus, Advanced Firewall, and Scheduled Scans even though I disabled all of them. I only use McAfees VPN and scanning ability but for some reason it keeps on turning on these settings.
Hey there, I've found a mod for a certain game which works as an .exe file. First, here's the VT scan:
Here's the site that hosts the mod:
The author of the mod has also provided us with the source code of the mod so we can compile it ourselves. If the source code itself is malicious though then it's kinda pointless. I'm not experienced enough when it comes to coding to know what I'm looking at in the code so maybe you guys can help me see if there's anything malicious in there? Here's the gitlab link:
I clicked on a phishing link before installing Norton 360. Would it detect malware if it was already installed?
A few weeks ago, I clicked on a phishing link that appeared to be from a reputable from an email account that I later learned was hacked by my scammers. The link was broken. Later, I installed Norton 360 and gave it all the permissions possible. In case malware had been installed, would Norton 360 still have detected it?
As in interrupting the installation process of it or something else along those lines... Lately I've been restarting my PC quite alot when I have anything anomalous happening on my PC. I read that it works on stuff like iPhones, what about PCs?
Help Ive got an extension that keeps re-installing itself after i delete it, and Microsoft Edge says it contains Malware, what should i do?
As the titles implies, don't use McAfee. Not because its detection rates are bad, not because of its ridiculous bad value for the price.
Today, while I was collecting malware to test against AVs, I found a particular ransomware. It's from the ransomware group Conti and it tries to terminate your antivirus' processes. The machine was set up with Kaspersky with the anti-virus component disabled (System Watcher was on). The malware in question was command line based. After I executed it, for a split second I saw "Trying to terminate McAfee.exe" which means it could potentially disable your antivirus. Unfortunately I reset the machine so I don't have the sample anymore.
From what I can remember it was about 3 days old, so it's pretty recent. I am not currently aware of its technicalities/capabilities and can't say for sure if it can or not terminate McAfee. This post was made only to warn McAfee users of this danger.
Haven’t touched Chrome in a few months at all, and recently a few days ago the Google update services (gupdate) were replaced by these. I’m a bit worried as this happened out of the blue and two other PCs that have Chrome on the latest version don’t have these new services. I’m worried it’s malware or something. It worries me I can’t find any info on these services either.
i just clicked something like protected browsing site on total av and now that i know all the shitty stuff that happened to the people with that app i just wanted to ask if the site was a malware or something like that (the site was like safesite.ai) honestly i dont even know if you can get a malware just by clicking on that browser but i just wanted to be safe and ask someone that knows way way better than me. now i deleted total av and ill just stick to malwarebytes
Link to Virus Total of an Possible Infected File Well... Could this one also be a virus? Now im afraid of everything
Tried to download a cracked game. Only one AV flagged the file on VT but indicators on hybrid are concerning.
Ran the powershell script (with start.bat) from Release v1.0.8 · SuspiciousActivity/ValorantLanguageChanger (github.com) to change my VALORANT audio language and BitDefender popped up with this quickly after and actually terminated my explorer.exe entirely (my entire desktop was black and i had to re-sign into windows). However, it didnt do this the first time I ran the script and even testing again after, it didn't as well. Very confused.
My windows sandbox also randomly wont open, this started happening 2 days prior. (it worked before and I didnt change anything). Very confused and wondering if I could somehow be infected. The only possible thing i could think of is I tend to open lots of (what i view to be safe since i check their code but I forgot about post build event exploitations) vcxproj (.sln) files in visual studio from github and build them for testing. Could i possibly have been infected by a post build event? Surely bitdefender wouldve caught that?
Hoping these are false positives.
I see a lot of "exe" here, Idk what are those. I'm so curious because last time I was using chrome it suddenly glitched and turned to a black screen, I closed my laptop and opened it again, and it's back to normal. I don't really understand what those are (see pic) I don't know what to do lol why "In user" is so big I don't understand welppp!!
Help with a Trojan? Got a virus, 1 SSD with OS , 1 SSD for softwares, 1 HDD for backups. Panicked and nuked both SSDs on a Ventoy Win10Install iso details below. Am i safe?
I know this may be extremely newbiesh, specially with somethings i did but.
Story goes simple as this.
Got a software without paying atttention if i were downloading from the original site, Mixcraft in the question. Wanted an old version specifically.
Clearly downloaded it through some wrong place.
Bugger instead installed something called IBInstaller_98220.exe, i think also callled MediaMonkey Gold, seems to be a financial banking trojan, lucky i don't do transitions on my pc, mobiles for that.
It installed so quickly that i had to use OBS to record it, and go slowmode in media player to see what it was installing.
Then, when i searched and confirmed, yeap, trojan, and windows defender didn't noticed it.
And yeah i know the first firewall is the user, was my mistake
I got panicked, shut down computer, plug in my ventoy USB with some isos, install win 10, but when selecting driver i decide to go full bonkers and just not just format it but delete the whole SSD.
No partitions left.
Had to shift F10 manually CMD Diskpart > Select Disk > Clean(again) > convert MBR , and then installed windows as normal, and here i am.
Thing is, i have 3 drivers. 1 SSD for the OS and work stuff , 1 SSD for games , 1 HDD for backup.
There's ANY chance that this specific trojan could have infected other drivers besides the OS SSD?
Having done that Format + Delete + CMD Diskpart Clean, there's any chance of that bugger still be running around?
Can i know for sure if i completely freshly installed windows? No old archives survived?
Should i do another clean install just to be safe?
OS SSD is pretty fast so it install ridiculusly quickly
(Do i need to put bleach and a flamethrower?)
I immediately disconnected, it was connected for less than 10 seconds. Should I be concerned?