VS code infected file detected

Hello,

Last couple days I've been getting notifications about a detection of a file. (screenshot below is in dutch and says that bit defender has deleted the item)

Are these false positives, or what could be causing this?

is there a good way for me to see what the origin is of this file and what is triggering it, (I know its probably a vs code extension). but I don't see one that has been updated that recently.

What should I do with this information and how do I proceed?

Thanks for your time and help

Comments

  • Flexx
    Flexx mod
    edited June 1

    It's a temporary file that is detected by cloud-based detection.

    Temporary files, often called temp files, are files created by programs to store temporary data. These files are usually meant to hold information temporarily while the program is running and can be deleted after the program is closed or the task is completed. They help in smooth functioning and faster processing of tasks.

    Cloud-based malware detection is a system that uses the internet to find and identify harmful software (malware). Instead of relying on signature-based detection created by malware researchers, it checks files and activities against a database in the cloud, providing faster and more accurate protection.

    Open the Run command and execute the following commands one by one:

    temp - delete all the files in the folder

    %temp% - delete all the files in the folder

    prefetch - delete all the files in the folder

    That's it. You are good to go.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • I had the same problem yesterday. I suspect it's a false positive because the source is https://download.visualstudio.microsoft.com

    The file is:

    Contents/VC/Tools/MSVC/14.40.33807/bin/Hostx86/x86/editbin.exe

    The same update is currently downloading again and so far no BD detection. I'm going to try and get the SHA-256 hash of the file so that I can search for it on Virus Total.

  • I've restored the file from quarantine to a different folder (editbin.exe):

    SHA-256: 2f6a4cea14df9f5933524052527e0dc7724460e883344bd4f3b9f55f53255b2d

    and Bit Defender is no longer detecting anything in it and Virus Total also has no detections. So it seems that Bit Defender confirms that it's a false positive.

  • Flexx
    Flexx mod
    edited June 1

    Bitdefender's cloud-based detections are not displayed on VirusTotal, which only shows signature-based detections created by malware researchers. The mentioned detection is cloud-based and independent of researcher-created signatures.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)