Bitdefender scan found this? How worried should i be?

Answers

  • Since Bitdefender has detected and eliminated the malware, there's no need for you to worry anymore.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Can i be sure it's gone? From what i've been told it could have been a very sophisticated virus meant to steal my personal info.

  • Scott
    Scott ✭✭✭✭✭
    edited August 10

    Hello,

    Depending on where you live, you can run the Kaspersky Virus Removal Tool (if you're in the US, you may need to use a VPV to download and run it from a different country, like Canada). You can also run Norton Power Eraser. These will only leave a folder on your C: and do not install anything that runs in the background. They are temp scanners.

    https://www.kaspersky.com/downloads/free-virus-removal-tool

    https://support.norton.com/sp/en/us/home/current/solutions/kb20100824120155EN

    You could also run a F-Securer's online scan, or ESET online scan, for the peace of mind you're looking for.

    https://www.f-secure.com/en/online-scanner

    https://www.eset.com/ca/home/online-scanner/

    Whatever you use, just be sure you read and understand their notes before running them.

    Kind regards.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • The detection "generic.beacon.marte" indicates that the file being scanned has been flagged as malicious and is likely associated with Cobalt Strike, a popular commercial penetration testing tool often misused by threat actors for malicious purposes.

    Here's what you need to know:

    • Cobalt Strike: A sophisticated framework used for post-exploitation activities, allowing attackers to establish a foothold within a compromised network, laterally move, and exfiltrate sensitive data.
    • Beacon: The core component of Cobalt Strike, a lightweight, stealthy payload implanted on a victim's system, enabling communication with the attacker's command-and-control (C2) server.
    • Marte: Likely refers to a specific variant or configuration of the Cobalt Strike Beacon payload, possibly indicating additional features or obfuscation techniques.
    • Generic: Suggests that the detection is based on behavioral analysis or common characteristics associated with Cobalt Strike Beacons rather than a specific signature or file hash.

    As @Scott mentioned in the previous comment, you can utilize various online antimalware scanners to ensure that no remnants of the infection remain on your system.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hi,

    Exactly, when Bitdefender finds an infection on your computer, it usually takes automatic action against it and gets rid of the malware without requiring any input on your side. That's why it says 'Action taken - Deleted'.
    You can of course run another scan with Bitdefender or even temp scanners and check the results.

    https://www.bitdefender.com/consumer/support/answer/2576/

    Let us know if the subsequent scans found anything.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • I had my harddrive wiped and a new windows installed just in case but after Bitdefender removed this beacon the first time it never respawned. Is it possible that it was a false positive?

  • We can't be sure of this. But I think if Bitdefender already took action and deleted the threat, there's nothing to worry about.

    Premium Security & Bitdefender Endpoint Security Tools user