Trying to determine if this is a false positive Trojan or not.

Cody L

Hi,

Last night I was notified by Bit Defender of an infected file detected, but I am trying to determine if this was a false positive or not.

The infected file in question was a CapabilityAccessManager file, specifically CapabilityAccessManager.db-shm.

The infection was listed as Trojan.Generic.1582539

The attack timeline was as follows

Operating system executed wininit.exe - wininit.exe signed by Microsoft Corporation executed services.exe - services.exe signed by Microsoft Corporation executed svchost.exe - The file C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\CapabilityAccessManager.db-shm is infected with Trojan.Generic.1582539 and was moved to quarantine.

At first, I was pretty alarmed, as I am exceedingly careful about security. No suspicious files downloaded; no sketchy websites visited etc, no links or pdf's opened through email from random senders etc. I have no idea how I could have gotten a Trojan.

I immediately ran several full system scans with Bit Defender, even setting up a custom scan to make sure it didn't skip over files or programs that haven't been modified, but not a single scan picked up any threats.

I plan to run a Windows Defender offline scan as well, and have contemplated booting into safe mode to delete all the temporary files, browser cookies and restore points etc. Is this an overreaction? What is the likelihood this was a false positive. I'm not the most knowledgeable about more in-depth computer security aside from don't download things you don't trust, but the attack timeline doesn't look suspicious to me? It appears to all be legitimate Microsoft executables, and the .db-shm file seems to be a fairly common file that wouldn't be out of the ordinary on a computer (at least I think after a few hours of google?) I also tried to actually grab the file and upload it to virustotal but the folder it was located in is a protected folder, that I don't have read access to, and I wasn't fully sure how to remedy that and figured it was best to stop poking around with things before trying a less intrusive method.

Is this likely a false positive or should I take further steps to remove the potential trojan?

Gjoksi

Hello.

Only the malware researchers at Bitdefender Lab can help you with the issue, so do the next steps.

First, take screenshot(s) of the issue,

create a log file on your Windows device using Bitdefender Support Tool, by following these steps:

https://www.bitdefender.com/consumer/support/answer/1733/

and

create a log file on your Windows device using BDsysLog, by following these steps:

https://www.bitdefender.com/consumer/support/answer/1922/

Next, contact Bitdefender Consumer Support by e-mail:

https://www.bitdefender.com/consumer/support/help/

with short description of the issue.

After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.

Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.

Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.

Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.

You could also perform a scan with these FREE malware removal tools:

Kaspersky Virus Removal Tool 2020

https://www.kaspersky.com/downloads/free-virus-removal-tool

ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

Malwarebytes AdwCleaner

https://adwcleaner.malwarebytes.com/adwcleaner?channel=release

Regards.