Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at:

Thank you for your understanding.

Trying to determine if this is a false positive Trojan or not.



Last night I was notified by Bit Defender of an infected file detected, but I am trying to determine if this was a false positive or not.

The infected file in question was a CapabilityAccessManager file, specifically CapabilityAccessManager.db-shm.

The infection was listed as Trojan.Generic.1582539

The attack timeline was as follows

Operating system executed wininit.exe - wininit.exe signed by Microsoft Corporation executed services.exe - services.exe signed by Microsoft Corporation executed svchost.exe - The file C:\ProgramData\Microsoft\Windows\CapabilityAccessManager\CapabilityAccessManager.db-shm is infected with Trojan.Generic.1582539 and was moved to quarantine.

At first, I was pretty alarmed, as I am exceedingly careful about security. No suspicious files downloaded; no sketchy websites visited etc, no links or pdf's opened through email from random senders etc. I have no idea how I could have gotten a Trojan.

I immediately ran several full system scans with Bit Defender, even setting up a custom scan to make sure it didn't skip over files or programs that haven't been modified, but not a single scan picked up any threats.

I plan to run a Windows Defender offline scan as well, and have contemplated booting into safe mode to delete all the temporary files, browser cookies and restore points etc. Is this an overreaction? What is the likelihood this was a false positive. I'm not the most knowledgeable about more in-depth computer security aside from don't download things you don't trust, but the attack timeline doesn't look suspicious to me? It appears to all be legitimate Microsoft executables, and the .db-shm file seems to be a fairly common file that wouldn't be out of the ordinary on a computer (at least I think after a few hours of google?) I also tried to actually grab the file and upload it to virustotal but the folder it was located in is a protected folder, that I don't have read access to, and I wasn't fully sure how to remedy that and figured it was best to stop poking around with things before trying a less intrusive method.

Is this likely a false positive or should I take further steps to remove the potential trojan?