Xlsx File Flaged As Malware: False positive Infection?

Hi everyone!

I've got the message below after the latest update of bitdefender.

The file C:\[...]\Espanso - comandos (1).xlsx=>(dummy) is infected with XLM.Formulas.Abracadabra.4.Gen and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean

I tried to restore the oldest version of it (aug/2022) from google drive but again bitdefender reported it as mallware as it was downloading.

It is a simple excel file where I store some commands and code as text.

Seems to me as it might be a false positive? How can I know for sure?

thanks

Answers

  • I experienced exactly the same since today, on one of my own Excel files with the same message ".. infected with XLM.Formulas.Abracadabra.4.Gen ..". And after which I did performed a full system scan, where even more (8) other (incl. older) Excels files where seen as infected with this and resolved...

    Besides I'm happy that bitdefender found & resolved it, I'm also very doubtfull about this (whether it isnt a false positive) and was looking for details about this 'virus' in my Excel files .... and landed by this post. Which makes we wonder even more.

    P.S. (1) And when I performed a full scan om my laptop, it even found other (and older unused) Excel files now infected with 'Formulas.Vita.17'. Makes we wonder even more about whether it being a false-positive?

    P.S. (2) In most of my 'infected' Excel there are also 'complex' Excel formulas used (like VLOOKUP etc) and conditial formatting (with Excel formulas), is that maybe now falsely seen as those infection of 'Abracadabra.4.Gen' and/or 'Vita.17' ?


    So dear Bitdefender, please us out and help and check this out whether this is a thru infection or a false positive?

    How can we know for sure that our precious files have been infected (and lost for ever) or whether it's a false positive and/or maybe due an error in the last update?

    Many thanks for helping out in advance.

  • Scott
    Scott Defender of the month mod

    Hello :)

    False positives may be submitted here.

    Kind regards,

    Scott

    All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Can you share the virustotal link here.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    As checked you have shared the virustotal link of the url. Can you share the virustotal link of the excel file that was detected.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • I'm afraid that won't be possible. I sent the file to Virus total by sharing it's url from google drive as bitdefender was blocking even the upload of the xlsx.

    By now, I'm able to open and work on the excel file again. Not sure if bitdefender fixed it or any recent update fixed any issues with false positive detections.

  • Virus total check. I ran it today.

    96597abe5938d4f8d0370405a350221edd1cf7937ed1f0beb2c1c209d7fe64d4

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)