False positive - what is Trojan.GenericKD.48174843?
Hello,
my BitDefender detected Trojan.GenericKD.48174843 in a file:
"Kwestionariusz_wstępnego_wywiadu_przesiewowego_przed_szczepieniem_osoby_dorosłej_przeciw_COVID-19_(wersja_docx).docx" from https://www.gov.pl/attachment/c6109501-068a-410c-a3b5-05e2f4eb8efe
Which is weird because I opened this file before and it worked just fine. It is from official polish government's website. I do not think it is really a virus, however I would appreciate to be sure. That is why I would like to be told if it is indeed false positive and if not what danger did it posed to my safety.
Best Answer
-
I have just received an update from the malware research team through the support team. The detection for the file has been removed.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
3
Answers
-
Hello @Mizgal and welcome to the Community!
Thank you for bringing this to our attention. Indeed, this is a false positive and the fix will be implemented via an automated update.
Best regards.
Premium Security & Bitdefender Endpoint Security Tools user
1 -
Thanks, I am feeling safer!
Best ragards!
1 -
Hello, I have the same issue.
Is the update be released?
Thank you
0 -
As checked the detection has been removed.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Bitdefender is detecting a Trojan.GenericKD.50160359 on online.michiganfirst.com/ which is an official banking website. I contacted the bank, which says everything is OK. I also filed a false positive report 4 days ago but the problem isn't resolved. Does that mean the bank's website is infected? Virustotal says it's not, but I don't know what to think.
0 -
The site opens without any problems on my phone.
@Alexandru_BD and @Mike_BD Please, take a look here. Thanks.
2 -
BUT, when i tried to open the site on my laptop, here are the results with the latest Bitdefender database updates:
I think that ONLY the malware research engineers from Bitdefender Labs can solve this issue. So, @Jega, you must wait for their response.
Regards.
1 -
1
-
Thanks, got hold of the actual .dll file. Seems like a false detection. Will get it checked with malware researchers.
https://www.virustotal.com/gui/file/2a6eea57c4585ad9a7b27dbe4dabbc22884741a7a21794ac7ac683e1c26894dc
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
2 -
@mrmirakhur, @Gjoksi79_ my hat's off to you guys, great effort.
Thank you!
Premium Security & Bitdefender Endpoint Security Tools user
1 -
'Not fixed, if I just got this'
We blocked this dangerous page for your protection:
[*url removed by @Flexx*]
Threat name: Trojan.GenericKD.71538423
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.
0 -
The block will remain since the website downloads malicious JavaScript when surfing. Below is the VirusTotal link, which shows the malicious JavaScript it downloads, and many other vendors also detect the downloaded JavaScript as malicious.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Hiya!
I got a similar trojan detection from Bitdefender:
"The file C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe is infected with Trojan.GenericKD.72992858 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean."
Is this also false detection? I doubt Wallpaper Engine or any Steam games can be infected but I want to make sure…0 -
Hi @maija2maija,
It could be a false positive. I would recommend to use the form located at the link below to report this detection to the Bitdefender Labs:
Once confirmed, false alarms are corrected within hours.
Regards,
Alex
Premium Security & Bitdefender Endpoint Security Tools user
1 -
Hi @Alexandru_BD ,
Thank you so much for the answer, I appreciate it!
Should I remove the file from quarantine so I can report it?
Kind regards,
Maija1 -
You are most welcome. Yes, you need to take it out from the quarantine. An exception is automatically placed on the location where it is removed (on the file, that is), then use the form to send the sample.
Premium Security & Bitdefender Endpoint Security Tools user
1 -
Thank you again, Alex! You've made my day; I wish you all the best!
Kind regards,
Maija2 -
Hello again!
I think I sent the wrong file to get checked and I tried to send a new report but it seems the site won't let me do it. What should I do?
0 -
You could try sending the samples via the Bitdefender business submission website. Ultimately, it will be delivered to the same malware research team. Below is the submission link for submitting samples to the malware research team via the business forum.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
2 -
Hello Flexx,
Thank you for replying! I tried submitting and it went through!
Thank you so much for the help!Kindest Regards,
Maija2
