PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.341.FEC4D355
Hi, I'm getting the notification: PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.341.FEC4D355 and was blocked. Your device is safe.
When running Visual Studio 2022 powershell console, in the console I get an error:
At line:1 char:1
+ &{Import-Module "C:\Program Files\Microsoft Visual Studio\2022\Commun ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This ****** contains malicious content and has been blocked by your antivirus software.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent
How to find which part is actually causing the issue so i can add it to the exclusions?
Answers
-
Hello.
In this case, only the malware research engineers at Bitdefender Labs can help you.
First, take screenshot(s) of the issue
and create a log file on your Windows device using BDsysLog, by following these steps:
Next, contact Bitdefender Consumer Support by e-mail:
with short description of the issue.
After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.
Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log file you already created in the first step.
Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.
Remember that the screenshot(s) and the log file will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.
Regards.
1 -
Check if below steps helps you in any way.
1) Restart PC in safe mode (https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234)
2) Open run command and run below command one by one:
temp ,delete all the files in the folder
%temp% ,delete all the files in folder
prefetch ,delete all the files in folder
3) Restart your PC in general mode by unticking the option that you selected to run the system in safe mode and then click apply.
4) Reset your browsers:
Google Chrome (https://support.google.com/chrome/answer/3296214?hl=en)
Mozilla Firefox (https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings)
Microsoft Edge (https://malwaretips.com/blogs/reset-microsoft-edge/)
Vivaldi (https://help.vivaldi.com/desktop/install-update/full-reset-of-vivaldi/)
Brave (https://support.brave.com/hc/en-us/articles/360017903152-How-do-I-reset-Brave-settings-to-default-)
5) Now, to be on a safer side, I would also advise you to run these portable scanners which do not require any installation
* Download and run Malwarebytes AdwCleaner (https://www.malwarebytes.com/adwcleaner)
* ESET Online Scanner (https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe)
* Download and run a scan with Kaspersky Virus Removal Tool (https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe). Make sure you checkmark System Memory, Startup Objects, Boot Sectors & System Drive before running a scan.
6) Run a full system scan with Bitdefender and check if the issue still persists.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Will follow the same resolution process since my computer had the same suspicious activity blocked. Can you share if you were able to resolve it? Thanks for the space.
0 -
I'm getting the same suspicious activity. I initially thought a false positive but have changed my mind. Anyone resolved this? I'll try going through the steps too.
0 -
Got the same problem but only happens if you reboot your pc after using adwcleaner.
0 -
And now Im getting the same exact thing... Im fairly certain its something buggy in Bitdefender as a whole lot of people are now starting to see it
0 -
@ticodigital @Brian5 @Melli @BDiff
Hello.
You should contact Bitdefender Consumer Support by chat, telephone or e-mail:
Regards.
0 -
Hi,
It could also be a false positive detection. Check my comment in the thread below, for a bit more context regarding Powershell scripts:
Regards
Premium Security & Bitdefender Endpoint Security Tools user
1 -
Check if below steps helps you in any way.
1) Restart PC in safe mode (https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234)
2) Open run command and run below command one by one:
temp ,delete all the files in the folder
%temp% ,delete all the files in folder
prefetch ,delete all the files in folder
3) Restart your PC in general mode by unticking the option that you selected to run the system in safe mode and then click apply.
4) Reset your browsers:
Google Chrome (https://support.google.com/chrome/answer/3296214?hl=en)
Mozilla Firefox (https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings)
Microsoft Edge (https://malwaretips.com/blogs/reset-microsoft-edge/)
Vivaldi (https://help.vivaldi.com/desktop/install-update/full-reset-of-vivaldi/)
Brave (https://support.brave.com/hc/en-us/articles/360017903152-How-do-I-reset-Brave-settings-to-default-)
5) Now, to be on a safer side, I would also advise you to run these portable scanners which do not require any installation
* Download and run Malwarebytes AdwCleaner (https://www.malwarebytes.com/adwcleaner)
* ESET Online Scanner (https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe)
* Download and run a scan with Kaspersky Virus Removal Tool (https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe). Make sure you checkmark System Memory, Startup Objects, Boot Sectors & System Drive before running a scan.
6) Run a full system scan with Bitdefender and check if the issue still persists.
If issue persists, kindly contact bitdefender support by dropping them an email at bitsy@bitdefender.com
The support team will reply back to your query within next 24-48 hours excluding weekends.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.341.0F803EEB and was blocked. Your device is safe.
This is the Notification from bitdefender when using a very good tweak tool made by https://christitus.com/one-tool-for-everything/
It is the best windows tool, this guy has a youtube channel, very technical person and I personally use this tool for more than one year without any issue whatsoever.
I don't have any option to add an exclusion, I tried to add the URL christitus.com but has no effect, Bitdefender keeps detecting it as malware. As long as I pay this antivirus for years and I know what I'm doing I should have an option or something.
0 -
If you think the website/ file is incorrectly blocked by bitdefender you can share the same with malware researchers by filling up the forum in below stated link
If website/ file is indeed incorrectly blocked, detection will be removed in maximum of 72 hours and if the detection still remains after 72 hours, considere the website/ file as malicious by malwrae researchers and the detection will stay.
Check if below steps help:
1) Temporarily disable Bitdefender Protection:
2) Set website exclusion in Bitdefender:
3) Set exclusion in Bitdefender Antivirus:
4) Set exclusion in Bitdefender Advanced Threat Defense:
5) Re-enable real time protection in Bitdefender.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
I've tried all those things for the exact same tool (life saver, btw) and Bitdefender absolutely ignores the exceptions I place and doesn't care what I tell it to ignore. On top of that, it doesn't give us any information on where that "Heur.BZC.ZFV.Boxter.830.D47A37E4" is located, so if it's a file we can't add it to the exceptions (despite the exceptions being uselss), and we have no option of ANY kind to label scripts as false positives, other than reporting it to customer support, and good luck getting anyone to actually do anything with it.
As a final note, disabling the antivirus and ATP still blocks scripts, when they're DISABLED!!!
If you (bitdefender) at least gave us the option to label a false positive we could actually solve these stupid problems, even temporarily. This is unacceptable and you need to give us a better solution. I plan on switching to another endpoint protection until I see a functional improvement.
0 -
Generate bitdefender BDsysLog:
Generate bitdefender support tool logs:
Generate bitdefender connectivity logs:
Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com
The support team will reply back to your query within next 24-48 hours excluding weekends.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
retertert
0 -
I have had these similar issues for years using Bitdefender, in particular Heur.bzc.pzq.boxter.231.f1e1a72c. It is 100% correct that Bitdefender does not honor the Exclusions. That code is useless. I'm in a real pickle on what product to use. I refuse to use Norton, Kapersky, McAfee, etc. I've gone back and forth with Bitdefender. I like it but hate it...
1 -
I have similar issiues too.
Could you please give me real decision.
0 -
Generate bitdefender BDsysLog:
Generate bitdefender support tool logs:
Generate bitdefender connectivity logs:
Share the logs & your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com
The support team will reply back to your query within next 24-48 hours excluding weekends.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Hi,
I sent an e-mail with all logs to bitsy@bitdefender.com two days before.🤔 There is no reply back to my query.
Today I sent the same query to the support team via Bitdefender central.
Can anyone help me to give an adequate solution to the problem?
Thanks!🙂
1 -
The usual response timeframe varies between 24 to 48 hours, depending on the volume of incoming requests. The Support engineers will get to your inquiry as soon as possible. Please do not open multiple tickets, as this will not speed up the process, but may double the work.
Thank you for your patience.
Regards
Premium Security & Bitdefender Endpoint Security Tools user
1 -
I will wait for response.
Thank you Alexandru_BD
1 -
is this a false positive?
from a powershell terminal, i am able to open text files that are not "protected", like text files in my downloads folder. when copied to a protected folder like c:\windows\system32\, i am still able to open it.
but when i tried to open hosts file, or any other protected files, bitdefender blocks the command with the message included below
a bitdefender full system scan did not detect Heur.BZC.ZFV.Boxter.341.FEC4D355 or Heur.BZC.ZFV.Boxter.834.0982E78E
bitdefender does not allow me to open a protected file with any text editor stating "PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.834.0982E78E and was blocked. Your device is safe."
is powershell compromised?
This chain of posts started way back in June 2022... i hope that a resolution is provided soon or confirmation of my findings above is given.
cheers!
0 -
Upload your host file to virustotal and share the link here.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1