False Positive?

After scanning multiple times and being told my system is clean, at random intervals, I get an alert stating that I have a virus called :GT:JS.RogerDldr.1.719D65B5.

This is what the alert said:

We blocked this dangerous page for your protection:
https://premierlawns.co.uk/new-lawn-care/
Threat name: Trojan.Generic.35490309
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

I've done repeated scans with multiple products and they all come up clean, yet awhile later, I'll get another alert. I cannot find any information about this exact threat. Any advice would be greatly appreciated.

Best Answers

  • Gjoksi
    Gjoksi Defender of the month mod
    Answer ✓

    Hello.
    You might be a victim of adware, so do the following:

    1. Start your PC in Safe Mode, by following these steps:
      https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234
    2. Open the Run command:
      https://www.makeuseof.com/windows-open-run-command-dialog-box/
      and run the below commands one by one:
      temp - delete all the folders/files in the folder
      %temp% - delete all the folders/files in the folder
      prefetch - delete all the folders/files in the folder
    3. Restart your PC in General Mode, by following these steps:
      https://www.techwalla.com/articles/how-to-restart-a-computer-in-normal-mode
    4. Reset/Refresh your browsers:
      Google Chrome - https://support.google.com/chrome/answer/3296214?hl=en
      Mozilla Firefox - https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
      Microsoft Edge - https://malwaretips.com/blogs/reset-microsoft-edge/
      Opera - https://browsersolution.com/reset-opera-browser
      Vivaldi - https://help.vivaldi.com/desktop/install-update/full-reset-of-vivaldi/
      Brave - https://support.brave.com/hc/en-us/articles/360017903152-How-do-I-reset-Brave-settings-to-default-
    5. Run a System Scan with your Bitdefender program.
    6. Restart your PC.
    7. Scan (and disinfect, if needed) your PC with Bitdefender Rescue Environment:
      https://www.bitdefender.com/consumer/support/answer/29132/
    8. Restart your PC.
    9. If the steps provided above didn't help, do the following steps:
      Take screenshot(s) of the issue,
      create a log file on your Windows device using Bitdefender Support Tool, by following these steps:
      https://www.bitdefender.com/consumer/support/answer/1733/
      and
      create a log file on your Windows device using BDsysLog, by following these steps:
      https://www.bitdefender.com/consumer/support/answer/1922/
      Next, contact Bitdefender Consumer Support by e-mail:
      https://www.bitdefender.com/consumer/support/help/
      with short description of the issue.
      After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.
      Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.
      Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.
      Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.
      NOTE: If any of the log file is larger than 25MB, you can upload the log file here:
      https://upload.bitdefender.net/
      After the upload is done, you will get a notification with the file's URL and then you can share the file's URL with the Bitdefender Consumer Support.
      Regards.

  • [Deleted User]
    Answer ✓

    @coasterfan ,

    Welcome to the Bitdefender Forums. I just analyzed that URL using VirusTotal. Only one of 92 security vendors (not Bitdefender) flags that file as malicious.

    I just loaded the URL and got no notification from Bitdefender Total Security.

    This was probably a false positive that was fixed during regular updates by Bitdefender.

    There is no need for concern. I hope this helps. Have a great day.

    Regards,
    Phil

  • Flexx
    Flexx mod
    edited May 6 Answer ✓

    The website indeed contains much malicious JavaScript. Kindly have a look at the link stated below.

    https://sitecheck.sucuri.net/results/https/premierlawns.co.uk

    The website and the malicious JavaScript that it downloads have been shared with the malware research team for detection. The VirusTotal link below should be updated as soon as the detection becomes available.

    https://www.virustotal.com/gui/file/7fbb8c30346a51303dbf21d04ae29637eb03f2e5de9f50929d743031f1deaea5

    https://www.virustotal.com/gui/url/013ce54494112c71c7dc4807dcd8585b1980730051339e72cba61d82176a57ab

    @garioch7 In the past, I've contacted various support teams for different antimalware vendors. They confirm that detections in their product may not always show up on VirusTotal. VirusTotal's updates depend on vendor database URLs provided, but not all detections are guaranteed. Uncertainty exists about how often VirusTotal updates databases from different vendors.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

Answers

  • @Flexx ,

    Thank you for your comments. We will have to respectfully disagree. VirusTotal is the "go-to" site for checking files and URLs for malware.

    This is but one review of the company that you cited:

    https://ca.trustpilot.com/users/641f7e529e3b810012158047

    This is a link to all of the Trustpilot reviews of that site. Scroll down and see the negative reviews.

    https://ca.trustpilot.com/review/sucuri.net

    I will depart this topic. I don't want to hijack the user's topic by debating the relative merits of VirusTotal versus other sites.

    Have a great day.

    Regards,
    Phil

  • Flexx
    Flexx mod
    edited May 6

    Just some information on the website Sucuri: it's not just me; various antimalware vendors redirect users to Sucuri to check for certificates and website-related issues. One such example is the same website mentioned above, which ESET also blocks. I inquired about it on the ESET forum via PM to an administrator, and this is what he replied after receiving information from the malware research team.

    While users might not know exactly how the website Sucuri works, antimalware vendors do understand, and that's why they recommend it.

    While I value Trustpilot user reviews, there's another well-known website called Gartner that you might be familiar with. Here are the reviews of Sucuri on that platform (https://www.gartner.com/reviews/market/cloud-web-application-and-api-protection/vendor/sucuri)

    You are only looking at the negative comments but missing the positive ones.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)