Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/Bluteal.B!rfn False Positive?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Mike_Soda

Mike_Soda

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:04 PM

Posted 24 June 2018 - 10:27 PM

After running my weekly Malwarebytes Free Scanner only which found nothing, I followed up with a Windows Defender scan as usual which found this. I've entered a lot of sensitive information the past week. There's absolutely no way I can change all of my passwords this very second or close then re-open a new bank account before something happens either. I really don't understand how I got infected with a Trojan when I practice limited safe browsing by always scanning a website with Virus Total, Norton Safe Web & Google Transparency Report. I also don't understand how Windows Defender, a bottom of the barrel protection, found something Malwarebytes didn't. Microsoft has said they don't aim for it to be the best AV, just a standard other companies dedicated to it should always be better than. I have 2 factor Authentication enabled on everything & no unusual bank charges have been made so far. I also use NoScript & uBlock extensions for Firefox which is always up-to-date. The only new websites I've browsed the past week that I can remember are these listed below which all checked out okay. I really need to know this was hopefully just a false positive & or how I can go about further determining that besides Malwarebytes not detecting it.

Attached Files


Edited by JSntgRvr, 24 June 2018 - 10:55 PM.
Remove links otherwise considered as Spam.

Ryzen 5 1500X @ 3.9GHz On 1.3625V | MSI B350M Gaming Pro | 16GB G.Skill Ripjaws V DDR4 3200MHz | 3GB MSI GTX 1060 Gaming X 2063MHz Core 9408MHz Mem | EVGA G2 550W | 250GB Samsung 850 EVO | Windows 10 Home 64-bit Version 1803 (OS Build 17134.112) | MasterCase Pro 3


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:04 PM

Posted 24 June 2018 - 10:54 PM

Hi, Mike_Soda :)

 

Trojan:Win32/Bluteal.B!rfn is a heuristic detection designed to generically detect a Trojan Horse. Due to the generic nature of this threat, we are unable to provide specific information on what it does. Files reported as Trojan:Win32/Bluteal.B!rfn may not necessarily be malicious. Should you be uncertain as to whether a file has been reported correctly, you can submit the affected file to https://www.virustotal.com/en/ to be scanned with multiple antivirus engines.

 

But as far as I am concern, this is a false positive.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Mike_Soda

Mike_Soda
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:04 PM

Posted 24 June 2018 - 10:59 PM

Hi, Mike_Soda :)

 

Trojan:Win32/Bluteal.B!rfn is a heuristic detection designed to generically detect a Trojan Horse. Due to the generic nature of this threat, we are unable to provide specific information on what it does. Files reported as Trojan:Win32/Bluteal.B!rfn may not necessarily be malicious. Should you be uncertain as to whether a file has been reported correctly, you can submit the affected file to https://www.virustotal.com/en/ to be scanned with multiple antivirus engines.

 

But as far as I am concern, this is a false positive.

Thank you so much, I was going to submit to VirusTotal right now but I can't even find it. Do I need to click Allow in my Windows Defender next to the threat? It says it's removed though, I'm confused as to how it can allow something that's gone or would that somehow restore it?


Ryzen 5 1500X @ 3.9GHz On 1.3625V | MSI B350M Gaming Pro | 16GB G.Skill Ripjaws V DDR4 3200MHz | 3GB MSI GTX 1060 Gaming X 2063MHz Core 9408MHz Mem | EVGA G2 550W | 250GB Samsung 850 EVO | Windows 10 Home 64-bit Version 1803 (OS Build 17134.112) | MasterCase Pro 3


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:04 PM

Posted 25 June 2018 - 01:05 PM

Restore quarantined files in Windows Defender AV
  1. Open Windows Defender Security Center.
  2. Click Virus & threat protection and then click Scan history.
  3. Under Quarantined threats, click See full history.
  4. Click Restore for any items you want to keep. (If you prefer to remove them, you can click Remove.)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Mike_Soda

Mike_Soda
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:04 PM

Posted 26 June 2018 - 12:19 PM

 

Restore quarantined files in Windows Defender AV
  1. Open Windows Defender Security Center.
  2. Click Virus & threat protection and then click Scan history.
  3. Under Quarantined threats, click See full history.
  4. Click Restore for any items you want to keep. (If you prefer to remove them, you can click Remove.)

 

Thank you, unfortunately it's not listed in Quarantined so I'm guessing in the panic that night I simply removed the threat instead. So I'll just allow the related Affected items: file: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\daf01e12fa59ed340363c44b7deff15e\Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll


Ryzen 5 1500X @ 3.9GHz On 1.3625V | MSI B350M Gaming Pro | 16GB G.Skill Ripjaws V DDR4 3200MHz | 3GB MSI GTX 1060 Gaming X 2063MHz Core 9408MHz Mem | EVGA G2 550W | 250GB Samsung 850 EVO | Windows 10 Home 64-bit Version 1803 (OS Build 17134.112) | MasterCase Pro 3


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:04 PM

Posted 26 June 2018 - 12:43 PM

Next time around you will be prepared.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users