this post was submitted on 08 Sep 2024
17 points (94.7% liked)

Asklemmy

43891 readers
825 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Hey all, not sure if this is the right place but I figure someone here will be able to help.

Windows Defender found something called "Trojan:Win32/Ashify.J!frn" and failed to quarantine it apparently. This was earlier today that it was detected and it affected a strange file under AppData/Roaming/T2GP Launcher/Steam/Cache/Prod/GpuCache to a text file called "index" with some weird changelogs for a gameboy advance emulator.

No google results pointed to anything meaningful. Only a few posts suggesting the games launcher may have prompted a false positive, an old post about password protected files from 2022, and a malwarebytes warning from 2kgames spreading Red Line malware from 2022 as well.

Just checking to see if anyone knows anything or has experienced something similar before!

top 6 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 2 points 2 months ago

I'd be happy to check its contents on MacOS or Linux. But I also agree with the virustotal recommendation.

[โ€“] [email protected] 10 points 2 months ago

Upload the files to virustotal to see what it says.

[โ€“] [email protected] 5 points 2 months ago (1 children)

This will almost certainly be a false positive, its a heuristics(I think that's the correct term) based detection, basically just matches certain characteristics of files that have been related to that trojan.

These days Defender has exceptional real time malware scanning capabilities, it often picks up stuff as you download it or even as it executes. If this was a detection of an existing file, its very likely a false positive.

[โ€“] [email protected] 1 points 2 months ago

Thanks that is very reassuring.

[โ€“] [email protected] 4 points 2 months ago* (last edited 2 months ago) (1 children)

The definitions picked up as a different name from everything almost everybody just refers to it is a generic Trojan.

It could very well just be a false positive but I wouldnt leave it at that.

An offline windows defender scan would be a good idea.

You can always switch over to bitdefender there's a free version of you search hard enough. Don't run Windows defender and bit defender at the same time long term but it's not a bad way to get a second opinion.

[โ€“] [email protected] 3 points 2 months ago

Thank you very much, I appreciate the insight.