Jump to content
Nelson Thompson

Virus Warning

By Nelson Thompson, in Immunet Support (Issues/Defects)

Recommended Posts

Nelson Thompson    2

Nelson Thompson
Posted (edited)

I am running Windows 7 Pro on an older desk top and during the last few days have been getting a Virus detected and quarantined message on virtually every application that I use.  I have been using some of these sights for 10 plus years and never had this issue previously.  It persists even when I switch from Firefox to Chrome.  I just ran a full scan of the entire computer and get reports of no virus found and have verified that the latest update is installed (as of 2/2/19).  When I go to manually initialize Immunet, I see a note that the computer has never been scanned and  is not secure even when I have just run a full scan. 

A typical warning is that f_0001f3 has been detected as Clam.Txt.Trojan.Generic-6840302-0.  Quarantine was successful.  I even got a message that Firefox Installer was a Trojan.

This is very annoying and I would like some suggestions to resolve this issue.

Nelson

 

Edited by Nelson Thompson
Add info
  • Like 2

Share this post

Link to post
Share on other sites

GGG    0

GGG
Posted (edited)

I am also having this problem, every time I open a new tab or website in Google Chrome I get a notification that Immunet has quarantined a file called f_(any combo of numbers and letters like, f_00003b / f_047ae5 / f_0aa457) and Clam.Txt.Trojan.Generic-6840302-0. I did a full scan and it said it quarantined 5 files, and then I did a second full scan right after and there were 0 malicious files. I have cleared my Chrome Cache and Reset Browser settings, and restarted my computer several times. I am on Windows 10 Pro (version 10.0.17134) and Chrome version 71, and Immunet update from (2/2/19 which is today), and I get a file quarantined / threat detected every few minutes. I can't even find the files that it is referencing, the path is C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b     I can't even reach this file in my system, and I thought clearing my Google cache would help but it has not, and all of the 30 files it has "quarantined" in the last day has had the same path with a change at the end. I don't know what to do

EDIT: I have found the files that they deem to be a threat and determined them not to be harmful, they are only my cache preloads, and i have decided to whitelist / have Immunet not search my Chrome Cache file for threats, just because I don't want the program to continuously quarantine my preloads. If what I have just done is very harmful or a very bad idea, please let me know!

Edited by GGG
White-listing my cache

Share this post

Link to post
Share on other sites

Urban Haka    1

Urban Haka
Posted

I'm receiving the same message when loading Gmail in firefox flagging a cache file as "Txt.Trojan.Generic-6840302-0". I also have a number of anti-spam anti tracking and security plugins installed. It's possible one of them is doing something Immunet doesn't like.

ABP, Ghostery, uBlock Origin, https everywhere, canvas defender, privacy badger, firefox multi-account containers and lastpass.

I uploaded the cache sample to virus total. The ClamAV engine was the only one to flag this as a trojan. The content is a compressed GZ stream with the following code:

this.A2A=this.A2A||{};(function(_){var window=this;
try{
var aa,ba,ca,da,ea,fa,ha,ia,ja,ka,la,ma,na,ua,va,wa,xa,ya,za,Ba,Da,Ea,Ia,p,Ja,Ka,Na,Oa,Pa,Qa,Ra,Sa,Ta,Va,Wa,eb,fb,gb,hb,ib,jb,kb,mb,lb,nb,ob,pb,q,t,v,qb,rb,sb,tb,ub,vb,wb,yb,zb,Cb,Ab,Bb,Db,Eb,Fb,x,z;aa=function(a){for(var b=a.length;0<=--b;)a=0};ba=function(a,b,c,d,e){this.te=a;this.Jf=b;this.If=c;this.Ff=d;this.lg=e;this.Nd=a&&a.length};ca=function(a,b){this.zd=a;this.xb=0;this.Wa=b};da=function(a,b){a.T[a.B++]=b&255;a.T[a.B++]=b>>>8&2

Source: https://www.virustotal.com/en/file/6570a85c33d467f10e52bddc31575c4329ca1a6ae9641c4321690a8ae65e41c5/analysis/1549184011/

I've submitted it to clamAV as a false positive.

  • Thanks 1

Share this post

Link to post
Share on other sites

Nelson Thompson    2

Nelson Thompson
Posted
2 hours ago, stealth47 said:

I have gotten rid of the annoying popup by removing immunet from my computer for the time being.

 

That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue.

Nelson

Share this post

Link to post
Share on other sites

GGG    0

GGG
Posted
2 hours ago, Nelson Thompson said:

That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue.

Nelson

 

5 hours ago, stealth47 said:

I have gotten rid of the annoying popup by removing immunet from my computer for the time being.

 

If all of the false positives come from the same folder (mine is the chrome cache) you can whitelist/exclude that folder from Immunet's virus search as I have done. You just go into the settings and add an exclusion and then copy+paste or browse to your folder cache.

so open Immunet > settings > add new exclusion > file/folder type > whatever path to your folder you want to whitelist, i did  C:\Users\(user name)\AppData\Local\Google\Chrome\User Data\Default\Cache\   and this has resolved my issue

Share this post

Link to post
Share on other sites

ebloch    4

ebloch
Posted (edited)

My warnings are in FireFox profile. They resulted from the simultaneous opening of eight (8) URLS with an additional two URLs already opened.

I disconnected my Win 7 Home SP-1 64 bit PC from network. I manually deleted all items in quarantine and noted several that were detected but Immunet was not able to quarantine. I ran a quick scan and two items were removed.

Additionally Immunet shut down!! Without me closing it.

I reinstalled using an up to date copy I have resulting in 6.2.4.10819, reconnected the network, and then an update check says everything up to date including definitions installed one hour before problem started.

I repeated the the simultaneous opening of eight (8) URLS with an additional two URLs already opened with the result the same except Immunet did not shut down.

So leaving the Immunet results alone I opened each URL one at a time and Immunet duplicated its quarantines and quarantine failures.

Perhaps the definition file has an inappropriate addition for its newest info? This could be tested if Immunet could supply an older definition file for testing.

If this keeps up Immunet will not be of practical use.

Edited by ebloch

Share this post

Link to post
Share on other sites

Rob.T    57

Rob.T
Posted

confirmed, is defiantly a Clam false positive.  Thanks to everyone who reported this.  we're reprod it internally and are working on a fix.  In the mean time, if you turn off the  clam AV engine in Immunet's settings  that'll prevent the constant FP  notifications  and still keep your computer protected with the immunet  cloud engine.  We'll notify the thread  to turn clam back on as soon as the fp is fixed.

 

 

  • Like 2

Share this post

Link to post
Share on other sites

Rob.T    57

Rob.T
Posted

the The FP'ing sig was fixed late yesterday and it's safe to to turn the Clam engine back on,  and but please ensure you start a manual clam definitions update too; by clicking he update now button in immunet  gui.  And that will ensure the  sig is updated    asap.

 

Share this post

Link to post
Share on other sites

Guest Wookiee   

Guest Wookiee
Posted

Yeah, like Rob said. We had an issue with a signature but all should be fixed now.
Let us know if you have anymore issues.

Share this post

Link to post
Share on other sites

smjaynes    0

smjaynes
Posted (edited)

I am getting a virus warning also on Windows 10 home, trying to update Firefox. Won't let me update it. Even after doing as you stated and with the update!

Edited by smjaynes
to clarify used above fix.

Share this post

Link to post
Share on other sites

ritchie58    421

ritchie58
Posted

Could you tell us what the Quarantine detection name is? Actually a screen grab of the little Immunet quarantine window would be very helpful if you can provide that.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...