Nelson Thompson 2 Report post Posted February 2 (edited) I am running Windows 7 Pro on an older desk top and during the last few days have been getting a Virus detected and quarantined message on virtually every application that I use. I have been using some of these sights for 10 plus years and never had this issue previously. It persists even when I switch from Firefox to Chrome. I just ran a full scan of the entire computer and get reports of no virus found and have verified that the latest update is installed (as of 2/2/19). When I go to manually initialize Immunet, I see a note that the computer has never been scanned and is not secure even when I have just run a full scan. A typical warning is that f_0001f3 has been detected as Clam.Txt.Trojan.Generic-6840302-0. Quarantine was successful. I even got a message that Firefox Installer was a Trojan. This is very annoying and I would like some suggestions to resolve this issue. Nelson Edited February 2 by Nelson Thompson Add info 2 Quote Share this post Link to post Share on other sites
Simonster 0 Report post Posted February 3 Same here - except mine is with (Google) Chrome Every new tab.... Grrrrrrr! Quote Share this post Link to post Share on other sites
GGG 0 Report post Posted February 3 (edited) I am also having this problem, every time I open a new tab or website in Google Chrome I get a notification that Immunet has quarantined a file called f_(any combo of numbers and letters like, f_00003b / f_047ae5 / f_0aa457) and Clam.Txt.Trojan.Generic-6840302-0. I did a full scan and it said it quarantined 5 files, and then I did a second full scan right after and there were 0 malicious files. I have cleared my Chrome Cache and Reset Browser settings, and restarted my computer several times. I am on Windows 10 Pro (version 10.0.17134) and Chrome version 71, and Immunet update from (2/2/19 which is today), and I get a file quarantined / threat detected every few minutes. I can't even find the files that it is referencing, the path is C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b I can't even reach this file in my system, and I thought clearing my Google cache would help but it has not, and all of the 30 files it has "quarantined" in the last day has had the same path with a change at the end. I don't know what to do EDIT: I have found the files that they deem to be a threat and determined them not to be harmful, they are only my cache preloads, and i have decided to whitelist / have Immunet not search my Chrome Cache file for threats, just because I don't want the program to continuously quarantine my preloads. If what I have just done is very harmful or a very bad idea, please let me know! Edited February 3 by GGG White-listing my cache Quote Share this post Link to post Share on other sites
Urban Haka 1 Report post Posted February 3 I'm receiving the same message when loading Gmail in firefox flagging a cache file as "Txt.Trojan.Generic-6840302-0". I also have a number of anti-spam anti tracking and security plugins installed. It's possible one of them is doing something Immunet doesn't like. ABP, Ghostery, uBlock Origin, https everywhere, canvas defender, privacy badger, firefox multi-account containers and lastpass. I uploaded the cache sample to virus total. The ClamAV engine was the only one to flag this as a trojan. The content is a compressed GZ stream with the following code: this.A2A=this.A2A||{};(function(_){var window=this; try{ var aa,ba,ca,da,ea,fa,ha,ia,ja,ka,la,ma,na,ua,va,wa,xa,ya,za,Ba,Da,Ea,Ia,p,Ja,Ka,Na,Oa,Pa,Qa,Ra,Sa,Ta,Va,Wa,eb,fb,gb,hb,ib,jb,kb,mb,lb,nb,ob,pb,q,t,v,qb,rb,sb,tb,ub,vb,wb,yb,zb,Cb,Ab,Bb,Db,Eb,Fb,x,z;aa=function(a){for(var b=a.length;0<=--b;)a=0};ba=function(a,b,c,d,e){this.te=a;this.Jf=b;this.If=c;this.Ff=d;this.lg=e;this.Nd=a&&a.length};ca=function(a,b){this.zd=a;this.xb=0;this.Wa=b};da=function(a,b){a.T[a.B++]=b&255;a.T[a.B++]=b>>>8&2 Source: https://www.virustotal.com/en/file/6570a85c33d467f10e52bddc31575c4329ca1a6ae9641c4321690a8ae65e41c5/analysis/1549184011/ I've submitted it to clamAV as a false positive. 1 Quote Share this post Link to post Share on other sites
redwater 0 Report post Posted February 3 The same... Quote Share this post Link to post Share on other sites
stealth47 0 Report post Posted February 3 I have gotten rid of the annoying popup by removing immunet from my computer for the time being. Quote Share this post Link to post Share on other sites
Nelson Thompson 2 Report post Posted February 3 2 hours ago, stealth47 said: I have gotten rid of the annoying popup by removing immunet from my computer for the time being. That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue. Nelson Quote Share this post Link to post Share on other sites
GGG 0 Report post Posted February 3 2 hours ago, Nelson Thompson said: That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue. Nelson 5 hours ago, stealth47 said: I have gotten rid of the annoying popup by removing immunet from my computer for the time being. If all of the false positives come from the same folder (mine is the chrome cache) you can whitelist/exclude that folder from Immunet's virus search as I have done. You just go into the settings and add an exclusion and then copy+paste or browse to your folder cache. so open Immunet > settings > add new exclusion > file/folder type > whatever path to your folder you want to whitelist, i did C:\Users\(user name)\AppData\Local\Google\Chrome\User Data\Default\Cache\ and this has resolved my issue Quote Share this post Link to post Share on other sites
panovattack 0 Report post Posted February 3 I am having the same issue, had to WL the directory. Quote Share this post Link to post Share on other sites
ebloch 4 Report post Posted February 4 (edited) My warnings are in FireFox profile. They resulted from the simultaneous opening of eight (8) URLS with an additional two URLs already opened. I disconnected my Win 7 Home SP-1 64 bit PC from network. I manually deleted all items in quarantine and noted several that were detected but Immunet was not able to quarantine. I ran a quick scan and two items were removed. Additionally Immunet shut down!! Without me closing it. I reinstalled using an up to date copy I have resulting in 6.2.4.10819, reconnected the network, and then an update check says everything up to date including definitions installed one hour before problem started. I repeated the the simultaneous opening of eight (8) URLS with an additional two URLs already opened with the result the same except Immunet did not shut down. So leaving the Immunet results alone I opened each URL one at a time and Immunet duplicated its quarantines and quarantine failures. Perhaps the definition file has an inappropriate addition for its newest info? This could be tested if Immunet could supply an older definition file for testing. If this keeps up Immunet will not be of practical use. Edited February 4 by ebloch Quote Share this post Link to post Share on other sites
Wookiee 37 Report post Posted February 4 it might be an issue with a signature, I am looking into it. 2 Quote Share this post Link to post Share on other sites
Rob.Turner 54 Report post Posted February 5 confirmed, is defiantly a Clam false positive. Thanks to everyone who reported this. we're reprod it internally and are working on a fix. In the mean time, if you turn off the clam AV engine in Immunet's settings that'll prevent the constant FP notifications and still keep your computer protected with the immunet cloud engine. We'll notify the thread to turn clam back on as soon as the fp is fixed. 2 Quote Share this post Link to post Share on other sites
Rob.Turner 54 Report post Posted February 5 the The FP'ing sig was fixed late yesterday and it's safe to to turn the Clam engine back on, and but please ensure you start a manual clam definitions update too; by clicking he update now button in immunet gui. And that will ensure the sig is updated asap. Quote Share this post Link to post Share on other sites
Nelson Thompson 2 Report post Posted February 6 My Immunet software is now working correctly with no warnings so I consider this issue closed. Nelson Quote Share this post Link to post Share on other sites
Wookiee 37 Report post Posted February 6 Yeah, like Rob said. We had an issue with a signature but all should be fixed now. Let us know if you have anymore issues. Quote Share this post Link to post Share on other sites
ebloch 4 Report post Posted February 6 Fixed for me also Quote Share this post Link to post Share on other sites
Urban Haka 1 Report post Posted February 9 Thanks for sorting Quote Share this post Link to post Share on other sites
smjaynes 0 Report post Posted February 12 (edited) I am getting a virus warning also on Windows 10 home, trying to update Firefox. Won't let me update it. Even after doing as you stated and with the update! Edited February 13 by smjaynes to clarify used above fix. Quote Share this post Link to post Share on other sites
ritchie58 393 Report post Posted February 13 Could you tell us what the Quarantine detection name is? Actually a screen grab of the little Immunet quarantine window would be very helpful if you can provide that. Quote Share this post Link to post Share on other sites
ritchie58 393 Report post Posted February 14 For any user that experiences what they think may be a False Positive quarantine response we do encourage the use of our official False Positive reporting site at this link.http://www.immunet.com/false_positive Regards, Ritchie... 1 Quote Share this post Link to post Share on other sites