Hi,

I am using Avast free.

So I had the alert yesterday about VBS:Gamaredon-CM [Apt] like a lot of others have, and I’ve seen the confirmation on the Avast twitter account that it was a false positive, however my alert was different than the others I have read about.

Other people have mentioned that Avast quarantined their firefox profiles, or aborted connection to various websites when the alert popped up, but for me it was a file located in C:\ProgramData\Microsoft\Windows\WER\Temp and the infected file was called WER579D . tmp . txt

Is it normal for windows files to have both tmp and txt at the end? I don’t recall seeing that before.

And is this just the same as the other false positives? Is all as it should be and I am not infected?

Thanks.

Hi, best you post/ask in the dedicated forum section/thread.
→ https://forum.avast.com/index.php?topic=318639.0

Oh sorry, should I make another post, or can a moderator move my post?

Another post really isn’t needed. It’s a false positive. Just follow the other threat for
the latest information.