Hi, first post here. While in a sandbox, I went and found the text for the ILOVEYOU worm on some webpage and copy/pasted this into notepad and saved it as a text file. If necessary I can provide the text code and webpage, but I suspect this is against the rules so let me know if it’s not & you want to see it.

Anyway, I had heard that some AV software can detect the worm even without the extension and I was just curious about this. So with the file named as “LOVE-LETTER-FOR-YOU.txt” I scanned it in Avast… no threat detected. Next I added the *.vbs extension to the file so it was named “LOVE-LETTER-FOR-YOU.txt.vbs” and scanned it again… no threat detected. Finally I pulled up MalwareBytes and scanned it once more and it found nothing as well. However immediately after MB was done scanning it, Avast detected the threat and said something like “it was removed right before being opened”. Seems weird to me… do you guys know what’s going on with the detection issues here? And why is Avast indicating that the file was about to be opened when MalwareBytes finished scanning it?

FYI I have my scan settings for individual items set to include PUP and to “scan whole files”.

Last thing I did was restore it from the chest and remove the *.vbs from the end of the filename. When I did this, Avast detected it automatically without requiring a scan.