Is this file a part of avast? Need a quick answer.

Hello,

I’m in the middle of a full scan when Windows Defender detects “WebShield.txt” as a : Trojan:JS/CoinHive.A.

Windows Defender NEVER triggered before.

I did some research online and the txt does seem to be a part of avast, I have seen a similar issue on the forums here, but it was never resolved.

Virus total says im fine except for “Microsoft” and “Jiangmin”

Is this a false positive? Should I be worried?

If it is a part of avast I will allow it or just disable windows defender all together.

Attatching screenshots bellow.

Thanks for help

The Webshield.txt file is a log file from Avast!. You’re fine. False positive from Microsoft.

I had to make hidden files and folders visible to find this. ::slight_smile:

https://i.imgur.com/Ei52i9k.jpg

Are you running Avast in Passive mode ?
Having two resident antivirus scanners can result in conflict.

If not then Windows Defender should have been disabled by the Operating System (Windows Security Centre), it may well be set to run periodic scans (a default action I believe). You should be able to disable the periodic scans by defender.

As Michael mentioned this is a text file, so should be harmless, so why defender is scanning it is beyond me. However, if the web shield has previously made any detection, there could be a URL in the web shield report file, but again not CoinHive.

In the pentesting world, allowing users access to write anything (even text files) is dangerous if unintended.

There is a video working on a HTB box (actually - two of them) done by ippsec. Starts with allowing a PUT [file] request sent to the server with some ASPX as a text file, then executing a MOVE command via HTTP to move the file form a cmd.txt to cmd.aspx. In short, turning the program from a “harmless” text file to a reverse shell. In layman’s terms, creating an vb, vba or vbs script from a text file.

https://www.youtube.com/watch?v=ZfPVGJGkORQ&t=300s

True though, this isn’t the case. The Webshield.txt file is a legitimate Avast! file, and Windows Defender is falsely alerting on it. It can be safely ignored (or deleted) if you prefer.