I am working on a customer’s website (a big customer, so I would appreciate a quick response) and all of a sudden I got a warning from Avast saying it found the trojan VBS:Bicololo-AL
Also found some references in other forums or even in this forum about some variant detected as being a false positive
So my question comes: is there a way to report this file somewhere (may here?) so someone can tell me if it is in fact infected or if it is a false positive?
Yes, but Avast doesn’t detect anything on the client’s side… it’s only on the server… As you can see, the process that triggers the infected object is the IIS process, and the file is located in the ASP.NET Temporary files folder…
I have already tested this “client-side”, luckily there is no infection detected…
So my question comes: is there a way to report this file somewhere (may here?) so someone can tell me if it is in fact infected or if it is a false positive?
I checked the file in the 3 services you provided… VirusTotal and Jotti show that only Avast detects the VBS:Bicololo-AL malware… the file is clean for the rest of the AV softwares in the list
What would this mean?? Big chance it’s a false positive?
If you click in VT > additional info tab > and scroll down to first submited, has it been scanned before?
Nothing… but I guess that info won’t help a lot… this file includes a random part in its name (they are temporary js files created by the ASP.NET framework) so there is little chance that someone posted a file with the same filename before
Pondus, I checked the links you shared (on how to report a file)… My problem is that I am not yet sure if this is an infecion or a false positive, and I need to confirm that asap… For what I have read, in none of the options (report false positive, report infected file) I get a response in order to know what happened…
So I guess I will need to gather the info I have so far and decide for myself
I have had Avast installed on this computer for a couple of months, and all of a sudden I get this warning related to a customer’s software I have working in my computer for over a year. The fact that I got an “infection” after 2 months of having Avast installed could show that a recent Avast update caused it trigger a false positive.
This software has been downloaded from a repository (I am on a dev environment) where supposedly there is some AV software scanning for virus and malware, and no one has reported anything.
The urls provided to scan the suspicious file show that only Avast detects it as infected with VBS:Bicololo-AL trojan
Also, when I first got the “infection”, in order to protect customer’s information, we decided to just format my computer and setup the whole environment from scratch. When the customer’s software was downloaded from repository (TFS) and executed, it automatically triggered the Avast warning (this to show that it even triggers in a completely new and clean environment)
Could all these information point to this being a false positive and not a virus?
I know, it’s hard to tell… but the point is that if I can not have a quick confirmation on whether these files are infected or not, I need at least to apply some criteria to decide if it is safe to keep using the environment or not