system
1
Today I was running a quick scan (As I usually do) and right as I was about to go to bed I see this pop up in my scan logs. Before I freak out I move it to chest then extract it to an empty folder to scan it in Virus Total and am greeted with the message “Windows will not open this file, It is a virus”. Is it a False Positive or did I find a bad file? Also it was part of Windows Defender. Marked with bin.VF. Also did I infect my system by attempting to upload this file to virus total?
Fox
polonus
2
Very likely a false positive found up inside Windows Defender,
polonus
Pondus
3
have you checked all the other VBS: Fluffyminer-D posts here ?
system
4
Why would it trip when I attempted to upload it to Virus Total then? That’s whats striking me as odd here is the fact when I attempted to upload it an error box appeared with that message. Was that !Avast?
system
5
Yes I have. Though essex wasn’t stopped when he uploaded it to Virus Total.
Pondus
6
I attempted to upload it an error box appeared with that message. [b]Was that !Avast?[/b]
we are not in front of your computer so unless you give us a screenshot....impossible to tell
however all avast popups usually have a avast name/logo in it
system
7
This just appeared an I still have the box open what should I do?
system
8
This is the same message I saw for the other Flufferminer.
system
9
Still could use some help. I’ve just woken up. The file !Avast marked Flufferminer this time was Windows\Prefetch\AgRobust.db. I can’t move the file so I can’t upload it to virus total. And I also can’t send it in as a false positive because it is a Windows file. The only way to mark something as a false positive is to send it to the virus chest. If I do this I risk making the entire system unstable.
Pondus
10
Windows\Prefetch\AgRobust.db. I can't move the file so I can't upload it to virus total.
have you tried right click and copy?
you can move it manually to avast chest… then it will only be a copy that is moved
and then send to avast lab
avast! 2014: Using the Virus Chest. http://www.avast.com/faq.php?article=AVKB21
off topic: yellowFox … have you heard the fox song? ;D http://m.youtube.com/watch?v=jofNR_WkoCE
system
11
I tried to copy that’s when I took the screencap of the message box saying “This file cannot be copied it is a virus.” Also thanks for the help Pondus. Do you think this is also a FP? It appeared the same night that the Windows Defender FP appeared. Also what do you think is causing the message box? Is it Windows or is it !Avast telling windows to keep the file from moving/running?
EDIT: This keeps appearing every half hour or so is there a way I can make an exception? Also is there a way to remove that exception after the file is cleared?
Fox.
system
12
Daily Reader, first post. I had this same 2 FlufferMiner alerts from my overnight scan on 2 different computers. The only thing in common with both is I installed Windows 8.1 on both from the App Store same time, same setup last evening. Both these computers have never had any virus issues ever until this install. I hope this helps anyone who may have a similar issue.
system
13
I figured out a way to get the file to Virus Total. Here are the results. 1/47 the detector being !Avast. Found out that it was indeed !Avast blocking me from uploading it to Virus Total it was the File Shield. To scan the file I had to make a Global Exception and a File Shield Exception. After I scanned I removed the exceptions.
https://www.virustotal.com/en/file/858d8f9b1d6e5febf2a44924648710f2d254153c91b5177333d7040d53e26635/analysis/1384517753/
Fox
False positive … wait for a VPS update
system
15
So AgRobust.db is a FP? Also what is AgRobust? I searched google and it came up with nothing helpful.
Fox
system
16
Thank you guys for all the help! Just downloaded the newest definitions and both files in the Chest are cleared! Thank you so much! Great job people from !Avast for this quick fix.
Fox