Hello, I Have Malwarebytes premium running with AVG premium. Automatic daily scans with rootkits running on both. I don't visit or download any sketchy stuff, yet somehow I got JS:Bicololo-M [Trj]. I want to know if it's a false positive and if not how much damage has been done to my system? Do I need to change all my passwords? Personal information? Credit cards?
I was sleeping and I decided to open AVG to check on scans and if it needs updating. I found it there unresolved and I quarantined it. I tried posting a screenshot of the quarntine folder. Not sure if you can see it. Thank you for the help.
If it's real, I'm very curious on how I might have gotten it, how long has it been on my system and what is the damage done. I have daily scans so im not sure how and when it got here. I didn't download anything for the past couple of days.
Hi again, M Y. Yes, we are sure that this is a false positive but not sure why it occurred constantly. Please try to update your AVG Internet Security and let us know its version to check with it. Open AVG Internet Security -> Menu -> Settings -> Update -> update your product and again go to Menu -> About -> check its version.
We'd like to inform that "C:\Windows\prefetch" folder is used by Windows to track and save information related to commonly used files in order to speed up the boot process. The files in the prefetch are not executable and they are not copies of the actual files. If you delete a commonly used file from Prefectch, most likely the file will be regenerated by Windows. This file also regenerated and it is not harmful. Please ignore it.
Meanwhile, we are checking with our senior technical team on why AVG is detecting this file as infection. We'll update this thread if there is any news.
We appreciate your patience. We request you to submit this file:///C:/Windows/prefetch file as false positive through this https://secure.avg.com/submit-sample link. If it is certain that this file is not a threat, you can add the file to exception in AVG program as mentioned in this article. Thank you.
Hello. I am not sure how to add the entire prefetch folder, as it just opens it when i try to add it all. I did add the Agrobust.db file from the prefetch folder. Should I submit the sample of the quartined file itself? if so how do I do that? Thank you.
When I scanned the file itself from windows prefetch separately now it doesnt show any viruses. It did show it as a virus three times before and they are all quarntined.
Hi, do you see the file under the original path or in the Quarantine? If you see it in the Quarantine, restore the file and get into its exact path and add it to AVG's exclusion as mentioned earlier. You can add the entire path to the exclusion and then in this https://secure.avg.com/submit-sample website you can find the option to browse the file. Try to add the file that was detected as threat by AVG and check whether you are able to submit it successfully.
Hello. The file is both in the quarntine (3 times) and in the orginal path. This is because windows will automatically regenerate the file again. If I restore it, I will have to delete the file that is in the windows prefetch now. So if i understand correctly I should restore the quarntined file to it's original path and replace it with the one that is already there, then submit it?
If the files are identical, then it is not necessary to restore it from Quarantine. Yes, there is an option to submit the file directly from the Quarantine window. However, we suggest you to submit it through the link too. Thank you.
I did both. Hopefully it is juast a false positive as this has been stressing me out for the past week. I see threre is a new update available right now. Maybe that will solve the problem.
Thank you for submitting the file in both ways. Yes, keep updating the program in-order to check the status. If you have added the file to exceptions then our program shouldn't detect it again.
The threat was detected from the file AgRobust.db. This is a genuine Windows file and it seems to be a false positive.
You can ignore this threat detection, it will be fixed automatically in the next AVG update.
If you still keep getting this threat notification automatically, please let us know and we will assist you further.
All Answers
I will help you with the necessary information.
Did you get this threat secured or detection pop-up from AVG?
If yes, please click on "View Details" from the pop-up and send us the screenshot of the same.
We will check this and confirm if this is a false positive or not.
Thank you for the help.
I have daily scans so im not sure how and when it got here. I didn't download anything for the past couple of days.
The threat was detected from the file AgRobust.db. This is a genuine Windows file and it seems to be a false positive.
You can ignore this threat detection, it will be fixed automatically in the next AVG update.
If you still keep getting this threat notification automatically, please let us know and we will assist you further.
should I remove it from quarantine or delete it?
Yes, it seems to be a false positive. You can remove it from quarantine or ignore it.
What should I do now?
screenshots attached
Yes, we are sure that this is a false positive but not sure why it occurred constantly.
Please try to update your AVG Internet Security and let us know its version to check with it.
Open AVG Internet Security -> Menu -> Settings -> Update -> update your product and again go to Menu -> About -> check its version.
Software Version
19.3.3084 (build 19.3.4241.445)
Virus Definition
190404-10
UI Version
1.0.152
We'd like to inform that "C:\Windows\prefetch" folder is used by Windows to track and save information related to commonly used files in order to speed up the boot process. The files in the prefetch are not executable and they are not copies of the actual files. If you delete a commonly used file from Prefectch, most likely the file will be regenerated by Windows. This file also regenerated and it is not harmful. Please ignore it.
Meanwhile, we are checking with our senior technical team on why AVG is detecting this file as infection. We'll update this thread if there is any news.
We appreciate your patience.
We request you to submit this file:///C:/Windows/prefetch file as false positive through this https://secure.avg.com/submit-sample link.
If it is certain that this file is not a threat, you can add the file to exception in AVG program as mentioned in this article.
Thank you.
I am not sure how to add the entire prefetch folder, as it just opens it when i try to add it all. I did add the Agrobust.db file from the prefetch folder. Should I submit the sample of the quartined file itself? if so how do I do that?
Thank you.
If you see it in the Quarantine, restore the file and get into its exact path and add it to AVG's exclusion as mentioned earlier.
You can add the entire path to the exclusion and then in this https://secure.avg.com/submit-sample website you can find the option to browse the file.
Try to add the file that was detected as threat by AVG and check whether you are able to submit it successfully.
If I restore it, I will have to delete the file that is in the windows prefetch now. So if i understand correctly I should restore the quarntined file to it's original path and replace it with the one that is already there, then submit it?
Is this okay?
Yes, there is an option to submit the file directly from the Quarantine window. However, we suggest you to submit it through the link too.
Thank you.
Yes, keep updating the program in-order to check the status.
If you have added the file to exceptions then our program shouldn't detect it again.