locked Re: FW: Malware

Robert Lorenzini

Nothing found here either Mike. I wonder if these infected computers are getting their d/l
hijacked. We have had probably more than a dozen previous reports from peeps who
have found a virus but in every case the anti-virus was the virus.

Bob - wd6dod

On 7/19/2016 2:36 PM, Black Michael mdblack98@... [HamApps] wrote:
I'm doing a full scan now with Defender.  But I just did a scan on the JTAlert folder and it didn't trigger.  Can you try having Windows Defender just scan the JTAlert folder too?

Are you sure you don't have another anti-virus installed?  Mcafee for example that likes to install with Java?

de Mike W9MDB

From: "Glenn kd8jvwinningham@... [HamApps]"
To: "'Laurie, VK3AMA' groups08@... [HamApps]"
Sent: Tuesday, July 19, 2016 4:33 PM
Subject: RE: [HamApps] FW: Malware

The file name is “Win32/varpes.L!cl”.
It was found in the JTALERT plugin directory.
From: 'Laurie, VK3AMA' groups08@... [HamApps]
Sent: Tuesday, July 19, 2016 5:11 PM
To: HamApps@...
Subject: Re: [HamApps] FW: Malware
On 20/07/2016 6:07 AM, Glenn kd8jvwinningham@... [HamApps] wrote:
I installed JTALERT 2.8 and did just a virus scan on that directory, in the programs directory, an the virus is in the Plugins directory.
And again, Windows Defender removed it and JTALERT did not work.

What file in the "plugin" directory was flagged?

There were recent reports of a false-positive on the JTPluginsManager file generated by Webroot which were corrected a short time later after a WebRoot definitions update.

Both my Win10 PCs running Defender, definition version 1.225.1932.0 (the latest at the time of this message), find no evidence of a Trojan threat running a system wide scan or a scan on the plugin directory and its contents.

I can't explain why your getting this false positive at your end on a similar Windows10/Defender environment.

de Laurie VK3AMA

Join Support@HamApps.groups.io to automatically receive all group messages.