bjm Posted July 26, 2022 ID:1526351 Share Posted July 26, 2022 (edited) FWIW ~ just sharing Filename: 5a Threat name: Linux.MiraiFull Path: C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\chrome-extension_ihcjicgdanjaechkgeegckofjjedodee_0.indexeddb.blob\2\00\5a Edge 103.0.1264.71 Filename 5a.txt Edited July 26, 2022 by bjm Link to post
Solution gonzo Posted July 26, 2022 Solution ID:1526378 Share Posted July 26, 2022 That file is a Browser Guard cache file. It is not dangerous and is most definitely a Norton false positive. If you create an exclusion in Norton for the file location you mentioned, Norton should leave it alone in the future. Link to post
BOOSTEDI5 Posted July 27, 2022 ID:1526410 Share Posted July 27, 2022 Hello, my Norton was also alerting me about this today at 10:13am MST. It alerted 3x for 3 Different files! One after another. I never told Malwarebytes to install Browser guard and don't care to use it. Especially after this warning! I was using LinkedIn in Edge where Browser guard installed itself somehow without my permission. I noticed the Browser Guard extension before and left it enabled but was curious how it was installed since I always told Malwarebytes to not install the Browser Guard tool. I went ahead and disabled the extension for now but this seems nefarious. Why would Norton flag these as a these Trojan unless they were actually matching some sort of virii signature? This was a high warning that shows up as a remote exploit tool. I like Malwarebytes but this needs a better explanation. Today at 10:13am. I'm guessing the OP was in EST zone? My file matched OP MD5 and SHA. Thanks norton-flagged-malwarebytes.txt Link to post
BOOSTEDI5 Posted July 27, 2022 ID:1526413 Share Posted July 27, 2022 I'm inclined to believe what gonzo mentioned after restoring one of files and then running it through this online scan tool. https://www.virustotal.com/gui/file/eed5983a5889a54d272dba8d2a640a204f3d3f43b430aa277a3d4ba9b0049462?nocache=1 As can be seen in this link only Norton flagged the File Thumbprint - SHA: eed5983a5889a54d272dba8d2a640a204f3d3f43b430aa277a3d4ba9b0049462as as potentially malicious Linux.Mirai. FYI for anyone else that likes to double check things. Link to post
gonzo Posted July 27, 2022 ID:1526415 Share Posted July 27, 2022 Malwarebytes is a favorite target by many antivirus vendors to uninstall. If you are around the forums for any length of time, you become used to it. Do a search for the word "exclusion" and you will see how common this scenario is. Another giveaway about false positives is that a single source flagged it as a threat (as you noted). Thank you for providing further information on the subject! 2 Link to post
BOOSTEDI5 Posted July 28, 2022 ID:1526580 Share Posted July 28, 2022 22 hours ago, gonzo said: Malwarebytes is a favorite target by many antivirus vendors to uninstall. If you are around the forums for any length of time, you become used to it. Do a search for the word "exclusion" and you will see how common this scenario is. Another giveaway about false positives is that a single source flagged it as a threat (as you noted). Thank you for providing further information on the subject! That's interesting and never thought about it like that. The reason I was pretty sketched out about it is because Norton flagged this as Linux Mirai. The Mirai botnet was a huge thing back in 2016-2017 or whenever those guys took over all the IOT devices creating the huge botnet to do DDOS attacks and the like. Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now