JB007

Level 18
Verified
Hello,
I just checked my Bitdefender notifications and I am very surprised that this virus (Trojan.GenericKD.41405792) was detected when I was surfing on MT forums at this page : https://malwaretips.com/proxy.php?image=https%3A%2F%2Fs.blogsmithmedia.com%2Fwww.engadget.com%2Fassets-h98b576d2a0d6e7c4c2fdced5518773c2%2Fimages%2Fapple-touch-icon-57x57.png%3Fh%3Db07835531d7826b72615c77771a72171&hash=35cd1b8e66b197228518f6fbc5f03c79&return_error=1
Is it a false positive ?
Is it a dangerous virus ?
Is MT site compromised ?
Trojan.PNG
 

Moonhorse

Level 27
Verified
Content Creator
Well my experience with bitdefender always been that its blocking random sites sometimes, and thats why its bugdefender pretty much

i suggest you register to virustotal, and open up graph yourself

The host domain is connected to malicious files, so bitdefender just detects the host as malicious?


Its long-long way to go throught all this, but you can find so much shady stuff if you search
216845
 
Last edited:

Jack

Administrator
Verified
Staff member
Hey guys,
This is a false positive, and this file is not on our server. Basically, @venustus update his profile with a link fromhttps://www.engadget.com and our software fetched their favicon.
This is it: https://s.blogsmithmedia.com/www.engadget.com/assets-h98b576d2a0d6e7c4c2fdced5518773c2/images/apple-touch-icon-57x57.png?h=b07835531d7826b72615c77771a72171/
It's a harmless image, however, I have to wonder why Engadget is hosting their favicon on blogsmithmedia.com. Anyway, no malicious files are on our server, and shortly I'll delete the link from @venustus profile post.
5.jpg1.jpg
 
Last edited:
4

436880927

Trojan.GenericKD* prefix is also used by Bitdefender for generic detection's as the threat name implies - they haven't necessarily first-hand seen anything malicious and intentionally tried to block whatever is being blocked.

Blogsmithmedia.com was from AOL/Yahoo and I believe it later became re-branded to Engadget.
 

JB007

Level 18
Verified
Hey guys,
This is a false positive, and this file is not on our server. Basically, @venustus update his profile with a link fromhttps://www.engadget.com and our software fetched their favicon.
This is it: https://s.blogsmithmedia.com/www.engadget.com/assets-h98b576d2a0d6e7c4c2fdced5518773c2/images/apple-touch-icon-57x57.png?h=b07835531d7826b72615c77771a72171/
It's a harmless image, however, I have to wonder why Engadget is hosting their favicon on blogsmithmedia.com. Anyway, no malicious files are on our server, and shortly I'll delete the link from @venustus profile post.
View attachment 216846View attachment 216847
Hi @Jack
Thanks for your explanations.
Nevertheless I'm wondering why and how Bitdefender could detect this page while I have not viewed @venustus ' profile ? :unsure: