{"id":6042,"date":"2018-06-28T10:25:23","date_gmt":"2018-06-28T08:25:23","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=6042"},"modified":"2024-10-01T15:14:58","modified_gmt":"2024-10-01T13:14:58","slug":"windows-defender-reports-trojans-as-false-positives","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/06\/28\/windows-defender-reports-trojans-as-false-positives\/","title":{"rendered":"Windows Defender reports Trojans as false positives"},"content":{"rendered":"

[German<\/a>]Users of Windows seem to have been startled in the last few weeks by false alarms from Windows Defender. Defender suddenly believed to have detected the Trojan Win32\/Bluteal.B!rfn in regular files.<\/p>\n

<\/p>\n

First reports end of May 2018<\/h2>\n

\"\"In recent days, several users have reported false alarms on the forums of Bleeping Computer and other websites such as Tom's Hardware. For Tom's hardware, a user writes<\/a> on June 1, 2018:<\/p>\n

\n

So yesterday Windows Defender notified me saying it found Bluteal.B!rfn trojan which I got it to quarantine and then remove. I couldn't find a lot of info after googling the trojan so decided to hopefully get some advice here.
I received the notification about the trojan when I was loading up Unity and Visual Studio, it said that the affected file was:<\/p>\n

C:\\Windows\\assembly\\NativeImages_v4.0.30319_32
\\Microsoft.Vde5ed89a#\\457b4a4c20bed2246e03f1f9e5eaa1a5
\\Microsoft.VisualStudio.Utilities.Internal.ni.dll<\/p>\n

Could Windows Defender be getting confused and it's just a false positive? I thought I had read somewhere that Windows Defender is okay for protection these days but maybe I should go back to Avast or Avira?
I've run a scan with Malware Bytes and a standard scan with Windows Defender but should I use something else to do a deeper scan if this was in fact a legit trojan? I've since made sure to update Windows 10 in case that has any part of this.<\/p>\n<\/blockquote>\n

In the Technet forum there is this tread<\/a>, which was started on June 1, 2018. A Trojan was also reported there in the Visual Studio component. The case is confirmed in this forum thread by several users. The developer community has already had this thread<\/a> since May 31, 2018, which indicates the case. <\/p>\n

Report at Bleeping Computer<\/h2>\n

At Bleeping Computer there is a forum post<\/a> from a user reporting possible false alerts of Trojan:Win32\/Bluteal.B!rfn in Windows Defender. Lawrence Abrams addressed this within this article<\/a>.<\/a> Windows Defender flags the following file, which is a legit Windows file. <\/p>\n

C:\\Windows\\assembly\\NativeImages_v4.0.30319_64
\\Microsoft.C26a36d2b#\\daf01e12fa59ed340363c44b7deff15e\\
Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll<\/em><\/p>\n

\"Trojaner-Meldung\"
(Source: Bleeping Computer)<\/em><\/p>\n

Also at Microsoft Answers there is this thread<\/a> where a user reported sporadic false alerts from Windows Defender. <\/p>\n

\n

been getting this trojan message through windows 10 defender periodically today which gets quarantined by defender. malewarebytes, microsoft safety scanner and adwcleaner do not find anything, is Trojan:Win32\/Bluteal.B!rfn a false positive by windows 10 defender<\/p>\n<\/blockquote>\n

At reddit.com there is this thread<\/a> just started a few day ago, dealing also with the false alarm that file Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll<\/em> is a trojan. Microsoft created a page about Trojan:Win32\/Bluteal.B!rfn<\/a> on May 18, 2018 (seems the date, where the definition is added to Defender). <\/p>\n

I'm assuming it's a false alarm. There is no official statement from Microsoft. However, Microsoft has confirmed a false alarm to Bleeping Computer<\/a>. It is recommended to check for new Defender updates. Then the problem should be solved. Were any of you concerned?<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Users of Windows seem to have been startled in the last few weeks by false alarms from Windows Defender. Defender suddenly believed to have detected the Trojan Win32\/Bluteal.B!rfn in regular files.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69,194,105],"class_list":["post-6042","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security","tag-windows","tag-windows-defender"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=6042"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6042\/revisions"}],"predecessor-version":[{"id":35139,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6042\/revisions\/35139"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=6042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=6042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=6042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}