Hi again, M Y.
Yes, we are sure that this is a false positive but not sure why it occurred constantly.
Please try to update your AVG Internet Security and let us know its version to check with it.
Open AVG Internet Security -> Menu -> Settings -> Update -> update your product and again go to Menu -> About -> check its version.
Hi M Y,
We appreciate your patience.
We request you to submit this file:///C:/Windows/prefetch file as false positive through this https://secure.avg.com/submit-sample link.
If it is certain that this file is not a threat, you can add the file to exception in AVG program as mentioned in this article.
Thank you.
Hello.
I am not sure how to add the entire prefetch folder, as it just opens it when i try to add it all. I did add the Agrobust.db file from the prefetch folder. Should I submit the sample of the quartined file itself? if so how do I do that?
Thank you.
Hello M,
I will help you with the necessary information.
Did you get this threat secured or detection pop-up from AVG?
If yes, please click on "View Details" from the pop-up and send us the screenshot of the same.
We will check this and confirm if this is a false positive or not.
Hello,
I Have Malwarebytes premium running with AVG premium. Automatic daily scans with rootkits running on both. I don't visit or download any sketchy stuff, yet somehow I got JS:Bicololo-M [Trj]. I want to know if it's a false positive and if not how much damage has been done to my system?
Do I need to change all my passwords?
Personal information? Credit cards?
Hi, do you see the file under the original path or in the Quarantine?
If you see it in the Quarantine, restore the file and get into its exact path and add it to AVG's exclusion as mentioned earlier.
You can add the entire path to the exclusion and then in this https://secure.avg.com/submit-sample website you can find the option to browse the file.
Try to add the file that was detected as threat by AVG and check whether you are able to submit it successfully.
M Y,
Yes, it seems to be a false positive. You can remove it from quarantine or ignore it.
Thank you for confirming.
We'd like to inform that "C:\Windows\prefetch" folder is used by Windows to track and save information related to commonly used files in order to speed up the boot process. The files in the prefetch are not executable and they are not copies of the actual files. If you delete a commonly used file from Prefectch, most likely the file will be regenerated by Windows. This file also regenerated and it is not harmful. Please ignore it.
Meanwhile, we are checking with our senior technical team on why AVG is detecting this file as infection. We'll update this thread if there is any news.
I figured out how to send it directly from the software.
Is this okay?
I did both. Hopefully it is juast a false positive as this has been stressing me out for the past week. I see threre is a new update available right now. Maybe that will solve the problem.
Hello.
Software Version
19.3.3084 (build 19.3.4241.445)
Virus Definition
190404-10
UI Version
1.0.152
If it's real, I'm very curious on how I might have gotten it, how long has it been on my system and what is the damage done.
I have daily scans so im not sure how and when it got here. I didn't download anything for the past couple of days.
Hi again, M Y.
Yes, we are sure that this is a false positive but not sure why it occurred constantly.
Please try to update your AVG Internet Security and let us know its version to check with it.
Open AVG Internet Security -> Menu -> Settings -> Update -> update your product and again go to Menu -> About -> check its version.
Hi M Y,
We appreciate your patience.
We request you to submit this file:///C:/Windows/prefetch file as false positive through this https://secure.avg.com/submit-sample link.
If it is certain that this file is not a threat, you can add the file to exception in AVG program as mentioned in this article.
Thank you.
I do not want to add it to exceptions until I make sure it is a false positive
Hello.
I am not sure how to add the entire prefetch folder, as it just opens it when i try to add it all. I did add the Agrobust.db file from the prefetch folder. Should I submit the sample of the quartined file itself? if so how do I do that?
Thank you.
Hello. The file is both in the quarntine (3 times) and in the orginal path. This is because windows will automatically regenerate the file again.
If I restore it, I will have to delete the file that is in the windows prefetch now. So if i understand correctly I should restore the quarntined file to it's original path and replace it with the one that is already there, then submit it?
Thank you for the screenshot.
The threat was detected from the file AgRobust.db. This is a genuine Windows file and it seems to be a false positive.
You can ignore this threat detection, it will be fixed automatically in the next AVG update.
If you still keep getting this threat notification automatically, please let us know and we will assist you further.