VBS:Gamaredon-CM

AVG Protection
9

Would someone at AVG please make it clear whether all these Gamaredon Threats are False Positives or not !!!

2

Colin, we could not assure about it without analyzing, I request you to submit the false positive form using the website here for analysis and wait for the reply from our threat report team. 
Meanwhile, please reset the Firefox browser as mentioned in the below article and check the status.
Resetting your internet browser to default settings
Keep us posted.

 
1

I had a sudden crop of the following threats last night for -

VBS:Gamaadon-CM  on the file "prefs.js" in Firefox. 

The connections were all terminated and the file Quarantined. I have sent one of the files for analysis. Can you tell me what feedback I can expect on the analysis please? I immediately powered the system off and, when brought up again there were no more threats. My system scans clean now, both Deep Scan and Folder Scans, but my Firefox configuration had changed slightly with 2 Extensions, including LastPass, greyed-out and not working. I got them back by Disabling then Re-Enabling the Extensions. This did not happen in Chrome. Can you in any way assure that my Firefox is not compromised ?
Regards
Colin Deans

 

3

Thank you for submitting the false-positive form, Colin.
However, I'm still unable to see the submitted ticket on your account that was used for the community. If you used a different email address to submit the false positive form, please keep checking the email on that specific email address.
It is unfortunate that Firefox removed the bookmarks, I'd recommend you to check if the bookmark has been hidden.
https://support.mozilla.org/en-US/kb/recover-lost-or-missing-bookmarks#:~:text=Click%20Bookmarks%20and%20then%20click,Bookmarks%20bar%20at%20the%20bottom.&text=Import%20and%20Backup%20button%20and,backup%2C%20if%20you%20created%20one.

4

OK Hari
I have refreshed Firefox. I have lost all my bookmarks and the Rapport extension, but it seems OK otherwise.

5

Finally, I have retrieved my bookmarks and got the Rapport extension installed.
Everything looks OK to me now.
Can you confirm it was all false positives ??.

8

OK Hari
I have submitted the affected file, but please be aware this is the CURRENT version of the file as the ones from last night are quarantined. I remind you that I did submit one of those Quarantined files for analysis this morning.

7

Would someone at AVG please make it clear whether all these Gamaredon Threats are False Positives or not !!!

6

You're most welcome, Colin.
Stay safe and healthy!!