Hi,
I am using Avast free.
So I had the alert yesterday about VBS:Gamaredon-CM [Apt] like a lot of others have, and I've seen the confirmation on the Avast twitter account that it was a false positive, however my alert was different than the others I have read about.
Other people have mentioned that Avast quarantined their firefox profiles, or aborted connection to various websites when the alert popped up, but for me it was a file located in C:\ProgramData\Microsoft\Windows\WER\Temp and the infected file was called WER579D . tmp . txt
Is it normal for windows files to have both tmp and txt at the end? I don't recall seeing that before.
And is this just the same as the other false positives? Is all as it should be and I am not infected?
Thanks.