Author Topic: FP? We have blocked ib_D1D3C.28880.bat because it´s infected with IDP.Generic  (Read 1064 times)

0 Members and 1 Guest are viewing this topic.

Offline graf.andre85

  • Newbie
  • *
  • Posts: 1
Hi there. I recently refreshed my 3 year old windows 10 cause of lag and slowing down.
But i did not reinstall windows from a usb stick or something, i just used the refresh feature from windows itself.
After the refresh i had a weird bug that my accent key always automatically double pressed (not the standard behaviour).
After some googling and triing things out i found that, in my task managers startup tab there was this command prompt activated, which i´ve never seen. Also a friend of mine didn´t have this in his startups.
I deactivated that and the accent keys behaved nnormal again, didn´t of having a virus or something cause i just refreshed my system.

But, a few days after that, i got an email that there´s strange behavior on my email account at google.
So i changed my password.
A few days later i got a mail from steam that someone logged into my account knowing my credentials.
So i changed pw there too.
Next days someone logged into my amazon and ordered FIFA Packs, which, to my luck didn´t get through cause i´m broke haha :D

So i decided to reinstall windows completely new and i also decided to go to windows 11 and change most of my passwords.
Now that i´ve got a fresh system everything seemed ok till this happened.

I´m developing apps with unreal engine and i just wanted to open one of my unreal projects.
While the project starts i got this message popping up from Avast saying:
We have blocked id_D1D3C.28880.bat bacause it was infected with IDP.Generic.
The file location is: C:\Program Files(x86)\IncrediBuild\Temp\id_D1D3C.28880.bat
The prozess is C:\Windows\SysWOW63\cmd.exe
Here´s a link from virus total: https://www.virustotal.com/gui/file/0411c7bdbacf34ad87c4253ced5f6b7bfe302cc251b44916b6d8e25c5960d960?nocache=1
« Last Edit: January 31, 2023, 02:12:09 PM by graf.andre85 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33871
  • malware fighter
Wait for a final verdict from avast's as others do not flag.
Crowdsourced Sigma Rules
CRITICAL 0
HIGH 0
MEDIUM 0
LOW 1
Matches rule Creation of an Executable by an Executable by frack113

As it is a Mark Monitor (Google ad-related)  file, it could be a pup.
That is potential unwanted file.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!