RE: Windows Defender detecting Virus JS/Adrozek.A

@burnout426 - Been busy offline. Just want to thank you and others for troubleshooting this sucker.

I don't know if this is related in any way, but years ago I used to send out emails to clients. It was getting blocked, so I had to convert the pdf file attachment to a simple text file.

Two years later, another one of my information files was getting blocked by clients with gmail accts. I created a gmail account and tested enough to determine gmail was content screening.

So I stripped off all file attachments. it was still being blocked! So I then started deleting sentences in the body of the email message, starting with suspect things like links. Then I searched for names and any inflammatory comments.

After 5 hours, I traced the string of text that gmail was rejecting. It was just a few innocuous words from a sentence. i can't remember the words, but I was shocked. The words were completely innocuous and ordinary. It contained now names of people or things. nothing.

I've learned a lot since then. Lots of reasons why ESPs would black list or gray list an ip address. But also, as the story reflects, how fickle and erratic that content screening can be.

So can it be possible that whatever is was that was triggering Defender alerts was something we wouldn't even consider suspect. Unless MS announces what it was, we may never know. Does that make sense?

@wanderlei - So perhaps MS got wind of this nuisance from various sources and adjusted Defender's virus signatures.

@wanderlei - Perhaps "https://lookmeet.tv/" is not the culprit.

I have 44,450 files in my js folder. I found "https://lookmeet.tv/" in 20 of those files. Yet I had no Defender warnings since 9-8 @11:24AM (ie over 24 hrs). Either it's not the threat or else Microsoft turned off the warnings for that site. But I'm no expert in this stuff.

@tjall - I searched for "c0ac6bec106548d2_0" and didnt find it. But I've done nothing except let Defender do it's thing. No troubleshooting yet. And no Defender warning in 8 hours. So far.

@tjall - I never had SaveFrom.net installed.

@burnout426 - i think this is it: https://addoncrop.com/en/

But what is the suspect link now? Someone sounded like we know what it is.

@leocg Thanks for the advice. But the last time I called MS, I told a tech person in the Philippines that I must have deleted a Microsoft system font. She said the only way to fix it was to re-install Windows 10! I fixed it after researching the matter and copying Segoe font into the Win font folder. Most are clueless. One in 100 have more knowledge than me.

@Svarnoy60 - I do not use the savefrom downloader. I have "Force Download 1.08" at ashus.ashus.net. and I have "HD Video Downloader". But I don't use them. I use IDM instead. I will disable the ones I don't use. But this is a hit or miss exercise. Why can't Opera troubleshoot this? I can't open the suspect js cache files because Defender quarantines them.

@wanderlei said in Windows Defender detecting Virus JS/Adrozek.A:

wanderlei

I suspect you're right. It's not a bad web page. Not likely that we're all on that web page. This has been happening for just a few days. I think it's a false positive. When I run Super anti-spyware or Spybot on the cache, it picks up no threat. But i could be wrong.