BitDiffender reports finding Gen:Trojan.Heur.LShot.1

Created October 09, 2023 12:58

Hi everyone,

Not sure what is wrong but here is what happened.

I had Kaspersky Total security and out of no where my project stopped running to find out that Kaspersky blocked the execution. Adding the folder to exclusion list solved the issue.

Now, I'm using BitDiffender and it started to report finding `Gen:Trojan.Heur.LShot.1`.

Feature:

Antivirus

The file C:\Users\***\AppData\Local\JetBrains\Rider2023.2\index\fileincludes\fileIncludes.storage.values.at is infected with Gen:Trojan.Heur.LShot.1 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

So, I'm not sure what is happening? Is it Rider? Is it one of the Nuget packages?

Any idea?

Thank you!

3 comments

Ivan Skorikov

Created October 09, 2023 13:29

Hello Ice ,

Rider stores some values pertaining to the solution index in this file so the content will vary from one machine to another. Please consider reporting a false positive detection to Kaspersky or BitDefender respective analyst teams. They will be able to verify whether the file is indeed infected or it is a false positive detection.

You may also want to make a backup copy of this file (for investigation purposes) and then invoke File | Invalidate Caches… | Invalidate and Restart to clear the caches. If the problem reoccurs after doing that - then most likely the problematic contents come from some of the projects you've opened on this machine.

Let me know if you have any other questions.

Ice

Created October 09, 2023 13:31

Thank you Ivan Shakhov

I will report this to BitDiffender and KS as you have suggested.

Siebe Dom

Created November 16, 2024 09:10

Hello,

I had the same problem.
I'm using IntelliJ Idea 2024.2.

Steps to reproduce:

Cloned a project from GitHub (Electron, Angular and SQLLite)
Did npm install

After that I got the same message (but then in Dutch):
Het bestand C:\Users\xxxx\AppData\Local\JetBrains\IntelliJIdea2024.2\index\fileincludes\fileIncludes_inputs.values.at is geïnfecteerd met Gen:Trojan.Heur.LShot.1 en is in quarantaine geplaatst. We raden aan dat u een Systeemscan uitvoert om te verzekeren dat uw systeem volledig schoon is.

According to AI:

"Gen" indicates that the detection is generic, meaning Bitdefender used heuristics or behavior analysis rather than matching a known virus signature.

"Heur" stands for heuristics, which are algorithms used by antivirus programs to analyze the behavior of a file or program. If a file behaves similarly to known malware (e.g., unusual access patterns, modifying system files), it gets flagged.

I haven't send the file to BitDefender yet to get their feedback. It is still in quarantaine for possible later investigation.

I removed the cloned project and invalidated my caches.

I also did a full system scan (as BitDifender suggested) and my system is clean.

I made this comment to let other people (using Intellij and BitDifender) know that a false positive can happen.

Please sign in to leave a comment.