ESET - Win32/SupTab!blnk reported by Defender

[Tobijah 0]

So, Windows Defender has been throwing this at me recently. "BrowserModifier:Win32/SupTab!blnk"

I looked it up and Windows Defender is supposed to be able to take care of it but that isn't the case as it comes back within seconds of its alleged cleaning. I've run ESET scans a few times, I made sure to do a thorough scan as well and it DOES find what I believe it said was a Trojan but I think it has trouble deleting it.

Even when it finds it and says it deleted it it still comes back.

Could anyone help me figure out how to fix this?

[Marcos 5,074]

So far it looks like a false positive from Defender. Could you submit such lnk file to samples[at]eset.com?

[Tobijah 0]

FIRST OFF: I didn't realize I gave this thread such an awful title. I thought I'd filled that out. Sorry about that.

 

@Marcos I'm sorry, I don't know what you mean by "Ink file" is that ESET's scan log or something else?

 

I've already ran Malwarebytes a few times and it picked up nothing. I'm going to run Eset's SYSRESCUE via USB and see if that finds anything.

[Marcos 5,074]

I've checked one of such shortcuts (files with the lnk extension) and it was indeed clean. Also copying it to Windows 10 without ESET installed didn't yield any alert from Defender any more.

[autobotranger 1]

Windows Defender have been acting up on my end as well, but it sounds like it's happening to quite a few people as there is an entire thread about the problem over on reddit:

https://www.reddit.com/r/techsupport/comments/5ar0fi/window_defender_is_constantly_finding_malware/

 

Reading through the thread it's evident that Defender is for whatever reason throwing a fit over browser related shortcuts and even VulkanRT (engine used for video games) and that scans with various Anti-virus software generally comes out clean, so it certainly smells like a false positive to me.

 

Defender gave me the exact same warning as Tobijah, but simultaneously also alerted to some of the VulkanRT uninstall files after I logged into Steam. I believe Steam checks for graphics driver updates, hence why it didn't act on Vulkan until then. I've scanned the files with Nod32 Antivirus v9 and Malwarebytes and they all come out clean, the only program that's acting up is Defender. And I certainly trust Eset and Malwarebytes results over Windows inbuilt and less than stellar program. I had to exclude the files in order to stop Defender from constantly popping up as the "disinfect" option in Defender didn't solve it. Sounds like the issue can be solved by deleting the .ink, which I haven't done, and I will certainly not delete anything in the VulkanRT folder in case it breaks anything.

 

I have included print screens of the Defender alerts for this post.

Edited November 7, 2016 by autobotranger

[Tobijah 0]

Thanks, the reddit thread did help shine a little light on it. It looks like it may be related to a recent graphics driver update, (Vulkan to be specific) Many people started having this same message right after they updated their GPU drivers. (AMD and Nvidia)

[MaryA 0]

Here's how to get rid of the malware.  When the Windows Defender notification pops up, open the action center and click the options to clean the problem.  When the task window opens (shown in your post), click on the "Actions" tab and a dropdown menu appears.  Select "Remove".  Then click the button to "Apply" your selection and it will remove one copy of it.  Windows Defender will only remove one copy at a time, and it will try to "Disinfect" any other copies it has detected. So when the notification pops up again, repeat the process selecting "Remove" until all copies of Win32/SupTab!blnk have been removed.  FYI--Windows Defender can't actually "Disinfect" or "Quarantine" it, so just select "Remove."

[autobotranger 1]

Bumping this thread.

After Windows Defender was updated to version 1.231.1698.0 via Windows Update it doesn't seem to alert on these false positives any longer.