Trojan: Win32/Varpes.J!cl

JustinasM · November 4, 2016, 12:02pm

Hello,

Today when I started my laptop I noticed unusual lag/freeze and shortly after that Windows Defender gave me notification about “Trojan: Win32/Varpes.J!cl”.

Here is description:

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer. 

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items: 
file:C:\Program Files (x86)\GlassWire\GlassWire.exe

Get more information about this item online.(*)

* https ://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fVarpes.J!cl&threatid=2147706743&enterprise=0

Sorry for malformed link. New users can not post links.

Ken_GlassWire · November 4, 2016, 2:20pm

@JustinasM

I just ran a scan with Windows Defender and could not reproduce this. Can you run updates on Windows Defender then scan again? What OS version are you using?

This is called a false positive, but we have never seen one from Windows Defender before.

dajo2001 · November 4, 2016, 2:54pm

I got the exact same on an uninstall/install of Glasswire.

Windows Defender

Windows 10 v1607

OS Build 14393.351

Ken_GlassWire · November 4, 2016, 3:42pm

@JustinasM @dajo2001

I was unable to recreate this on my PC. Can you tell me this?

What definition version are you both using? I need this info for Microsoft so they can fix it.

*You should try the latest definition version before submitting your question. To provide the security software definition version currently installed in your PC:

In your Microsoft security software, click the arrow next to the Help button and then click
About

Select the definition information and press Ctrl+C.Paste the information on the text box on the right.

dajo2001 · November 4, 2016, 4:48pm

I have been unable to reproduce the issue today. Threat definition was updated this morning.

Antimalware Client Version: 4.10.14393.0
Engine Version: 1.1.13202.0
Antivirus definition: 1.231.1182.0
Antispyware definition: 1.231.1182.0
Network Inspection System Engine Version: 2.1.12706.0
Network Inspection System Definition Version: 116.65.0.0

JustinasM · November 6, 2016, 3:59pm

After I got that alert I made full system scan. At that time virus and spyware definition was up to date.
Definitions might have been updated after alert automatically (?).

Now it is:
Antimalware Client Version: 4.9.10586.589
Engine Version: 1.1.13202.0
Antivirus definition: 1.231.1278.0
Antispyware definition: 1.231.1278.0
Network Inspection System Engine Version: 2.1.12706.0
Network Inspection System Definition Version: 116.65.0.0

Worth to mention that after I run scans with other few scanners and restarted system GlassWire ran successfully during startup. And at that time there where no alerts.