Virus Heur.AdvML.B - Windows 10 - key usb

Hello, Norton has detected Virus Heur.AdvML.B on my keys usb.
What is sort of virus and from where comes this ? Should be worry ?
Can you help ? Thanks

Please share:
Norton Security History regarding this event?
OS?
Norton product & version#?

fwiw ~

Here is an article from Microsoft that may be related. This detection is purely a coding detection.

As Guru bjm suggested run Malwarebytes against the USB drive. You can also submit the actual file listed as detected to VirusTotal and see what if anything it returns.

SA

What Norton Security History ?
Windows 10, Norton 360 Deluxe

Norton systray button > rt click View Recent History

View advanced details of a security event and its recommended action
https://support.norton.com/sp/en/us/home/current/solutions/v19803667

Norton 360 version#?
v22.x or v24.x?

I have the Norton Security History, a file *.mcf, but i don’t know how to read or share this one.
How to know the version ?

change the save drop down to text
Resolved Security Risks category &or Quarantine category
there may be more than one listing (close in time) for this event

Did you run Malwarebytes scan?

These histories jointed.
Malwarebytes not yet.
Thanks

Error: i’m not allowed to send files as i’m a new utilisator.

No detection on computer and usb keys with MalwareBytes.
How a new user could joint and send files ?
Is it an other way to communicate these to you ?

I was intrigued by Heur.AdvML.B so I set up an experiment. I created two identical executable files. The first I left the Windows default icon. The second I changed the icon using a free copy of IcoFX. Norton immediately quarantined the second file quoting our old friend above. So I repeated the procedure with Norton turned off and opened both files in Notepad ++ and ran a comparison. The difference in both the amount and positioning of the code in the two files was extensive - far more than could be explained by different icons. Then with both files still open in Notepad ++ I turned Norton back on. This time instead of quarantining (probably unable to do so because the file was open), Norton removed Heur.AdvML.B from the file. This was proved by running a second comparison and noting the code changes. And the ‘clean’ file with the replacement icon in still place, subsequently worked properly with Norton untroubled.

@FREDERICLE_SAUX Posting screenshots now works. Please try again.

@Oracledave Your last post and its findings should shake Norton to its knees. Its serious. I’m tagging an Admin to review your post as I believe it has meaningful insight into what could be something very serious. Thanks for your post.

@Gayathri_R Could you please review the post from Oracledave?

SA

Thank you for highlighting this, @SoulAsylum!

Hello @Oracledave,

I’m MJay, and I’m with Norton. Thank you for testing and providing the steps and results. This is definitely something we’d like to check out with the team in depth. I tried to reproduce the steps you described but succeeded only partially. To help me move forward, can you please share the following with me?

  1. Both executable files (one with default Windows icon and the second with modified icon by IcoFX)
  1. Screenshot of the detection dialog
  • Alternatively, find the previous one: Right-click on the Norton system Tray icon > ‘View Recent History’ > Find the detection on the list > Double-click on it > Create a screenshot

It would also be helpful if you could share how you created those two identical executable files (program used, any specifics, etc.).

Thank you, and I’m looking forward to hearing from you.