Virus found in Chat Support

Yesterday I downloaded SupportBoard v.3.5.1. but package came with a trojan-virus (Script-Ulthar.A!ml) detected first by Google Chrome during the downloading process and then by Windows Defender when I scanned my desktop; this issue was reported to the author who denied responsibility. Below is the report (apparently the file infected in the zip was supportboard/js/admin.js):

file: C: … \OneDrive\>supportboard>supportboard/js/admin.js

webfile: file: C: … \OneDrive\||pid:11852,ProcessStart:133004035837159510

Hi @gibarra,

Windows Defender is notorious for false positives. What it claimed it found in your case was a “trojan downloader” in the form of a JavaScript file, rather than a trojan itself.

for security don’t open the theme file – instead, head over to and upload the zip file. They will scan it against all the top antiviruses and you can determine if it’s a false positive or not. if it is infected, delete the zip file and send the virustotal results to envato support by opening a Help ticket .


1 Like

The !ml at the end of the trojan name means the detection is a best guess by a “machine learning” algorithm, rather than an actual known trojan. Paired with the file extension of the alleged trojan (.js) makes this a clear false positive, and it’s safe to ignore. I see these all the time, they’re quite annoying and in the cases I’ve seen are also never correct.

For a more technical explanation: The JS file will only execute in the context of a web browser. It’s not impossible for a JS file to act as a trojan within a web browser, but this would require a “zero-day” exploit for your browser, worth tens if not hundreds of millions of dollars, and would be patched immediately upon discovery. It’s not something you will find in a random theme.


Many thanks for your quick reply. I will re-check again and meanwhile I will consider this as a false-positive warning.

1 Like

Many thanks for your quick response, I will check with the online tool pointed out. As I mentioned below, I will consider this alert as a false-positive case.