Jump to content

Nathan D

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

8 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Perfect, thank you for this conclusion, and again a big thank you to Flood and Flood's wife and you Berny for the expertise that you kindly share with incompetents like me! ? And I wish you a great week! ?️
  2. Thank you for this clarification, I redid another scan as administrator, this launches the program the same way I did just by double clicking on it and the result is the same: "Aucun élément n'a été détecté sur votre système" (Nothing was detected on your system) I relaunched too a full scan via Karspersky: no threat detected either. Should we conclude that there is nothing to worry about, anything in the above reports that needs going any further? (regarding CCleaner, I'll have to do without it: with regard to my case, the interesting functions of this software are in the professional version...)
  3. Thank you Berny for this new idea! I just did it (by installing the program or something like that, I don't know how to run it like ADMIN). Apparently the program does not detect anything. It says "Aucun élément n'a été détecté sur votre système" (Nothing was detected on your system). Here is the screenshot : I don't know what to think, on the one hand, Kaspersky does not detect any trojan, nor this AdwCleaner program apparently, and the behavior of the computer seems quite normal; on the other hand, I have the feeling that there are worrying elements on the reports... ?
  4. Thank you very much Berny and Flood and Flood's wife! It's very kind of you! Your advice seems very knowledgeable (obviously) and effective, but it's also maybe a little above my skills, I mean for the procedure you listed dear Flood and Flood's wife. Before trying it anyway, I was wondering: wouldn't we get the same result by uninstalling googlechrome? Normally, unless I'm mistaken, uninstalling a program means removing all of its components and (I imagine) the cache is one of them, right? Regarding a more generic search, I put simply "HEURT" and I get the 4 events you can see on the screenshot below (but no events with PDM, PUA or PUP). Apparently another trojan that I had not seen before (now it's on Firefox as it seems, and if I understand correctly, there are problems in events 1 and 3, but not 2 and 4.): The report (I'm not sure if it's four different things or four times the same thing) : 13/03/2023 17:48:27 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries\E51B9E1167DFE7245029D49EF078470842A2B6F0 E51B9E1167DFE7245029D49EF078470842A2B6F0 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries Fichier Non traité Désinfection impossible Non traité not-a-virus:HEUR:RiskTool.JS.Miner.gen Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Faible Analyse heuristique Firefox firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox 11900 DESKTOP-R8M79J9\PC Utilisateur actif Ignoré 13/03/2023 17:48:27 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries\E51B9E1167DFE7245029D49EF078470842A2B6F0 E51B9E1167DFE7245029D49EF078470842A2B6F0 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries Fichier Détecté Un programme légitime pouvant être utilisé par des individus malintentionnés afin de nuire à l'ordinateur ou aux données de l'utilisateur a été détecté Détecté not-a-virus:HEUR:RiskTool.JS.Miner.gen Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Faible Analyse heuristique Firefox firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox 11900 DESKTOP-R8M79J9\PC Utilisateur actif Analyse des experts 13/03/2023 17:47:42 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries\562EDA8CD4276B647B5E243DFFE08E8C4B389B83 562EDA8CD4276B647B5E243DFFE08E8C4B389B83 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries Fichier Non traité Désinfection impossible Non traité not-a-virus:HEUR:RiskTool.JS.Miner.gen Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Faible Analyse heuristique Firefox firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox 11900 DESKTOP-R8M79J9\PC Utilisateur actif Ignoré 13/03/2023 17:47:42 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries\562EDA8CD4276B647B5E243DFFE08E8C4B389B83 562EDA8CD4276B647B5E243DFFE08E8C4B389B83 C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\suo6a5cz.default-release-1670380309982\cache2\entries Fichier Détecté Un programme légitime pouvant être utilisé par des individus malintentionnés afin de nuire à l'ordinateur ou aux données de l'utilisateur a été détecté Détecté not-a-virus:HEUR:RiskTool.JS.Miner.gen Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Faible Analyse heuristique Firefox firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox 11900 DESKTOP-R8M79J9\PC Utilisateur actif Analyse des experts In the box at the bottom which corresponds to the first event, here is what is written: Événement: Désinfection impossible Utilisateur: DESKTOP-R8M79J9\PC Type d'utilisateur: Utilisateur actif Nom de l'application: firefox.exe Chemin d'accès à l'application: C:\Program Files\Mozilla Firefox Module: Antivirus fichiers Résultat de description: Non traité Type: Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Nom: not-a-virus:HEUR:RiskTool.JS.Miner.gen Exactitude: Analyse heuristique In the box at the bottom which corresponds to the second event, here is what is written: Événement: Un programme légitime pouvant être utilisé par des individus malintentionnés afin de nuire à l'ordinateur ou aux données de l'utilisateur a été détecté Utilisateur: DESKTOP-R8M79J9\PC Type d'utilisateur: Utilisateur actif Nom de l'application: firefox.exe Chemin d'accès à l'application: C:\Program Files\Mozilla Firefox Module: Antivirus fichiers Résultat de description: Détecté Type: Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Nom: not-a-virus:HEUR:RiskTool.JS.Miner.gen Exactitude: Analyse heuristique In the box at the bottom which corresponds to the third event, here is what is written: Événement: Désinfection impossible Utilisateur: DESKTOP-R8M79J9\PC Type d'utilisateur: Utilisateur actif Nom de l'application: firefox.exe Chemin d'accès à l'application: C:\Program Files\Mozilla Firefox Module: Antivirus fichiers Résultat de description: Non traité Type: Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Nom: not-a-virus:HEUR:RiskTool.JS.Miner.gen Exactitude: Analyse heuristique In the box at the bottom which corresponds to the fourth event, here is what is written: Événement: Un programme légitime pouvant être utilisé par des individus malintentionnés afin de nuire à l'ordinateur ou aux données de l'utilisateur a été détecté Utilisateur: DESKTOP-R8M79J9\PC Type d'utilisateur: Utilisateur actif Nom de l'application: firefox.exe Chemin d'accès à l'application: C:\Program Files\Mozilla Firefox Module: Antivirus fichiers Résultat de description: Détecté Type: Programme légitime pouvant être exploité par un individu mal intentionné afin de nuire à l'ordinateur ou aux données de l'utilisateur Nom: not-a-virus:HEUR:RiskTool.JS.Miner.gen Exactitude: Analyse heuristique Again, I would ask the same question as for the other trojan on googlechrome: can't one just "radically" uninstall Firefox (in a way that leaves no part of the program on the computer) and then reinstall it?
  5. Thank you very much Flood and Flood's wife for this detailed answer! ? Yes I should have made a screenshot at the time, foolishly I did not think about it (maybe the panic, people on the internet were almost saying “the explosion of your computer is imminent”…), that will serve as a lesson to me! I followed the steps you kindly gave me (thank you so much again!). Alas, I'm afraid I haven't found anything interesting in the headings on the left, I don't know why... I mean I pasted "HEUR:Trojan.Script.Miner.gen" into the search bar (the only thing I had the presence of mind to exactly copy at the time of the alert) and hit “enter” in each of the headings on the left. Each time, it gives no result, except a single one: the “Analyse” (Analysis) section . Here is the screenshot: In the bottom box it says roughly the same thing in all 5 recorded events, with the difference that: In some boxes (those corresponding to events 1, 2 and 4), there is: “Evénement : désinfection impossible” (Event: Disinfection impossible) and “Résultat: Non traité” (Result: Not treated) (in the screenshot above, you have the case of event 5 with the corresponding box at the bottom) In other boxes (those corresponding to events 3 and 5), there is: “Evénement: Un objet malveillant a été détecté” (Event: A malicious object has been detected) and “Résultat: Détecté” (Result: Detected) And here are the reports for each of the 5 events (I guess an analysis report is not of much interest, but here it is anyway, just in case) (“cheval de troie” means “trojan”) : Hier, 19/03/2023 01:20:07 C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270\f_000270 Non traité Désinfection impossible HEUR:Trojan.Script.Miner.gen Ignoré Fichier C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270// f_000270 Non traité Cheval de Troie Élevé Analyse heuristique DESKTOP-R8M79J9\PC Utilisateur actif Hier, 19/03/2023 00:45:30 C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270\f_000270 Non traité Désinfection impossible HEUR:Trojan.Script.Miner.gen Reporté Fichier C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270// f_000270 Non traité Cheval de Troie Élevé Analyse heuristique DESKTOP-R8M79J9\PC Utilisateur actif Hier, 19/03/2023 00:45:30 C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270\f_000270 Détecté Un objet malveillant a été détecté HEUR:Trojan.Script.Miner.gen Analyse des experts Fichier C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270// f_000270 Détecté Cheval de Troie Élevé Analyse heuristique DESKTOP-R8M79J9\PC Utilisateur actif 18/03/2023 18:01:55 C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270\f_000270 Non traité Désinfection impossible HEUR:Trojan.Script.Miner.gen Reporté Fichier C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270// f_000270 Non traité Cheval de Troie Élevé Analyse heuristique DESKTOP-R8M79J9\PC Utilisateur actif 18/03/2023 18:01:55 C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270\f_000270 Détecté Un objet malveillant a été détecté HEUR:Trojan.Script.Miner.gen Analyse des experts Fichier C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000270// f_000270 Détecté Cheval de Troie Élevé Analyse heuristique DESKTOP-R8M79J9\PC Utilisateur actif Thanks again for all the help, I feel like things are ok (still no overheating), that's the main thing! It may be naive but I tell myself that after all, if this trojan had remained, there is a good chance that Karskersky saw it in the full analysis of yesterday, since it already saw it the first time... In any case I will let you know if something happens, if you have nothing to add thank you all again for your help! ??☺️
  6. Thank you for your reply! Alas I tried in vain to find the report on this trojan. I've followed the online help but I can't find it (when I told you I sucked, it wasn't false modesty!) On the other hand I did a full (long) scan and the result is good: no threat detected. We can therefore conclude that it is enough to say that the virus is no longer there if I follow you correctly; no risk of having a virus hidden somewhere that Kaspersky wouldn't see, right?
  7. Just one thing to be sure that there is no mistake about what I did: I specify that Karspersky did not offer me to click on a "delete" button. In fact, Karspersky gave me the possibility to access the file (I don't remember what was written in the dropdown menu but it was something like "get access to the file") It was after accessing this place on the pc where the virus was that I took the initiative to select and delete everything (there were something like 800 files, I deleted them all and emptied the trash like I'm closing the door to hell) Either way, I hope that doesn't change your conclusion that I did the right thing! ?
  8. Thank you very much for your reassuring answer, I'm happy!? Thanks a lot also for this detailed and very interesting answer, I will study it in detail to be sure I understand well (given my complete nullity for these things) For now everything is fine, I'll let you know if it changes but everything seems ok! Not only Karspersky stayed green but also the computer is no longer heating (yesterday it was hotter than the radiator in the house! Mining crypto I guess...) (I turned it off right away) Thanks again!! ??
  9. Hi everybody ?️ I hope I'm in the right part of the forum to ask my question, this is my first time on this forum after several years of using Karspersky. Here is my situation: I have Windows 10 Professional + Karskersky Total Security. Recently I was informed by Karspersky that there was a problem with a trojan called: HEUR:Trojan.Script.Miner.gen ? It was indicated by Karspersky that the Trojan could not be deleted. I went to see a lot of websites or videos to solve this, but everything seemed very complicated to me (it must be said that I am a complete zero in computers). I saw that Karspersky offered me in a drop-down menu to access the file of the trojan. I saw indeed this file but I didn't dare to do anything because it seemed extremely difficult to delete it, and I couldn't believe that it would be enough to select everything and simply do "delete". In desperation, that's what I did anyway and surprise: Karspersky turned green again, saying that everything is fine. It seems too good to be true, so I wonder if I did it right, or if I made a mistake, despite appearances. Maybe I believe the Trojan is deleted, Karspersky also believes it because of my manual intervention, but it is not the case? I have also heard that this malware duplicates or hides a copy of itself. This is all creepy! Would you say that my fears are justified or that everything is fine, as it seems? Thank you very much for your opinion anyway!
×
×
  • Create New...