Rokoz

alright, thanks for everything. i also did again the full scan with the antivirus and the kasperky tool and still all clean. thanks again for your help

ok, i did it and after i removed it from the browser those 2 sites popped up is it normal? the second one i think is because i pressed the “report abuse” button but, since the extensions is no more in the store, google can’t find it. but the first one?

can i do it from the browser, with the remove button, or do i need to delete itmanually by deleting the folder in the browser folder?

yes, nothing detected. yesterday i did another scan with the tool, because the browser showed me this message “ This extension may have been corrupted.“ onone of the extension (it is the antivirus extension so i already asked on their forum), and it was all clean. today after i delete the video downloader extension i will do again another 2 scans with the tool and with the antivirus. last question, can i delete that extension from the browser (using the “remove” button) without risk anything or do i need to delete the extension manually?

yes, i did 1 scan with the kasperky tool after he put the viruses in quearantine. and in the next 2 days (my pc is old so it is not that fast), after i put in quarantine the folder with the adwcleaner, i did a full scan 1 time with the antivirus, 1 time with the kaspersky tool, and also with the adwcleaner

the kaspersky tool found it in C:\Users\….\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ eooikgjpbiiaebbbnjbcnmgggekfnhfj i posted it at the beginning where i explained my problem. but i don’t know if this is the download location that you are asking me. also i went now in that folder and the extension is still here but without the “ background.js” “contentscript.js” that are in the kasperky tool quarantine

how do i do that? You can delete those extentions manually in Brave. Can you give it a try? If it does not work for some reason, you can reset Brave browser or delete current user profile and create a new one. if with delete manually you mean just to press the “remove” button on the browser, i know i can but i didn’t do that, because since i don’t know what viruses that are in extension can do i thought that was safer to keep it but inactive and i also to avoid doing more damage sorry for the late replies but i saw only thoday the email that someone tagged me

does it have the same id? because there are a lot of extensions with thename of “Video Downloaded Professional“ and also i can’t find it on the store. the top 3 extensions with that same name have these id’s pboidikkgjoedgccndgmgcalcpofdoia - hcmifggiafbblnlgkeamfopdecenbcle - elicpjhcidhpjomhibiffojpinpmmpil the one that i have installed is eooikgjpbiiaebbbnjbcnmgggekfnhfj

oh, for the new version i downloaded it from the site again. i didn’t click the “update now”. is the same thing? for the extension, i downloader it like in 2019 and this month i reactivated it by mistake (when i don’t use one extension i don’t keep it active) this one, they have the same ID

ok, thanks. last 2 questions, is it normal that the extesion is still on the browser? i want also to do another full scan with the kaspersky tool, but today it says “this version is obsolete. update now”. as far i understand i need to download again the tool. this doesn’t change anything, right? i mean, the file will continue to stay in quarantine, i can still see the older report, etc?

ok, so i put the PUP.Optional.Legacy in quarantine and now i see that there are no more process in the task manager about wildtangent but the folder whit all the files is still there ( C:\Program Files (x86)\WildTangent Games\App ) so if it is a safe procedure using revo uninstaller, i’ll unnistall this. i also used the opetip that you linked, i sent some files from that folder and all are clean. anyway, my first problem was this now i have these 2 in quarantine in the kasperky removal tool and the extension is still in the browser and i also have 1 thing in quarantine in adwclean. is everything safe in their respective quarantine? or do i need to do something more? i read the faq here, https://support.kaspersky.com/kvrt2020#kb on the site, but i didn’t find anything regard this

sorry for the late reply. i downloaded the revo uninstaller and i ran again adwcleaner (because the first time you said to don’t clear the detections, i didn’t even put them in quarantine). i see this are we sure that wildtanget is the consequence of the viruses initially found by kasperky? adwcleaner also say this “ We also want to be clear here: Preinstalled software is not malicious. Instead, for some users, preinstalled applications serve more as an annoyance. “ here https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device-your-choice-adwcleaner-now-detects-preinstalled-software/ on revo i see only this that cointains the word wildtangent. it this one? another question, here i see all these things to check. do i need to check some of them before cleaning the pup? and also, do i need to remove the pup and the “Preinstalled.WildTangentGamesBundle”?

just a small recap beacuse i’m still confused. -kaspersky found 2 viruses from an extension, trojan + adware (is this one virus or 2 different one? i don’t know). i have those files in the kaspersky quarantine (i think) -adwcleaner found 38 things. 1 marked as red (***** [ Folders ] ***** PUP.Optional.Legacy C:\Users\...\AppData\Roaming\Tencent) and the other 37 marked as yellow un the “***** [ Preinstalled Software ] ***** “ (i didn’t remove anything) from now i don’t know what to do, which files/programs do i neeed to remove? using what?, the kasperky tool, adwcleaner or revo? in which order do i need to do this? again, sorry for all these questions

i’m trying to find where tu put all my personal files. anyway i still don’t understand which are those games and if i need to delete them manually first and then run the programs you said

which game do i need to delete? the things i see with something like WildTangentGamesBundle are.. on task manager i see wildtangent games app integration service (32) bit (author:Wildtangent) and if i open his folder location is in C:\Program Files (x86)\WildTangent Games\App (all the files are from 2014 and 2015, but i bought the pc in 2016. and i see wildtangent games app in the list of the programs (where there are all the programs installed in your pc). another question, this is a new thing found on my pc or it is connected to the problem i posted first? becuse i also still have those found by the kaspersky tool

no, but, if can help, this is an asus pre assembleb pc

I put the X every time there was something like “ddfg3…. - cf5… - 2dd…. -” and so on. tell me if you also need them. # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-03-22.1 (Cloud) # Support: https://www.malwarebytes.com/support# # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-27-2021 # Duration: 00:00:26 # OS: Windows 10 Home # Scanned: 31969 # Detected: 37 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\Users\...\AppData\Roaming\Tencent ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\AI BOOTING Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\ASUS MANAGER - UPDATE Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\BACKUP & RECOVERY Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\PC CLEANUP Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\POWER MANAGER Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\RECOVERY Preinstalled.ASUSManager Folder C:\Program Files (x86)\ASUS\ASUS MANAGER\SYNCUP Preinstalled.ASUSManager Folder C:\Users\...\AppData\Local\ASUS\ASUS MANAGER\PC CLEANUP Preinstalled.ASUSManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X Preinstalled.ASUSWebStorage Folder C:\Program Files (x86)\ASUS\WEBSTORAGE Preinstalled.ASUSWebStorage Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE Preinstalled.ASUSWebStorage Registry HKLM\Software\Classes\CLSID\ X Preinstalled.ASUSWebStorage Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage Preinstalled.ASUSWebStorage Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\...\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\ X Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\ X Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\ X Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X.WildTangent Games App Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ X.WildTangent Games App-asus Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ X Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ X ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

hello, this is the first time i found a virus on my pc since i’ve always been careful, but this time a browser extension, that i’ve been using since years (it had also over 500k download), was corrupted. my antivirus didn’t detect anything, but the browser (Brave browser) told me that the extension was malicious so i deactivated it and i started a full scan with my antivirus (not kaspersky), at the end it found nothing, but since i like different opinions i did the full scan with another antivirus and it also found nothing. so i kept using my pc normally for 3 weeks and then one of my friend told me about the kaspersky virus removal tool and yesterday i tried it. so i started the full scan with the kaspersky virus removal tool and it found 2 viruses connected to the extension. those are the viruses “HEUR:Trojan.Script.Generic” and “not-a-virus:HEUR:AdWare.Script.Generic” both are located in C \users … \appdata \local \bravesoftware \brave-browser \userdata \defaul \extensions \“the name of that extension (the ID of the esxtensione that you see while in developer mode)” \”the version of that extension” \js \background.js (for the first one, trojan.script.generic) and \js \contentscript.js (for the second one, adware.script.generic) now i have a few question because i never had a virus before so i don’t know what to do and because, at the end of the scan i selected just “delete” (after the scan you have to choose what to do whith those viruses, like “skip” ,”delete” ,”copy to quarantine”,ecc..) but i accidentally pressed the enter button and the tool started another scan (who found nothign this time). now, if in the tool, i click “quarantine” i see those 2 viruses and i also read this here https://support.kaspersky.com/15675 that the files are stored on my pc and can be accessed and something like this so my questions are. -am i safe now or i need to do other things? what should i do? -since after the scan i just selected for both “delete” and pressed enter, what happened to those files? on the scan report i see (in this order) scan (started) - detected (the trojan) - detected (the adware) - scan (finished) - select action (delete) - select action (delete) - disinfection (started) - quarantined - quarantined - deleted - deleted - disinfection (finished). i also see that the extension is still on the browser -is there any chance to see which kind of virus the trojan is? one is an adware (that is not a big deal) but the other one is a trojan and i used the pc for 3 weeks. the pc wasn’t slow, i didn’t see anything strange, while idle the cpu and disk usage are normal (from 0 to 2%) but i know almost nothing my operating system is windows 10 and the kaspersky tool version is 20.0.6.0 sorry for the long post and for all those questions but i really feel bad for this and i’m not sure what to do now