Rokoz

April 9, 2021

alright, thanks for everything.

i also did again the full scan with the antivirus and the kasperky tool and still all clean.

thanks again for your help

April 9, 2021

ok, i did it and after i removed it from the browser those 2 sites popped up

is it normal?

the second one i think is because i pressed the “report abuse” button but, since the extensions is no more in the store, google can’t find it.

but the first one?

April 8, 2021

can i do it from the browser, with the remove button, or do i need to delete itmanually by deleting the folder in the browser folder?

April 8, 2021

yes, nothing detected. yesterday i did another scan with the tool, because the browser showed me this message “ This extension may have been corrupted.“ onone of the extension (it is the antivirus extension so i already asked on their forum), and it was all clean.

today after i delete the video downloader extension i will do again another 2 scans with the tool and with the antivirus.

last question, can i delete that extension from the browser (using the “remove” button) without risk anything or do i need to delete the extension manually?

April 7, 2021

yes, i did 1 scan with the kasperky tool after he put the viruses in quearantine.

and in the next 2 days (my pc is old so it is not that fast), after i put in quarantine the folder with the adwcleaner, i did a full scan 1 time with the antivirus, 1 time with the kaspersky tool, and also with the adwcleaner

April 6, 2021

the kaspersky tool found it in C:\Users\….\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ eooikgjpbiiaebbbnjbcnmgggekfnhfj i posted it at the beginning where i explained my problem. but i don’t know if this is the download location that you are asking me.

also i went now in that folder and the extension is still here but without the “ background.js” “contentscript.js” that are in the kasperky tool quarantine

April 6, 2021

Can you please provide the extension link as follows “xxxxx://…...”

how do i do that?

Hi @Rokoz ,

is it normal that the extesion is still on the browser?

You can delete those extentions manually in Brave. Can you give it a try?

If it does not work for some reason, you can reset Brave browser or delete current user profile and create a new one.

if with delete manually you mean just to press the “remove” button on the browser, i know i can but i didn’t do that, because since i don’t know what viruses that are in extension can do i thought that was safer to keep it but inactive and i also to avoid doing more damage

sorry for the late replies but i saw only thoday the email that someone tagged me

March 30, 2021

does it have the same id? because there are a lot of extensions with thename of “Video Downloaded Professional“ and also i can’t find it on the store.

the top 3 extensions with that same name have these id’s pboidikkgjoedgccndgmgcalcpofdoia - hcmifggiafbblnlgkeamfopdecenbcle - elicpjhcidhpjomhibiffojpinpmmpil

the one that i have installed is eooikgjpbiiaebbbnjbcnmgggekfnhfj

March 29, 2021

oh, for the new version i downloaded it from the site again. i didn’t click the “update now”. is the same thing?

for the extension, i downloader it like in 2019 and this month i reactivated it by mistake (when i don’t use one extension i don’t keep it active)

this one, they have the same ID

March 29, 2021

ok, thanks. last 2 questions, is it normal that the extesion is still on the browser?

i want also to do another full scan with the kaspersky tool, but today it says “this version is obsolete. update now”. as far i understand i need to download again the tool. this doesn’t change anything, right? i mean, the file will continue to stay in quarantine, i can still see the older report, etc?

March 29, 2021

ok, so i put the PUP.Optional.Legacy in quarantine and now i see that there are no more process in the task manager about wildtangent but the folder whit all the files is still there ( C:\Program Files (x86)\WildTangent Games\App ) so if it is a safe procedure using revo uninstaller, i’ll unnistall this.

i also used the opetip that you linked, i sent some files from that folder and all are clean.

anyway, my first problem was this

now i have these 2 in quarantine in the kasperky removal tool and the extension is still in the browser

and i also have 1 thing in quarantine in adwclean.

is everything safe in their respective quarantine? or do i need to do something more?

i read the faq here, https://support.kaspersky.com/kvrt2020#kb on the site, but i didn’t find anything regard this

March 28, 2021

sorry for the late reply. i downloaded the revo uninstaller and i ran again adwcleaner (because the first time you said to don’t clear the detections, i didn’t even put them in quarantine).

i see this

are we sure that wildtanget is the consequence of the viruses initially found by kasperky? adwcleaner also say this “ We also want to be clear here: Preinstalled software is not malicious. Instead, for some users, preinstalled applications serve more as an annoyance. “ here https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device-your-choice-adwcleaner-now-detects-preinstalled-software/

on revo i see only this that cointains the word wildtangent. it this one?

another question, here i see all these things to check.

do i need to check some of them before cleaning the pup?

and also, do i need to remove the pup and the “Preinstalled.WildTangentGamesBundle”?

March 28, 2021

just a small recap beacuse i’m still confused.

-kaspersky found 2 viruses from an extension, trojan + adware (is this one virus or 2 different one? i don’t know). i have those files in the kaspersky quarantine (i think)

-adwcleaner found 38 things. 1 marked as red (***** [ Folders ] ***** PUP.Optional.Legacy C:\Users\...\AppData\Roaming\Tencent) and the other 37 marked as yellow un the “***** [ Preinstalled Software ] ***** “ (i didn’t remove anything)

from now i don’t know what to do, which files/programs do i neeed to remove? using what?, the kasperky tool, adwcleaner or revo? in which order do i need to do this?

again, sorry for all these questions

March 28, 2021

i’m trying to find where tu put all my personal files.

anyway i still don’t understand which are those games and if i need to delete them manually first and then run the programs you said

March 27, 2021

which game do i need to delete? the things i see with something like WildTangentGamesBundle are..

on task manager i see wildtangent games app integration service (32) bit (author:Wildtangent) and if i open his folder location is in C:\Program Files (x86)\WildTangent Games\App (all the files are from 2014 and 2015, but i bought the pc in 2016.

and i see wildtangent games app in the list of the programs (where there are all the programs installed in your pc).

another question, this is a new thing found on my pc or it is connected to the problem i posted first? becuse i also still have those found by the kaspersky tool

March 27, 2021

no, but, if can help, this is an asus pre assembleb pc

March 27, 2021

I put the X every time there was something like “ddfg3…. - cf5… - 2dd…. -” and so on. tell me if you also need them.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support />#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-27-2021
# Duration: 00:00:26
# OS:       Windows 10 Home
# Scanned: 31969
# Detected: 37

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\...\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

March 27, 2021

hello, this is the first time i found a virus on my pc since i’ve always been careful, but this time a browser extension, that i’ve been using since years (it had also over 500k download), was corrupted.

my antivirus didn’t detect anything, but the browser (Brave browser) told me that the extension was malicious so i deactivated it and i started a full scan with my antivirus (not kaspersky), at the end it found nothing, but since i like different opinions i did the full scan with another antivirus and it also found nothing.

so i kept using my pc normally for 3 weeks and then one of my friend told me about the kaspersky virus removal tool and yesterday i tried it.

so i started the full scan with the kaspersky virus removal tool and it found 2 viruses connected to the extension.

those are the viruses “HEUR:Trojan.Script.Generic” and “not-a-virus:HEUR:AdWare.Script.Generic” both are located in C \users … \appdata \local \bravesoftware \brave-browser \userdata \defaul \extensions \“the name of that extension (the ID of the esxtensione that you see while in developer mode)” \”the version of that extension” \js \background.js (for the first one, trojan.script.generic) and \js \contentscript.js (for the second one, adware.script.generic)

now i have a few question because i never had a virus before so i don’t know what to do and because, at the end of the scan i selected just “delete” (after the scan you have to choose what to do whith those viruses, like “skip” ,”delete” ,”copy to quarantine”,ecc..) but i accidentally pressed the enter button and the tool started another scan (who found nothign this time).

now, if in the tool, i click “quarantine” i see those 2 viruses and i also read this here https://support.kaspersky.com/15675 that the files are stored on my pc and can be accessed and something like this so my questions are.

-am i safe now or i need to do other things? what should i do?

-since after the scan i just selected for both “delete” and pressed enter, what happened to those files? on the scan report i see (in this order) scan (started) - detected (the trojan) - detected (the adware) - scan (finished) - select action (delete) - select action (delete) - disinfection (started) - quarantined - quarantined - deleted - deleted - disinfection (finished). i also see that the extension is still on the browser

-is there any chance to see which kind of virus the trojan is? one is an adware (that is not a big deal) but the other one is a trojan and i used the pc for 3 weeks. the pc wasn’t slow, i didn’t see anything strange, while idle the cpu and disk usage are normal (from 0 to 2%) but i know almost nothing

my operating system is windows 10 and the kaspersky tool version is 20.0.6.0

sorry for the long post and for all those questions but i really feel bad for this and i’m not sure what to do now

Trojan + AdWare

Rokoz

Posts

Joined

Last visited

Content Type

Forums

Posts posted by Rokoz

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Trojan + AdWare

Forum

Products

Support

Personal Account