Veerain

@harlan4096 Thankyou so much for your efforts.... really appreciate it.

Luckily I found one fix... add your url to trusted addresses... it will then work fine....

@harlan4096 @Berny this is weird.... even kaspersky detects it as safe and somehow is messing up on my pc

@Berny@harlan4096 I have changed my app to kaspersky plus and it shows this... and it shows this ... Event: Malicious object detected User: MymachineName\MyUsername User type: Initiator Application name: msedge.exe Application path: C:\Program Files (x86)\Microsoft\Edge\Application Component: Safe Browsing Result description: Detected Type: Trojan Name: HEUR:Trojan.Script.Miner.gen Precision: Heuristic Analysis Threat level: High Object type: File Object name: _app-475fd0fc86c5f15d.js Object path: MD5 of an object: 3476BF88F39C831FB5C4A09BFA2A95D6 Reason: Expert analysis Databases release date: Yesterday, 27-3-24 7.35.00 PM I checked its stats on Virus total.. the url given.. and found this.. VirusTotal - URL here is the link ... you can check it for yourself... This is way too many false positives... its like a modern day child has asthma when he visits a farm and his body over reacts over a bee sting (over active immune system). Which is considered bad even in medicine... Please look into this.. if possible share the analysis with technical team.. I will be happy to help debug this.. being a developer my self... I will be happy to help them. (But I wont entertain non official fraudsters.. so your people need to verify themselves..)

ya this line is misspelt.. Here is the corrected one.. "Mostly It tags the codes I do on various coding platforms(when I solve them on my pc) as malicious and need to restart pc to disinfect.... "

Specs : Ya so today 2 times kts didn't let me code on geeksforgeeks. Here is the info Event: Download denied User: MyMachine\MyUsername User type: Active user Application name: msedge.exe Application path: C:\Program Files (x86)\Microsoft\Edge\Application Component: Web Anti-Virus Result description: Blocked Type: Trojan Name: HEUR:Trojan.Script.Miner.gen Precision: Heuristic Analysis Threat level: High Object type: File Object name: _app-475fd0fc86c5f15d.js Object path: https://www . geeksforgeeks . org/_next/static/chunks/pages MD5: 3476BF88F39C831FB5C4A09BFA2A95D6 Reason: Expert analysis Databases release date: Today, 27-3-24 9.33.00 AM Event: Malicious object detected User: MyMachine\MyUsername User type: Active user Application name: msedge.exe Application path: C:\Program Files (x86)\Microsoft\Edge\Application Component: Web Anti-Virus Result description: Detected Type: Trojan Name: HEUR:Trojan.Script.Miner.gen Precision: Heuristic Analysis Threat level: High Object type: File Object name: _app-475fd0fc86c5f15d.js Object path: https://www . geeksforgeeks . org/_next/static/chunks/pages MD5: 3476BF88F39C831FB5C4A09BFA2A95D6 Reason: Expert analysis Databases release date: Today, 27-3-24 9.33.00 AM + Mostly It tags the codes I do on various as malicious and need to restart pc to disinfect.... Not expected from a company like kaspersky... It mostly targets exe generated (practically harmless as I coded them) and is in general not a very nice experience... Any fixes?? BTW I tried out many things mentioned in the fourms... Mostly all of them focus on disabling the "Perform recommended actions automatically" thing and add it to exceptions and turn it back on... Even then this is repeating....

ya I got my ans...

@harlan4096 India, Also since I have to buy, and sale is going on can I buy key now and activate later?? (Since some days are still left) (also does the activation begin when you first buy it or it begins after activation?? and what is the maximum duration upto which you can keep without activation)

@harlan4096 Ya its disabled in my country

@harlan4096 Since my kts time period is about up, is there any plan where I can get unlimited VPN + AV?? I was about to renew

@Guilhermesene4096 Thankyou so much for the ans, Could you confirm if there is support for onedrive in the upgraded version??

Specs : My organization(clg) has given ma 1TB of free space on Onedrive and I don't want to use much of my pc's storage storing large files.... I didn't see an option for enabling link with onedrive while backing up.. Does anyone know how to do it( if its even possible to do so?)

At least tell me that I am safe or not !! if someone doesnt know what to do they can at least escalate this??

Also please let me know how to track the one who did this so that I can give them a thankyou kiss

Hello ! I am using kts on my windows 10 home I recently got the notification from kaspersky: (you can click on the image and open in new tab to see it more clearly) Here it says that my the attack was blocked but when I went to event viewer it showed me this: The details of the event are as follows Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 27-9-23 7.49.36 PM Event ID: 4624 Task Category: Logon Level: Information Keywords: Audit Success User: N/A Computer: Xenomorph Description: An account was successfully logged on. Subject: Security ID: SYSTEM Account Name: XENOMORPH$ Account Domain: WORKGROUP Logon ID: 0x3E7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: SYSTEM Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3E7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>4624</EventID> <Version>2</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2023-09-27T14:19:36.4520444Z" /> <EventRecordID>2894337</EventRecordID> <Correlation ActivityID="{debc7482-e734-0000-2a75-bcde34e7d901}" /> <Execution ProcessID="740" ThreadID="23836" /> <Channel>Security</Channel> <Computer>Xenomorph</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-5-18</Data> <Data Name="SubjectUserName">XENOMORPH$</Data> <Data Name="SubjectDomainName">WORKGROUP</Data> <Data Name="SubjectLogonId">0x3e7</Data> <Data Name="TargetUserSid">S-1-5-18</Data> <Data Name="TargetUserName">SYSTEM</Data> <Data Name="TargetDomainName">NT AUTHORITY</Data> <Data Name="TargetLogonId">0x3e7</Data> <Data Name="LogonType">5</Data> <Data Name="LogonProcessName">Advapi </Data> <Data Name="AuthenticationPackageName">Negotiate</Data> <Data Name="WorkstationName">-</Data> <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x330</Data> <Data Name="ProcessName">C:\Windows\System32\services.exe</Data> <Data Name="IpAddress">-</Data> <Data Name="IpPort">-</Data> <Data Name="ImpersonationLevel">%%1833</Data> <Data Name="RestrictedAdminMode">-</Data> <Data Name="TargetOutboundUserName">-</Data> <Data Name="TargetOutboundDomainName">-</Data> <Data Name="VirtualAccount">%%1843</Data> <Data Name="TargetLinkedLogonId">0x0</Data> <Data Name="ElevatedToken">%%1842</Data> </EventData> </Event> Ya so is it of any concern to me?? Actually I am in a technology institute so some dudes like to become hackers here so... is there anything that i can do to protect myself :)

Hello Here are your files https://drive.google.com/drive/folders/1OxJ4qDUfJOqqTfKkIkZXTzTtwNS-ln2m?usp=sharing

Hello I was unavailable for some time so sorry for that. for your 1st question Trojan.Multi.GenAutorunReg.a appeared after I clicked on "delete" in the "Select method of processing legitimate software." (refer my very first post in my first message image bottom right popup) till that point I couldn't see Trojan.Multi.GenAutorunReg.a in the kts logs. it was after the advanced disinfection that it showed me that Trogan. (which it removed) Your message to shut down and update the database came after Kts had disinfected the trojan (after adv disinf) 2)I did.! Infact When I blocked all its processes I wasn't able to uninstall it.( as I blocked brave installer also) (then I unblocked the installer and then uninstalled it.) But to my surprise Some components were still left (like in program files 86 etc) I manually deleted all of them by (searching "brave" in my explorer under full pc scan) Then after sometime it again showed that it had deleted another trojan and made a quarantine copy of it. Then after loosing all my patience I left my pc in the hands of the lord (may god bless it and my patience) anyways now it seems to be fine

Sorry for the late response I was planning out how to put forward my concern properly Here is the link to the file and first watch the video which I added in that file. https://drive.google.com/drive/folders/1HXZfwpmjxnx_vGrYQx_PaW824SVz7yxu?usp=sharing Regards Veerain

now I want to know how to remove an application off the "trusted applications" as they were able to place it in trusted application group so.......... how to deal with this situation now .........

Thankyou for the reply first of all.. Secondly Here is the trailer of what happened while you were working on my issue : Iike any person would, I selected the delete option. For some time it didn't do anything and then it came back with : Event: Malicious object detected User: XENOMORPH\My name User type: Active user Component: Virus Scan Result: Detected Result description: Detected Type: Trojan Name: Trojan.Multi.GenAutorunReg.a Precision: Exactly Threat level: High Object type: File Object name: System Memory Reason: Expert analysis Databases release date: Yesterday, 20-08-2022 14:09:00 and then it asked me to do an advanced disinfection. So I proceeded with it. And after restarting my pc I went to the logs and found this: Event: Object disinfected User: XENOMORPH\my name User type: Active user Component: Virus Scan Result: Disinfected Result description: Disinfected Type: Trojan Name: Trojan.Multi.GenAutorunReg.a Precision: Exactly Threat level: High Object type: File Object name: System Memory And to my wonder, now the same tor file that it couldn't disinfect is now placed in the trusted applications group... the application control says: Today, 21-08-2022 08:05:27: Event: Application placed in the trusted group; Application: tor-0.4.7.8-win32-brave-1; Application name : tor-0.4.7.8-win32-brave-1; Application Path:C:\Users\my name\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.27; Application PID: 0; User : NT AUTHORITY\SYSTEM; User type: System user; Application placed in group;;;;;;;Trusted;;;KSN

Also I think this happened because I used tor browser of brave(i.e. when you go to opts and select "New Private window with tor") to acess Zlibrary to get some book.As it is now blocked in my country.. so I thought this info might be helpful. Also can you suggest any better method to acess tor without compromising my security(like this happened now and I don't want these kind of things repeating the next time I use tor...) Is there any "safe way" (acc to kaspersky) to acess the tor network?

Thankyou so much for the quick reply first of all..... Here is the full name: And yes its from brave again. and in KTS Reports it shows this: Event: Detected legitimate software that can be used by intruders to damage your computer or personal data Component: Application Control Result description: Detected Type: Legitimate software that can be used by intruders to damage your computer or personal data Name: not-a-virus:NetTool.Win32.TorTool.goj Threat level: Low Object path: C:\Users\veera\AppData\Local\BraveSoftware\Brave- Browser\UserData\cpoalefficncklhjfpglfiplenlpccdb\1.0.27 Object name: tor-0.4.7.8-win32-brave-1 Reason: Databases Databases release date: Yesterday, 20-08-2022 14:09:00 MD5: 6BF1C0DBFE8F2E6BC086F2CA8C03FBFB Also do let me know if I should select delete to get rid of it or will that result in some kind of (yet another(btw I am now fed up with brave) brave software mess)

Hello I am using kts on my windows 10 home and kaspersky Kts version 21.3.10.391 (j) This morning (i.e. now when I am writing this) I got this error message :- I have not done anything or clicked anywhere as of yet so this popup is currently on my screen as I type: what should be the proper step for me now ... and kindly help me quickly as the popup is currently open and I haven't selected any of the 3 (delete, skip, add to exclusion) options. Kindly guide me.... as soon as possible thanks!

Hello I am using kts on my windows 10 home and kaspersky Kts version 21.3.10.391 (i) I recently had to reset my device due to some issues and had to reinstall kts on reinstallation it is asking me to again (I created it the first time I installed kts and it was still there on the system before and after reset) create a backup folder, I was curious that is there a way so that I can continue with previous one? I already have it on my pc

thank you for reaching out. I have disabled the "scan only new and changed files option" Still it didnt scan all the files because I think I deleted a few of them. anyway in 2nd I was asking about the fact that does kaspersky detect any malicious registry keys made by the malware? and why did it postponed some of the files?