Veerain
-
Posts
39 -
Joined
-
Last visited
Posts posted by Veerain
-
-
Luckily I found one fix...
add your url to trusted addresses... it will then work fine....
-
this is weird.... even kaspersky detects it as safe and somehow is messing up on my pc
-
@Berny@harlan4096 I have changed my app to kaspersky plus and it shows this...
and it shows this ...
Event: Malicious object detected
User: MymachineName\MyUsername
User type: Initiator
Application name: msedge.exe
Application path: C:\Program Files (x86)\Microsoft\Edge\Application
Component: Safe Browsing
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Script.Miner.gen
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: _app-475fd0fc86c5f15d.js
Object path:
MD5 of an object: 3476BF88F39C831FB5C4A09BFA2A95D6
Reason: Expert analysis
Databases release date: Yesterday, 27-3-24 7.35.00 PMI checked its stats on Virus total.. the url given.. and found this..
VirusTotal - URL here is the link ... you can check it for yourself... This is way too many false positives... its like a modern day child has asthma when he visits a farm and his body over reacts over a bee sting (over active immune system).
Which is considered bad even in medicine...
Please look into this.. if possible share the analysis with technical team.. I will be happy to help debug this.. being a developer my self... I will be happy to help them. (But I wont entertain non official fraudsters.. so your people need to verify themselves..)
-
ya this line is misspelt.. Here is the corrected one.. "Mostly It tags the codes I do on various coding platforms(when I solve them on my pc) as malicious and need to restart pc to disinfect.... "
-
1
-
-
Specs :
Ya so today 2 times kts didn't let me code on geeksforgeeks. Here is the info
Event: Download denied
User: MyMachine\MyUsername
User type: Active user
Application name: msedge.exe
Application path: C:\Program Files (x86)\Microsoft\Edge\Application
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan.Script.Miner.gen
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: _app-475fd0fc86c5f15d.js
Object path: https://www . geeksforgeeks . org/_next/static/chunks/pages
MD5: 3476BF88F39C831FB5C4A09BFA2A95D6
Reason: Expert analysis
Databases release date: Today, 27-3-24 9.33.00 AMEvent: Malicious object detected
User: MyMachine\MyUsername
User type: Active user
Application name: msedge.exe
Application path: C:\Program Files (x86)\Microsoft\Edge\Application
Component: Web Anti-Virus
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Script.Miner.gen
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: _app-475fd0fc86c5f15d.js
Object path: https://www . geeksforgeeks . org/_next/static/chunks/pages
MD5: 3476BF88F39C831FB5C4A09BFA2A95D6
Reason: Expert analysis
Databases release date: Today, 27-3-24 9.33.00 AM+ Mostly It tags the codes I do on various as malicious and need to restart pc to disinfect.... Not expected from a company like kaspersky... It mostly targets exe generated (practically harmless as I coded them) and is in general not a very nice experience...
Any fixes?? BTW I tried out many things mentioned in the fourms...
Mostly all of them focus on disabling the "Perform recommended actions automatically" thing and add it to exceptions and turn it back on... Even then this is repeating....
-
ya I got my ans...
-
@harlan4096 India, Also since I have to buy, and sale is going on can I buy key now and activate later?? (Since some days are still left) (also does the activation begin when you first buy it or it begins after activation?? and what is the maximum duration upto which you can keep without activation)
-
@harlan4096 Ya its disabled in my country
-
1
-
-
@harlan4096 Since my kts time period is about up, is there any plan where I can get unlimited VPN + AV?? I was about to renew
-
1
-
-
@Guilhermesene4096 Thankyou so much for the ans,
Could you confirm if there is support for onedrive in the upgraded version??
-
Specs :
My organization(clg) has given ma 1TB of free space on Onedrive and I don't want to use much of my pc's storage storing large files.... I didn't see an option for enabling link with onedrive while backing up.. Does anyone know how to do it( if its even possible to do so?)
-
At least tell me that I am safe or not !! if someone doesnt know what to do they can at least escalate this??
-
Also please let me know how to track the one who did this so that I can give them a thankyou kiss
-
Hello !
I am using kts on my windows 10 home
I recently got the notification from kaspersky:
(you can click on the image and open in new tab to see it more clearly)
Here it says that my the attack was blocked but when I went to event viewer it showed me this:
The details of the event are as follows
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 27-9-23 7.49.36 PM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: Xenomorph
Description:
An account was successfully logged on.Subject:
Security ID: SYSTEM
Account Name: XENOMORPH$
Account Domain: WORKGROUP
Logon ID: 0x3E7Logon Information:
Logon Type: 5
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: YesImpersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information:
Process ID: 0x330
Process Name: C:\Windows\System32\services.exeNetwork Information:
Workstation Name: -
Source Network Address: -
Source Port: -Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4624</EventID>
<Version>2</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2023-09-27T14:19:36.4520444Z" />
<EventRecordID>2894337</EventRecordID>
<Correlation ActivityID="{debc7482-e734-0000-2a75-bcde34e7d901}" />
<Execution ProcessID="740" ThreadID="23836" />
<Channel>Security</Channel>
<Computer>Xenomorph</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">XENOMORPH$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="TargetUserSid">S-1-5-18</Data>
<Data Name="TargetUserName">SYSTEM</Data>
<Data Name="TargetDomainName">NT AUTHORITY</Data>
<Data Name="TargetLogonId">0x3e7</Data>
<Data Name="LogonType">5</Data>
<Data Name="LogonProcessName">Advapi </Data>
<Data Name="AuthenticationPackageName">Negotiate</Data>
<Data Name="WorkstationName">-</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x330</Data>
<Data Name="ProcessName">C:\Windows\System32\services.exe</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
<Data Name="ImpersonationLevel">%%1833</Data>
<Data Name="RestrictedAdminMode">-</Data>
<Data Name="TargetOutboundUserName">-</Data>
<Data Name="TargetOutboundDomainName">-</Data>
<Data Name="VirtualAccount">%%1843</Data>
<Data Name="TargetLinkedLogonId">0x0</Data>
<Data Name="ElevatedToken">%%1842</Data>
</EventData>
</Event>Ya so is it of any concern to me??
Actually I am in a technology institute so some dudes like to become hackers here so... is there anything that i can do to protect myself :)
-
8 hours ago, Berny said:
Please download and run AdwCleaner(*) as ADMIN.
1) ⚠️ Don’t fix eventual detections ⚠️
2) Please attach the TXT Log in your next post(*) No installation required.
Hello
Here are your files
https://drive.google.com/drive/folders/1OxJ4qDUfJOqqTfKkIkZXTzTtwNS-ln2m?usp=sharing
-
Hello I was unavailable for some time so sorry for that.
6 hours ago, Flood and Flood's wife said:Hello @Veerain,
No problem, thank you for the information!
- Did Trojan.Multi.GenAutorunReg.a appear *after* the Database update, Full scan & Shutdown, power on, login, etc., we suggested in our previous reply?
- IF you've completely blocked brave, why not uninstall it -> it sounds as if you're not going to use it, why keep it on the system??
Thank you?
Flood?+?
for your 1st question
Trojan.Multi.GenAutorunReg.a appeared after I clicked on "delete" in the "Select method of processing legitimate software." (refer my very first post in my first message image bottom right popup) till that point I couldn't see Trojan.Multi.GenAutorunReg.a in the kts logs. it was after the advanced disinfection that it showed me that Trogan. (which it removed)
Your message to shut down and update the database came after Kts had disinfected the trojan (after adv disinf)
2)I did.!
Infact When I blocked all its processes I wasn't able to uninstall it.( as I blocked brave installer also)
(then I unblocked the installer and then uninstalled it.)
But to my surprise Some components were still left (like in program files 86 etc) I manually deleted all of them by (searching "brave" in my explorer under full pc scan)
Then after sometime it again showed that it had deleted another trojan and made a quarantine copy of it.
Then after loosing all my patience I left my pc in the hands of the lord (may god bless it and my patience)
anyways now it seems to be fine
-
1
-
Sorry for the late response I was planning out how to put forward my concern properly
Here is the link to the file and first watch the video which I added in that file.
https://drive.google.com/drive/folders/1HXZfwpmjxnx_vGrYQx_PaW824SVz7yxu?usp=sharing
Regards Veerain
-
now I want to know how to remove an application off the "trusted applications" as they were able to place it in trusted application group so.......... how to deal with this situation now .........
-
Thankyou for the reply first of all..
Secondly Here is the trailer of what happened while you were working on my issue :
Iike any person would, I selected the delete option.
For some time it didn't do anything and then it came back with :
Event: Malicious object detected
User: XENOMORPH\My name
User type: Active user
Component: Virus Scan
Result: Detected
Result description: Detected
Type: Trojan
Name: Trojan.Multi.GenAutorunReg.a
Precision: Exactly
Threat level: High
Object type: File
Object name: System Memory
Reason: Expert analysis
Databases release date: Yesterday, 20-08-2022 14:09:00and then it asked me to do an advanced disinfection. So I proceeded with it. And after restarting my pc I went to the logs and found this:
Event: Object disinfected
User: XENOMORPH\my name
User type: Active user
Component: Virus Scan
Result: Disinfected
Result description: Disinfected
Type: Trojan
Name: Trojan.Multi.GenAutorunReg.a
Precision: Exactly
Threat level: High
Object type: File
Object name: System Memory
And to my wonder,
now the same tor file that it couldn't disinfect is now placed in the trusted applications group...
the application control says:
Today, 21-08-2022 08:05:27:
Event: Application placed in the trusted group;
Application: tor-0.4.7.8-win32-brave-1;
Application name : tor-0.4.7.8-win32-brave-1;
Application Path:C:\Users\my name\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.27;
Application PID: 0;
User : NT AUTHORITY\SYSTEM;
User type: System user;
Application placed in group;;;;;;;Trusted;;;KSN
-
Also I think this happened because I used tor browser of brave(i.e. when you go to opts and select "New Private window with tor") to acess Zlibrary to get some book.As it is now blocked in my country.. so I thought this info might be helpful.
Also can you suggest any better method to acess tor without compromising my security(like this happened now and I don't want these kind of things repeating the next time I use tor...) Is there any "safe way" (acc to kaspersky) to acess the tor network?
-
Thankyou so much for the quick reply first of all.....
Here is the full name:
And yes its from brave again.
and in KTS Reports it shows this:
Event: Detected legitimate software that can be used by intruders to damage your computer or personal data
Component: Application Control
Result description: Detected
Type: Legitimate software that can be used by intruders to damage your computer or personal data
Name: not-a-virus:NetTool.Win32.TorTool.goj
Threat level: Low
Object path: C:\Users\veera\AppData\Local\BraveSoftware\Brave- Browser\UserData\cpoalefficncklhjfpglfiplenlpccdb\1.0.27
Object name: tor-0.4.7.8-win32-brave-1
Reason: Databases
Databases release date: Yesterday, 20-08-2022 14:09:00
MD5: 6BF1C0DBFE8F2E6BC086F2CA8C03FBFBAlso do let me know if I should select delete to get rid of it or will that result in some kind of (yet another(btw I am now fed up with brave) brave software mess)
-
1
-
-
Hello
I am using kts on my windows 10 home
and kaspersky Kts version 21.3.10.391 (j)
This morning (i.e. now when I am writing this) I got this error message :-
I have not done anything or clicked anywhere as of yet so this popup is currently on my screen as I type: what should be the proper step for me now ... and kindly help me quickly as the popup is currently open and I haven't selected any of the 3 (delete, skip, add to exclusion) options. Kindly guide me.... as soon as possible
thanks!
-
Hello
I am using kts on my windows 10 home
and kaspersky Kts version 21.3.10.391 (i)
I recently had to reset my device due to some issues and had to reinstall kts
on reinstallation it is asking me to again (I created it the first time I installed kts and it was still there on the system before and after reset) create a backup folder, I was curious that is there a way so that I can continue with previous one? I already have it on my pc
-
thank you for reaching out.
I have disabled the "scan only new and changed files option"
Still it didnt scan all the files because I think I deleted a few of them.
anyway in 2nd I was asking about the fact that does kaspersky detect any malicious registry keys made by the malware? and why did it postponed some of the files?
False Positives of My own Codes and GeeksForGeeks
in Kaspersky Total Security
Posted
@harlan4096 Thankyou so much for your efforts.... really appreciate it.