HEUR:Trojan-Dropper.Win32.Agent.gen

[user34015]

I've downloaded and tried to install a third party setup.zip.

1. Windows Defender detected Trojans continuously until I rebooted. 
2. I permanently deleted the downloaded setup.zip and the corresponding files created/modified in the C drive at the same time the Trojans were detected.
3. I found two folders with long strings in capitals with the same modified/created time that included browsers' (edge and chrome) content (Autofill, CC, Cookies, Downloads, History, Wallets and passwords) in txt files. 
4. I moved the two folders and renamed them.
5. Then installed Kaspersky Anti-virus and scanned. The results:

 

All these were pointing to one cache file named: f_002ce3

I deleted all files in the Cache folder and did a full scan. Didn’t find anything.

What does this mean? Was the browser data already been received by whoever made the setup.zip file or is it part of a long game? I realize I have no way of knowing but I’ve been worried sick for the past 2 days. What should I do next?

[Berny]

@user34015 Welcome. 

Please clean your Edge cache + reboot and proceed with a Kaspersky scan ?

If no fix please reset Edge to default ?

[user34015]

Thanks. I did that asap. I still want to find out whether the passwords.txt and others had been stolen already before I installed Kaspersky (if the damage had already been done).

If the scans aren’t showing anything, that must mean, I’m not being monitored or something, right?

[Berny]

@user34015 Your are welcome.

When a Kaspersky scan doesn’t show anything  means that your system is clean.
 

[user34015]

Ok. I’m a little relieved but I’ll still change the passwords one by one whenever I have time in case they’ve been stolen before I installed Kaspersky av.

[Berny]

@user34015  Please see Check Password Security