Kaspersky File Anti Virus is Detecting HEUR Trojan Script Generic in MSEdge Spamming Me With Notifications

[M4k4l3d]

Kaspersky is detecting a false threat or kaspersky is unable to delete the virus permanently from my system. I saw suggestions on forum for same issue , i tried clearing cache deleting cookies then rebooting, it didnt work . Only thing seems to work is  going to privacy and  "cookies and site permissions" settings and setting all them to "blocked" or "not allowed" basicly not allowing anything that i can allow. Notifications seems to stopped but when i turn off all these features microsoft edge is becoming unusable basically.

Virus files are always getting detected at same location , one example

C:\Users\******\AppData\Local\Temp\scoped_dir8184_1774212031\c980f1ee-fbd0-4bf6-94bd-beb43e140240.tmp    c980f1ee-fbd0-4bf6-94bd-beb43e140240.tmp

file name changes but always found at somewhere scoped_dir........................

I want to be able to use microsoft edge , is there any solution for this issue?

[harlan4096]

Welcome to Kaspersky Community.

 

Can You post a pic with the full details of the detection?

 

Also, check Your add-ons installed in Edge if any suspicious...

[M4k4l3d]

17 minutes ago, harlan4096 said:

Welcome to Kaspersky Community.

 

Can You post a pic with the full details of the detection?

 

Also, check Your add-ons installed in Edge if any suspicious...

there was one suspicious extension but i removed that from microsoft edge long time ago (before i install windows from 0 with a clean installation)

I try to change language of my kaspersky premium but couldnt figure out how to do 

Do u know how can i change interface language so i can send u a meaningful screenshot?

 

[M4k4l3d]

Screenshoot, by the way if anyone needs , you can hold shift and F12 together to switch to english display language.

Edited September 17, 2023 by M4k4l3d
forgot to mention how to switch language

[M4k4l3d]

These are the settings that i am using for MSEdge , since i set these settings , i do not get any detection notification. I start having them back and quarantined virus' when i reset settings of MSEdge.

With those settings MSEdge is not usable , just temporary solution for the problem.

[M4k4l3d]

I solved the problem , anyone experiencing same.  If you are using your microsoft account on multiple PCs and if you have had extensions,apps which were containing malware. Removing extension  on one PC might not remove extension from EDGE's that are installed in another PC that you login with ur microsoft account or u use ur microsoft account for logging into MSEdge. 

So basically open each PC and remove extension from Edge manually.

My own personal suggestion : Use MsEdge without extensions because your safety is not guaranteed when you get any extensions from extension store, microsoft is not doing enough security checks. It is 2nd time it is happening to me. There is nothing shady , floating video extension contains malware... Store admits that extension contains malware. I am not saying it, they say it. Do not think like you are safe because you are getting extensions from store.

Edited September 17, 2023 by M4k4l3d

[ElNoSabe322]

Even I'm facing the same issue. I've kept the same Edge settings as you, I have removed all extensions from Edge. I've run a quick scan and a full scan and nothing has been detected so far. (I did have a virus attack a while ago, but I think I've removed all traces of it with Kaspersky; the new scans show no traces of any virus.
I've no idea what to do now. Even the temporary solution of blocking all cookies does not seem to work for me because every time I open Edge I get this same notification and the file is subsequently deleted but I'm confused about what to do.

I only use Edge on one PC so it is not sycned anywhere else.

Edge version: 118.0.2088.76

OS: Windows 10, Version 22H2, OS Build 19045.3570

Kaspersky version: 21.14.5.462

Do you have any suggestions about the same?@harlan4096

Thanking you in advance.

Edited October 28, 2023 by ElNoSabe322
Added version numbers

[harlan4096]

Do You have several users accounts in the system?

 

Try also running a reset of the Edge settings, delete all add-ons.

[geoeli58]

I am not very tech savvy this topic seems similar to my concern, since it is about add-ons which I don't really know anything about and I don't know anything about add- on settings, except we have a few computers that use edge and google browsers and we continue to get messages on the browser to enable "Kaspersky add-on" is this really something we should do and is it part of Kaspersky features?  I am asking because I just read about another anti virus program that is being used to trick people with fake security alerts, etc. Does my question make sense? Does it belong on this post?  I checked FAQ's and could find nothing about this. 

 

Thanks for any help

[harlan4096]

Kaspersky Protection it's a legit add-on / extension from Kaspersky.

[geoeli58]

OK so when our browsers ask to enable Kaspersky add-on protection we should say yes?  Is there any FAQ on what this does, does it slow down the browser what does it block?  IF not enabled Kaspersky still monitors if we click on bad website because we do get warnings saying, so what does the add on do?

[harlan4096]

Check this link: https://support.kaspersky.com/help/Kaspersky/Win21.15/en-US/97156.htm

[ElNoSabe322]

On 10/28/2023 at 12:32 PM, harlan4096 said:

Do You have several users accounts in the system?

 

Try also running a reset of the Edge settings, delete all add-ons.

No it was just one account and that was me.

I did all these things. Still didn't help. In the end, I simply uninstalled Edge, I don't think there was any other solution for me. Well that seemed to have stopped these Trojans for now. 

[Guest]

On 9/18/2023 at 12:21 AM, M4k4l3d said:

My own personal suggestion : Use MsEdge without extensions because your safety is not guaranteed when you get any extensions from extension store, microsoft is not doing enough security checks. It is 2nd time it is happening to me. There is nothing shady , floating video extension contains malware... Store admits that extension contains malware. I am not saying it, they say it. Do not think like you are safe because you are getting extensions from store.

Are you referring to the MS Store or Google's own extension store for Chrome? You should always use the latter, even on Edge. It works on all Chromium browsers.

[Guest]

11 hours ago, ElNoSabe322 said:

No it was just one account and that was me.

I did all these things. Still didn't help. In the end, I simply uninstalled Edge, I don't think there was any other solution for me. Well that seemed to have stopped these Trojans for now. 

Uninstalling Edge brought far-reaching repercussions for me when I tried it a year ago. It completely blocked cumulative updates, for some reason. I would just not use it instead of bothering to remove it. Microsoft made it an integral part of the operating system, and I don't really agree with that, but what can you do. Their OS, not mine...

[harlan4096]

It is probably a false positive, or a browser extension...

[ElNoSabe322]

8 hours ago, Crylune said:

Uninstalling Edge brought far-reaching repercussions for me when I tried it a year ago. It completely blocked cumulative updates, for some reason. I would just not use it instead of bothering to remove it. Microsoft made it an integral part of the operating system, and I don't really agree with that, but what can you do. Their OS, not mine...

True.... funny now that you said I'm slowly starting to see that my OS is falling apart beginning with the quick access history being erased upon system restart, windows spotlight failing to load, and of course the classic - longer boot times. 😭

My feelings exactly. The only reason why I'm holding on to Windows is cause of Office 365. Apart from that the whole OS is whack (sorry to Windows fans). On a side note, is Kaspersky available for Linux users?

[ElNoSabe322]

1 hour ago, harlan4096 said:

It is probably a false positive, or a browser extension...

False positive? Hmm... maybe? But considering that I did attacked, my paranoia forces me to think otherwise 😖

Or yeah maybe some hidden browser extension that I couldn't see or remove.

[Flood and Flood's wife]

19 minutes ago, ElNoSabe322 said:

is Kaspersky available for Linux users?

Hello  @ElNoSabe322, 

Thank you for posting back!

According to @Yury N., 

Reference topic: home free for linux, by safeAnonym:

qte:

"We working under a free Kaspersky Virus Removal Tool for Linux (KVRT for Linux). Expected in April - May 2024."

Endqte. 

Thank you🙏
Flood🐳+🐋

[harlan4096]

1 hour ago, ElNoSabe322 said:

False positive? Hmm... maybe? But considering that I did attacked, my paranoia forces me to think otherwise 😖

Or yeah maybe some hidden browser extension that I couldn't see or remove.

Try this:

 

1.- Download https://www.malwarebytes.com/adwcleaner?lr

 

2.- Run a scan, and pasted here in Your next post, the results.

[ElNoSabe322]

6 hours ago, harlan4096 said:

Try this:

 

1.- Download https://www.malwarebytes.com/adwcleaner?lr

 

2.- Run a scan, and pasted here in Your next post, the results.

1) Done. Thank you for the link.
2) I've attached the screenshots and I've also pasted the log below. I did not remove the preinstalled Acer files as these were from the OEM and I use some of their features.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-13-2023
# Duration: 00:00:00
# OS:       Windows 10 (Build 19045.3636)
# Cleaned:  3
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [12271 octets] - [13/11/2023 19:25:05]
AdwCleaner[S00].txt - [4009 octets] - [13/11/2023 19:25:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[ElNoSabe322]

7 hours ago, Flood and Flood's wife said:

Hello  @ElNoSabe322, 

Thank you for posting back!

According to @Yury N., 

Reference topic: home free for linux, by safeAnonym:

qte:

"We working under a free Kaspersky Virus Removal Tool for Linux (KVRT for Linux). Expected in April - May 2024."

Endqte. 

Thank you🙏
Flood🐳+🐋

@Flood and Flood's wifeThank you for sharing this. Looking forward to this. 🙏

[harlan4096]

Still getting the heur detection?

[ElNoSabe322]

On 11/14/2023 at 11:07 AM, harlan4096 said:

Still getting the heur detection?

Well, I uninstalled Edge so nothing is appearing. I haven't installed it back again. I think I might have to do a full system reset before installing it.

Also, I forgot to say this but back then whenever, the browser was opened, a request would be made to an unknown code.yengo.com site. Upon checking it with virus total, it seems to be an ad-ware site thereby indicating that remnants were still present (possibly). (Note: this happened after resetting the browser and removing all extensions and 3rd party cookies.)

 

I haven't seen anything pop up about this or heuristic detections since Edge was uninstalled. I pasted the hash of the file and VT couldn't detect it (unfortunately). I think I will run like this without Edge for a while... maybe after I do a system reset (fresh OS installation) and re-install Edge probably this madness will end. 

Here's the log of the detected object:
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: ea88397a-f7fd-473c-8e26-900e49980bc2.tmp
MD5 of an object: 85382C4B24A2E5FE4D9FF43BBF6FA00F
Reason: Expert analysis
Databases release date: 28-Oct-23 8:00:00 AM


I hope KAV could look into this matter and update their DBs (if this is a genuine case) so that all the traces of the malware can be removed. 

[harlan4096]

That code . yengo . com is down and probably outdated certificate (that's why the SSL warning), so something related to Edge was accessing to that site...

 

Similar cases with BD and other users:

 

Be careful to click over the last link there about linkedin, very suspicious and does not explain anything nor any data there.