Jump to content
Kaspersky Support Forum

Kaspersky flagging a repeated download

Blinx

By Blinx
in Virus and Ransomware related questions

 Share

Recommended Posts

Blinx

Blinx

Posted
Posted

Hey everyone,

Tonight when I search on Google via chrome, 3 times I’ve had below pop up, I’ve never seen it before:

 

HEUR:Trojan-Clicker Script GhostPlugin.gen

 

It tells me it’s a Trojan type and that the object is: https://youronlinesearches.com/script/r.php?a=3201&uid=52863x0000xzzz7.

ZZZZZZZZZ

 

However Kaspersky tells me that it has blocked the download each time, this while I’m on Google via chrome, I’ve never seen this before and the only sites I go on are legit ones.

 

I have done a quick scan and it comes back with nothing found, Kaspersky tell me:

 

Event: Malicious object detected

User: ***** (I’m not inc this for privacy)

Usertype: Initiator

Application name: chrome.exe

Application path: C:\Program Files|Google|Chrome/Application

Component: Safe Browsing

Result description: Detected

Type: Trojan

 

 

Can anyone help?

 

 

IMG_8153.jpeg

IMG_8152.jpeg

Berny

Berny

Posted
Posted

@Blinx Welcome 

Please disable / enable one by one your Chrome extensions ?

  • Like 1
Blinx

Blinx

Posted
  • Author
Posted
6 hours ago, Berny said:

@Blinx Welcome 

Please disable / enable one by one your Chrome extensions ?

I have since gone into chrome & reset it, removing all extensions except all googles pre-installed ones and Kaspersky. I have also gone into the user local folder > Google > Chrome > Extensions and deleted any remaining folders after that reset


The only extensions I had installed very volume recorder & volume boost that I had for months all with high user rating & recommended.

 

However when I went into the user local extensions folder for chrome there were folders left after reset, which I deleted, could it of been any of those?

harlan4096

harlan4096

Posted
Posted

Probably, still you can run tool AdwCleaner, and see what it finds... also check Chrome Synchronization feature if enabled, it can revert some malicious extension.

  • Like 1
Blinx

Blinx

Posted
  • Author
Posted
31 minutes ago, harlan4096 said:

Probably, still you can run tool AdwCleaner, and see what it finds... also check Chrome Synchronization feature if enabled, it can revert some malicious extension.

I’m guessing AdwCleaner is a separate program? Also where do I find the Chrome Synchronization feature?

  • Like 1
Blinx

Blinx

Posted
  • Author
Posted
1 hour ago, harlan4096 said:

Yes: https://adwcleaner.malwarebytes.com/adwcleaner?channel=release

 

Run it, and copy/paste the scan result log here, before removing anything.

 

https://support.google.com/chrome/answer/185277?hl=en-GB&co=GENIE.Platform%3DDesktop&sjid=14195971132183084704-EU

This was the Adwcleaner result. After the can I pressed on quarantine

 

# -------------------------------
# Malwarebytes AdwCleaner 8.6.0.613
# -------------------------------
# Build:    08-19-2025
# Database: 2025-08-19.3 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-21-2025
# Duration: 00:00:00
# OS:       Windows 11 (Build 26100.6584)
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1497 octets] - [21/09/2025 12:35:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

  • Like 1
harlan4096

harlan4096

Posted
Posted

Looks quite clean.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...