Malicious object detected: HEUR:Trojan.Multi.Misslink.a

[MisslinkQn]

I got a notification around 2.55pm today (20 Nov 2024) from Kaspersky saying malicious object detected: HEUR:Trojan.Multi.Misslink.a

I clicked on it too clickly and was not able to check what the detection item actually was, to diagnose where it came from.

Here are the 3 logs for disinfection:

Quote

    Event: Malicious object detected
    User: DESKTOP-733BC02\TRN
    User type: Active user
    Component: Virus Scan
    Result: Detected
    Result description: Detected
    Type: Trojan
    Name: HEUR:Trojan.Multi.Misslink.a
    Precision: Exactly
    Threat level: High
    Object type: File
    Object name: Run:Steam
    Object path: reg:\HKU\S-1-5-21-2532791771-2465090974-211415688-1000\Software\Microsoft\Windows\CurrentVersion
    Reason: Expert analysis
    Databases release date: Today, 20/11/2024 1:03:00 pm

Quote

    Event: Object disinfected
    User: DESKTOP-733BC02\TRN
    User type: Active user
    Component: Virus Scan
    Result: Disinfected
    Result description: Disinfected
    Type: Trojan
    Name: HEUR:Trojan.Multi.Misslink.a
    Precision: Exactly
    Threat level: High
    Object type: File
    Object name: Run:Steam
    Object path: reg:\HKU\S-1-5-21-2532791771-2465090974-211415688-1000\Software\Microsoft\Windows\CurrentVersion

Quote

    Event: Task completed
    Application name: avp.exe
    Application path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19
    User: DESKTOP-733BC02\TRN
    User type: Active user
    Component: Virus Scan
    Result: Task completed

How or what can I check or use to determine the source of this registry key that was so threatening? I want to know what malicious launch activity it was doing while disguising itself with Run:Steam.

[Berny]

@MisslinkQn Welcome

Quote

 Object path: reg:\HKU\S-1-5-21-2532791771-2465090974-211415688-1000\Software\Microsoft\Windows\CurrentVersion

Hard to tell 🤔 , i found ↓ this ↓ which is related to [SearchForm.ComboBoxKey]

Spoiler