Malicious object detected: HEUR:Trojan.Multi.Misslink.a

Wednesday at 07:46 AM

I got a notification around 2.55pm today (20 Nov 2024) from Kaspersky saying malicious object detected: HEUR:Trojan.Multi.Misslink.a

I clicked on it too clickly and was not able to check what the detection item actually was, to diagnose where it came from.

Here are the 3 logs for disinfection:

Quote

    Event: Malicious object detected
    User: DESKTOP-733BC02\TRN
    User type: Active user
    Component: Virus Scan
    Result: Detected
    Result description: Detected
    Type: Trojan
    Name: HEUR:Trojan.Multi.Misslink.a
    Precision: Exactly
    Threat level: High
    Object type: File
    Object name: Run:Steam
    Object path: reg:\HKU\S-1-5-21-2532791771-2465090974-211415688-1000\Software\Microsoft\Windows\CurrentVersion
    Reason: Expert analysis
    Databases release date: Today, 20/11/2024 1:03:00 pm

Quote

    Event: Object disinfected
    User: DESKTOP-733BC02\TRN
    User type: Active user
    Component: Virus Scan
    Result: Disinfected
    Result description: Disinfected
    Type: Trojan
    Name: HEUR:Trojan.Multi.Misslink.a
    Precision: Exactly
    Threat level: High
    Object type: File
    Object name: Run:Steam
    Object path: reg:\HKU\S-1-5-21-2532791771-2465090974-211415688-1000\Software\Microsoft\Windows\CurrentVersion

Quote

    Event: Task completed
    Application name: avp.exe
    Application path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19
    User: DESKTOP-733BC02\TRN
    User type: Active user
    Component: Virus Scan
    Result: Task completed

How or what can I check or use to determine the source of this registry key that was so threatening? I want to know what malicious launch activity it was doing while disguising itself with Run:Steam.

Wednesday at 10:03 AM

@MisslinkQn Welcome

Quote

Object path: reg:\HKU\S-1-5-21-2532791771-2465090974-211415688-1000\Software\Microsoft\Windows\CurrentVersion

Hard to tell 🤔 , i found ↓ this ↓ which is related to [SearchForm.ComboBoxKey]

Spoiler

2024-11-22T09:34:42Z

On 11/20/2024 at 6:03 PM, Berny said:

@MisslinkQn Welcome

Hard to tell 🤔 , i found ↓ this ↓ which is related to [SearchForm.ComboBoxKey]

Hide contents

Apologies but I'm not really familiar with registry specifics so I'm not sure what this means?

How would I use this to dig deeper/further

Edited yesterday at 09:35 AM by MisslinkQn

2024-11-22T10:10:03Z

@MisslinkQn

During the install applications are creating registry keys. In your case, locating the malicious object related to a Reg Key after a Kaspersky detection and disinfection is not possible

Spoiler

2024-11-23T13:00:19Z

On 11/22/2024 at 6:10 PM, Berny said:

@MisslinkQn

During the install applications are creating registry keys. In your case, locating the malicious object related to a Reg Key after a Kaspersky detection and disinfection is not possible

Hide contents

I am just trying to figure out if it was a false positive, or if something that I had recently installed had genuinely created a malicious entry.

Kaspersky has been known to false flag many of my code caved client/exe in the past, I am trying to determine if I experienced a genuine intrustion or not

2024-11-23T13:16:36Z

@MisslinkQn

15 minutes ago, MisslinkQn said:

I am just trying to figure out if it was a false positive

Please see : False detections by Kaspersky applications. What to do?

2024-11-23T17:25:41Z

4 hours ago, Berny said:

@MisslinkQn

Please see : False detections by Kaspersky applications. What to do?

How do I submit the reg key for reanalysis if it's been deleted lol

In the first place I don't even know if it was a real threat, bc it's gone

2024-11-23T17:33:29Z

@MisslinkQn

You have to submit one of your codes in the past ?

Malicious object detected: HEUR:Trojan.Multi.Misslink.a

Recommended Posts

MisslinkQn

Berny

MisslinkQn

Berny

MisslinkQn

Berny

MisslinkQn

Berny

Please sign in to comment

Forum

Products

Support

Personal Account