Malicious object detected: wpad.dat, wpad.domain.name, Trojan.Script.Agent.dc [merged]

[serval1959]

I’m receiving tons of notification (every 10 min) of Event: Malicious object detected about wpad.dat, wpad.domain.name, Trojan.Script.Agent.dc.

 

Event: Malicious object detected
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Detected
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
 

Virus Scan does not find anything. I need a suggestion about what I can do to stop it. Thank a lot

[Wesly.Zhang]

Hello,

Please pause KL protection and download the file:

http://wpad.domain.name/wpad.dat

 

Please zip and using a password “infected” without quote and sent it to KL support. If you don’t want to do it by yourself, You can send it to me via PM. Share the file download url to me.

After do that, Please enable KL protection again.

Regards.

[Younes]

every minute i get this pop up and it’s annoys me and kasperskey can’t delete it what can i do please help i attached the report below 

[Younes]

i am facing the same probleme today can someone report this to kasperskey 

 

 

[Younes]

Hello,

Please pause KL protection and download the file:

http://wpad.domain.name/wpad.dat

 

Please zip and using a password “infected” without quote and sent it to KL support. If you don’t want to do it by yourself, You can send it to me via PM. Share the file download url to me.

After do that, Please enable KL protection again.

Regards.

but if i did download it it will infect my computer ????

 

[MARWAN]

During the last two days, kaspersky is constantly notifying me about malicious object detected and download denied.

it is getting frustrating since it is doing anything about it and I is disturbing my work.

this is what I get:

Event: Download denied
User: DESKTOP-9JS93UU\hp
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 3/25/2021 5:25:00 PM

[Younes]

Yo bro we are three People now facing the  same problème  your name is marwane you from morocco ? 

[Younes]

During the last two days, kaspersky is constantly notifying me about malicious object detected and download denied.

it is getting frustrating since it is doing anything about it and I is disturbing my work.

this is what I get:

Event: Download denied
User: DESKTOP-9JS93UU\hp
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 3/25/2021 5:25:00 PM

U from morocco ?i have the same prob since two days too we are three People now here

[Flood and Flood's wife]

Hello @serval1959, @MARWAN & @Younes, 

While you’re waiting for @Wesly.Zhang, please do the following:

1. Check the detected object using Kaspersky Open Threat portal, and select the Submit to reanalyze option, add your email address & comments to send to Kaspersky experts for further analysis.
2. Log a case with Kaspersky Technical Support, fill in the Malware, False positive template; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, & the zipped file:

 

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.

Please share the outcome with the Community when it’s available? 

Thank you🙏

Flood🐳+🐋

[Berny]

@serval1959 @Younes  @MARWAN 

Can you please run AdwCleaner as ADMIN and provide the Log. 

⚠️ Please don’t clean eventual detections ⚠️

[Wesly.Zhang]

Hello,

Please pause KL protection and download the file:

http://wpad.domain.name/wpad.dat

 

Please zip and using a password “infected” without quote and sent it to KL support. If you don’t want to do it by yourself, You can send it to me via PM. Share the file download url to me.

After do that, Please enable KL protection again.

Regards.

but if i did download it it will infect my computer ????

 

Hello,

It couldn’t infect your computer.

Regards.

[Igor Kurzin]

Hi @serval1959 , @Younes , @MARWAN , 

Did you have a chance to submit a ticket to technical support? Please share with me the incident number. 

[Wesly.Zhang]

Hello,

I guess the wpad.dat file maybe include google url Web Proxy. such as:

    function FindProxyForURL(url, host)
    {
        if (isPlainHostName(host)(host, ".google.com"))
            return "DIRECT";
            return “PROXY any IP: any PORT”;
        else if....
    }

Telecom operators send this file to you. Please check whether you enable Web Proxy Auto Discovery function in the Internet Options → Connections → LAN settings.

Regards.

[MARWAN]

 

 

 

During the last two days, kaspersky is constantly notifying me about malicious object detected and download denied.

it is getting frustrating since it is doing anything about it and I is disturbing my work.

this is what I get:

Event: Download denied
User: DESKTOP-9JS93UU\hp
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 3/25/2021 5:25:00 PM

U from morocco ?i have the same prob since two days too we are three People now here

YES I AM

 

[Alfa Kid]

I’m receiving tons of notification (every 10 min) of Event: Malicious object detected.

Event: Malicious object detected
User: AM17XR3-SER\sergio
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Detected
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 2021-03-24 06:10:00

Virus Scan does not find anything. I need a suggestion about what I can do to stop it. Thank a lot

I’m experiencing the exact same problem since the last three days

@serval1959 @Younes @MARWAN Please let me know when you find out how to resolve the issue. 

[ErjonKoci]

Me too, is kasperky broken or smth!?

I even sended the file at virustotal and it was clean but smh im getting the notifications over and over

[Flood and Flood's wife]

Hello @serval1959, @MARWAN & @Younes, @Alfa Kid & @ErjonKoci, 

Has anyone logged a case with Kaspersky Technical Support & provided the INC reference # to @Igor Kurzin? If “no”, please do the following: 

Log a case with Kaspersky Technical Support, fill in the Malware, False positive template; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, & the zipped file:

 

• 🔴 Share the INC reference # with @Igor Kurzin please? 

---

&, has anyone followed @Berny’s request: 

Please run AdwCleaner as ADMIN and provide the Log?  

⚠ Please don’t clean eventual detections ⚠

Thank you🙏

Flood🐳+🐋

[Younes]

Hi @serval1959 , @Younes , @MARWAN , 

Did you have a chance to submit a ticket to technical support? Please share with me the incident number. 

 

Thank you for your help 

[Younes]

1

[ErjonKoci]

I will try to do the adw scan

[ErjonKoci]

Hi @serval1959 , @Younes , @MARWAN , 

Did you have a chance to submit a ticket to technical support? Please share with me the incident number. 

 

Thank you for your help 

yeah, Generic crap just switch service (I was loosing faith after I got ransomwared with kas as my defender)

[Hamza.I]

Hello,

 

Same issue here ( from morocco if it can help)

[Berny]

For all those who are encountering this issue please contact Kaspersky Technical Support 

https://my.kaspersky.com/techsupport#/requests/new 

[ErjonKoci]

I think the issue is with the router (I’m not from morocco) but since I turned nord vpn on I’m not receiving messages by Kas. (My router has problems with steam too)

[Younes]

hello guys (im from morocco) i just contacted Kaspersky Technical Support and after 3 days of discussion they find out that the problem is with the router (i have a D-Link one) 

here is their solution but i don’t know how to do it 

“We have just received an update from the experts. It appears that your router was likely compromised. The wpad.dat file is likely being served from there.

Please examine the configuration of the router or reset it back to defaults to reconfigure from scratch after + patch the software on it”