Jump to content

Malicious object detected: wpad.dat, wpad.domain.name, Trojan.Script.Agent.dc [merged]


Recommended Posts

I’m receiving tons of notification (every 10 min) of Event: Malicious object detected about wpad.dat, wpad.domain.name, Trojan.Script.Agent.dc.

 

Event: Malicious object detected
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Detected
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
 

Virus Scan does not find anything. I need a suggestion about what I can do to stop it. Thank a lot

Link to comment
Share on other sites

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Hello,

Please pause KL protection and download the file:

http://wpad.domain.name/wpad.dat

 

Please zip and using a password “infected” without quote and sent it to KL support. If you don’t want to do it by yourself, You can send it to me via PM. Share the file download url to me.

After do that, Please enable KL protection again.

Regards.

Link to comment
Share on other sites

Hello,

Please pause KL protection and download the file:

http://wpad.domain.name/wpad.dat

 

Please zip and using a password “infected” without quote and sent it to KL support. If you don’t want to do it by yourself, You can send it to me via PM. Share the file download url to me.

After do that, Please enable KL protection again.

Regards.

but if i did download it it will infect my computer ????

 

Link to comment
Share on other sites

During the last two days, kaspersky is constantly notifying me about malicious object detected and download denied.

it is getting frustrating since it is doing anything about it and I is disturbing my work.

this is what I get:

Event: Download denied
User: DESKTOP-9JS93UU\hp
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 3/25/2021 5:25:00 PM

Link to comment
Share on other sites

During the last two days, kaspersky is constantly notifying me about malicious object detected and download denied.

it is getting frustrating since it is doing anything about it and I is disturbing my work.

this is what I get:

Event: Download denied
User: DESKTOP-9JS93UU\hp
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 3/25/2021 5:25:00 PM

U from morocco ?i have the same prob since two days too we are three People now here

Link to comment
Share on other sites

Hello @serval1959, @MARWAN & @Younes

While you’re waiting for @Wesly.Zhang, please do the following:

  1. Check the detected object using Kaspersky Open Threat portaland select the Submit to reanalyze option, add your email address & comments to send to Kaspersky experts for further analysis.
  2. Log a case with Kaspersky Technical Support, fill in the Malware, False positive template; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, & the zipped file:

 

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.

Please share the outcome with the Community when it’s available? 

Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites

Hello,

Please pause KL protection and download the file:

http://wpad.domain.name/wpad.dat

 

Please zip and using a password “infected” without quote and sent it to KL support. If you don’t want to do it by yourself, You can send it to me via PM. Share the file download url to me.

After do that, Please enable KL protection again.

Regards.

but if i did download it it will infect my computer ????

 


Hello,

It couldn’t infect your computer.

Regards.

Link to comment
Share on other sites

Hello,

I guess the wpad.dat file maybe include google url Web Proxy. such as:

    function FindProxyForURL(url, host)
{
if (isPlainHostName(host)(host, ".google.com"))
return "DIRECT";
return “PROXY any IP: any PORT”;
else if....
}

Telecom operators send this file to you. Please check whether you enable Web Proxy Auto Discovery function in the Internet Options → Connections → LAN settings.

Regards.

Link to comment
Share on other sites

 

 

 

During the last two days, kaspersky is constantly notifying me about malicious object detected and download denied.

it is getting frustrating since it is doing anything about it and I is disturbing my work.

this is what I get:

Event: Download denied
User: DESKTOP-9JS93UU\hp
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 3/25/2021 5:25:00 PM

U from morocco ?i have the same prob since two days too we are three People now here

YES I AM

 

Link to comment
Share on other sites

I’m receiving tons of notification (every 10 min) of Event: Malicious object detected.

Event: Malicious object detected
User: AM17XR3-SER\sergio
User type: Active user
Application name: svchost.exe
Application path: C:\Windows\System32
Component: Web Anti-Virus
Result description: Detected
Type: Trojan
Name: Trojan.Script.Agent.dc
Precision: Exactly
Threat level: High
Object type: File
Object name: wpad.dat
Object path: http://wpad.domain.name
MD5: 929C83988AAD1EF14994044D8C1175F6
Reason: Databases
Databases release date: Today, 2021-03-24 06:10:00

Virus Scan does not find anything. I need a suggestion about what I can do to stop it. Thank a lot

I’m experiencing the exact same problem since the last three days

@serval1959 @Younes @MARWAN Please let me know when you find out how to resolve the issue. 

Link to comment
Share on other sites

Hello @serval1959@MARWAN & @Younes@Alfa Kid & @ErjonKoci

Has anyone logged a case with Kaspersky Technical Support & provided the INC reference # to @Igor Kurzin? If “no”, please do the following: 

Log a case with Kaspersky Technical Support, fill in the Malware, False positive template; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, & the zipped file:

 

 

  • 🔴 Share the INC reference # with @Igor Kurzin please? 

&, has anyone followed @Berny’s request: 

Please run AdwCleaner as ADMIN and provide the Log?  

⚠ Please don’t clean eventual detections ⚠

Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites

hello guys (im from morocco) i just contacted Kaspersky Technical Support and after 3 days of discussion they find out that the problem is with the router (i have a D-Link one) 

here is their solution but i don’t know how to do it 

“We have just received an update from the experts. It appears that your router was likely compromised. The wpad.dat file is likely being served from there.

Please examine the configuration of the router or reset it back to defaults to reconfigure from scratch after + patch the software on it”

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now



×
×
  • Create New...