not-a-virus:HEUR:AdWare.Script.Redirect.gen in sites

[harlan4096]

Enable VirusTotal in tool AutoRuns, some links:

 

https://isc.sans.edu/diary/19933

 

https://github.com/securitywithoutborders/guide-to-quick-forensics/blob/master/windows/autoruns.md

[4343]

Thanks,

I will read them and use autoruns tomorrow

 

[4343]

I have run autoruns now. So what is the next step? I don`t have the computer knowledge to know if something is suspicious or not.

 

[harlan4096]

You should have a new column in Your AutoRuns called Virustotal, that shows if that object line has some detections in that online service.

 

You can do the same with tool Process Explorer:

 

 

This tool shows and analyses all the processes running in Your system. THat will add also a new column for VirusTotal service, thay will show the possible detection of every service/process running.

[4343]

In the Virustotal column all processes are showing 0/77 or error

 

[harlan4096]

Are You using torrent tools?

 

[4343]

What do you mean? If I use a torrent client?

 

[harlan4096]

Yes.

 

[4343]

I use qbittorrent.

There are 6 processes marked with red color because they are not verified.

 

[harlan4096]

And are you using that torrent site to download contents?

 

Can You provide capture of those processes in red?

[4343]

.

 

[harlan4096]

The 1st 3 are related to Bluetooth drivers, the 4th belongs to Kaspersky.

 

In 2nd pic, that red dll is clean.

 

What about Process Explorer info while reproducing the detection of that site?

[4343]

I don`t understand your last question

 

[harlan4096]

 

Did you enable this in Process Explorer? If so, please reproduce the detection with Process Explorer Running.

[4343]

Done that. But what do I look for?

All chrome processes show 0/77

Edited 2 hours ago by 4343

[harlan4096]

Don't check Chrome processes, but all running at that moment in Your system.

[4343]

all processes are 0/76 or "A device attached to the system is not functioning " or "the system can not find the specific file"