not-a-virus:HEUR:AdWare.Script.Redirect.gen in sites

Tuesday at 06:54 PM

Enable VirusTotal in tool AutoRuns, some links:

https://isc.sans.edu/diary/19933

https://github.com/securitywithoutborders/guide-to-quick-forensics/blob/master/windows/autoruns.md

Tuesday at 07:08 PM

Thanks,

I will read them and use autoruns tomorrow

2025-06-25T10:20:31Z

I have run autoruns now. So what is the next step? I don`t have the computer knowledge to know if something is suspicious or not.

2025-06-25T10:27:39Z

You should have a new column in Your AutoRuns called Virustotal, that shows if that object line has some detections in that online service.

You can do the same with tool Process Explorer:

This tool shows and analyses all the processes running in Your system. THat will add also a new column for VirusTotal service, thay will show the possible detection of every service/process running.

2025-06-25T10:33:21Z

In the Virustotal column all processes are showing 0/77 or error

2025-06-25T10:33:57Z

Are You using torrent tools?

2025-06-25T10:38:27Z

What do you mean? If I use a torrent client?

2025-06-25T10:41:10Z

Yes.

2025-06-25T10:57:37Z

I use qbittorrent.

There are 6 processes marked with red color because they are not verified.

2025-06-25T11:01:19Z

And are you using that torrent site to download contents?

Can You provide capture of those processes in red?

2025-06-25T11:20:23Z

.

2025-06-25T11:33:52Z

The 1st 3 are related to Bluetooth drivers, the 4th belongs to Kaspersky.

In 2nd pic, that red dll is clean.

What about Process Explorer info while reproducing the detection of that site?

2025-06-25T11:53:22Z

I don`t understand your last question

2025-06-25T11:55:48Z

Did you enable this in Process Explorer? If so, please reproduce the detection with Process Explorer Running.

2025-06-25T12:08:07Z

Done that. But what do I look for?

All chrome processes show 0/77

Edited yesterday at 12:10 PM by 4343

2025-06-25T12:12:16Z

Don't check Chrome processes, but all running at that moment in Your system.

2025-06-25T12:20:21Z

all processes are 0/76 or "A device attached to the system is not functioning " or "the system can not find the specific file"

2025-06-26T07:23:12Z

Check also if You have enabled notifications (in Your Chrome) for that site.

Probably, one of Your legit apps is accessing to that site.

2025-06-26T09:03:49Z

My notification settings are off, so no sites are allowed to send notifications

2025-06-26T19:08:03Z

There is another user with a similar behavior:

2025-06-26T20:15:50Z

I get the same warning if I click on a torrent on 1337x as well.

2025-06-26T20:19:54Z

That detection is correct.

not-a-virus:HEUR:AdWare.Script.Redirect.gen in sites

Recommended Posts

harlan4096

4343

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

4343

harlan4096

Please sign in to comment

Forum

Products

Support

Personal Account