Jump to content

Questions on Trojan.Multi.BroSubsc.gen


SlimeMine349

Recommended Posts

SlimeMine349

My antivirus software Kaspersky detected a file in the system memory that is called "Trojan.Multi.BroSubsc.gen". Is this a false positive or is this adware or an actual trojan? See the attachment below. Thanks!image.png.1d6b0ec24c2bcadf6be8a091bc30d6cc.png

Link to comment
Share on other sites

SlimeMine349

Hi, thank you for responding. I couldn't find any other forum or discussion that talked about whether or not this detection is a false positive, adware, or an actual trojan? Since Kaspersky is the only one picking this up, I was wondering what it was really.

Link to comment
Share on other sites

@SlimeMine349 Your are welcome.

Please see Kaspersky Threats → Trojan.Multi.BroSubsc
"Malware of this family is installed on browsers deceptively after the user visits fraudulent or advertising resources.
This malware displays advertising messages even if a browser is inactive."

Kaspersky blocked the malicious object before it reached your browser.
Are you still getting unwanted adds ?
Can you please check your reports and post a screenshot from the detection.

Link to comment
Share on other sites

SlimeMine349

Hi,

I never got any unwanted ads ever so that's what's really confusing me. Beyond unwanted ads, does the malware give backdoor access? That's my biggest concern. Attached below is the photo of my detection screenshot from logs.

image.png.1d6b0ec24c2bcadf6be8a091bc30d6cc.png

Link to comment
Share on other sites

@SlimeMine349

Please download and run AdwCleaner (*) as ADMIN.
 
1)  ⚠️ Don’t fix eventual detections
2) Please attach the TXT Log in your next post

(*) No installation required.
Link to comment
Share on other sites

SlimeMine349
On 6/25/2023 at 6:26 PM, Xeno2ig said:

I think that detection is Ransomware, but if your files arent encrypted your fine.

Your probably clean

If the detection is ransomware, and my files aren't encrypted, does this mean my detection was a false positive?

Edited by SlimeMine349
Link to comment
Share on other sites

@SlimeMine349

5 hours ago, SlimeMine349 said:

How do I get the TXT log? I don't see an option.

Please see screenshot below.
→ Click "View Scan Log File"
→ Save the TXT file
→ Attach the TXT file in your next post

Spoiler

adw_cleaner.thumb.jpg.f742eb978dcfcce810fde57a07f9bdd0.jpg

 

Link to comment
Share on other sites

@SlimeMine349

5 hours ago, SlimeMine349 said:

Does this mean my detection was a false positive?

Ransomware  encrypts files and renames the files by changing their extension,
also all encrypted files cannot be opened any more.
Only Kaspersky Virus Lab can confirm or deny a False Positive.
 

Kaspersky Threats is classifying Trojan.Multi.BroSubsc as malware installed on Browsers.
An AdwCleaner  Log could provide more details about your issue, please don't clean eventual detection !

Link to comment
Share on other sites

Just go to your browser's site settings and disable notification access for unfamiliar sites (or better yet, all of them). That's all, you don't need anything else, it's not a ransomware.

Link to comment
Share on other sites

SlimeMine349
On 6/27/2023 at 5:15 AM, Berny said:

@SlimeMine349

Please see screenshot below.
→ Click "View Scan Log File"
→ Save the TXT file
→ Attach the TXT file in your next post

  Hide contents

adw_cleaner.thumb.jpg.f742eb978dcfcce810fde57a07f9bdd0.jpg

 

Hi, in my original post that started this thread, the screenshot of my detection also showed that I disinfected and cured the Trojan.Multi.brosubsc.gen detection already. Do you want me to post a screenshot of a scan again but in Malwarebytes Adware cleaner?

Link to comment
Share on other sites

SlimeMine349
On 6/27/2023 at 5:15 AM, Berny said:

@SlimeMine349

Please see screenshot below.
→ Click "View Scan Log File"
→ Save the TXT file
→ Attach the TXT file in your next post

  Hide contents

adw_cleaner.thumb.jpg.f742eb978dcfcce810fde57a07f9bdd0.jpg

 

I still have the original report from the screenshot that started this thread that's in the ENC1 file extension, but it won't let me submit it here because the file type isn't accepted.

Link to comment
Share on other sites

SlimeMine349

This is my log.

Spoiler

 # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https ://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-30-2023
# Duration: 00:00:08
# OS:       Windows 10 (Build 19045.3086)
# Scanned:  32098
# Detected: 28


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\APN PIP
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wlkyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wlkyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKLM\Software\Classes\Interface
PUP.Optional.Legacy             HKLM\Software\Classes\Interface
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\
PUP.Optional.WinRepairPro       HKCU\Software\win

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             Sprucemarks - fakeocdnmmmnokabaiflppclocckihoj

***** [ Chromium URLs ] *****

Adware.SearchDimension          Search Dimension
Adware.SearchDimension          Search Dimension

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkService   Folder   C:\Program Files (x86)\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\
Preinstalled.DellCustomerConnect   Folder   C:\Program Files (x86)\DELL CUSTOMER CONNECT
Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall
Preinstalled.DellFoundationServices   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALIENWARE\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\ALIENWARE UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

 

 

Link to comment
Share on other sites

SlimeMine349

Got it! So, my question is was Trojan.Multi.BroSubsc an actual Trojan that gave backdoor access?

Link to comment
Share on other sites

  • 2 weeks later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...