Jump to content

Regarding Kaspersky Notification and Missing Report


Go to solution Solved by harlan4096,

Recommended Posts

Posted

I recently received a Windows notification stating that Kaspersky had blocked a malware download.

However, when I checked the report section in Kaspersky for further details, I could not find any corresponding reports related to this notification.

Could anyone please assist me in understanding this issue and advise on any necessary actions?

Kaspersky.jpg

Posted

@DKDK Welcome.

Please download and run AdwCleaner as Admin and post the TXT-log in your next post.

Posted (edited)

I ran AdwCleaner as an administrator and have attached the log files for your reference.

However, I am still receiving the same notification.

Thank you!

Spoiler

 AdwCleaner[S00].txt

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-20-2025
# Duration: 00:00:10
# OS:       Windows 10 (Build 19045.5608)
# Scanned:  32107
# Detected: 14


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

ALToolBar                       C:\Program Files (x86)\ESTsoft
ALToolBar                       C:\ProgramData\ESTsoft
ALToolBar                       C:\Users\OEM\AppData\Local\ESTsoft
ALToolBar                       C:\Users\OEM\AppData\Roaming\ESTsoft
PUP.Optional.Legacy             C:\Program Files (x86)\GreenTree Applications
PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
PUP.Optional.Legacy             C:\ProgramData\ytd video downloader

***** [ Files ] *****

PUP.Optional.Legacy             C:\END
PUP.Optional.Legacy             C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CC7640A9-1481-405A-A9E6-BFA0F3CBB0E0}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B7142E3B-5DCB-469A-8CAE-48EF34F51DF3}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
PUP.Optional.YTDToolbar         HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
PUP.Optional.YTDToolbar         HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

 

 

AdwCleaner[C00]

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-20-2025
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.5608)
# Cleaned:  14
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\ESTsoft
Deleted       C:\Program Files (x86)\GreenTree Applications
Deleted       C:\ProgramData\ESTsoft
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted       C:\ProgramData\ytd video downloader
Deleted       C:\Users\OEM\AppData\Local\ESTsoft
Deleted       C:\Users\OEM\AppData\Roaming\ESTsoft

***** [ Files ] *****

Deleted       C:\END
Deleted       C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CC7640A9-1481-405A-A9E6-BFA0F3CBB0E0}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B7142E3B-5DCB-469A-8CAE-48EF34F51DF3}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted       HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2737 octets] - [20/03/2025 13:55:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

Edited by Berny
  • Solution
harlan4096
Posted

Also, update Your K. KIS product to new product line Kaspersky Plus.

  • Like 2
Posted

Thank you so much! After upgrading to Kaspersky Plus, I can now see all security events.

Here is the log for the detected threat.

I’m experiencing repeated attacks even without visiting the website.

Would reinstalling Chrome be the best way to stop this attack completely?

Event: Download Denied
User: DESKTOP-9ROHJNM\OEM
User Type: Initiator
Application Name: chrome.exe
Application Path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result Description: Blocked
Type: Trojan
Name: HEUR:Trojan-Clicker.Script.GhostPlugin.gen
Detection Method: Heuristic Analysis
Threat Level: High
Object Type: File
Object Name: b50b7f30-3efc-40a4-958b-47c84a6ef83f?uuid=d38d129c-b600-4305-b263-be2e6264f713
Object Path: https://infird.com/cdn
Object MD5: 09980ADB6FBBA63F9D79722E072563B6
Reason: Expert Analysis
Database Release Date: Today, 20/03/2025 2:04 PM

harlan4096
Posted

Remove all the entries found by AdwCleaner.

 

The site of that detection looks down: "404 page not found".

  • Like 1
  • Thanks 1
Posted

It was one of the extensions related to Foxified.

After removing Foxified, I no longer receive any threat notifications. 🙂

  • Like 2
  • Thanks 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...