Regarding Kaspersky Notification and Missing Report

2025-03-19T18:24:16Z

I recently received a Windows notification stating that Kaspersky had blocked a malware download.

However, when I checked the report section in Kaspersky for further details, I could not find any corresponding reports related to this notification.

Could anyone please assist me in understanding this issue and advise on any necessary actions?

2025-03-19T19:16:08Z

@DKDK Welcome.

Please download and run AdwCleaner as Admin and post the TXT-log in your next post.

2025-03-20T05:00:16Z

I ran AdwCleaner as an administrator and have attached the log files for your reference.

However, I am still receiving the same notification.

Thank you!

Spoiler

AdwCleaner[S00].txt

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-20-2025
# Duration: 00:00:10
# OS:       Windows 10 (Build 19045.5608)
# Scanned: 32107
# Detected: 14

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

ALToolBar                       C:\Program Files (x86)\ESTsoft
ALToolBar                       C:\ProgramData\ESTsoft
ALToolBar                       C:\Users\OEM\AppData\Local\ESTsoft
ALToolBar                       C:\Users\OEM\AppData\Roaming\ESTsoft
PUP.Optional.Legacy             C:\Program Files (x86)\GreenTree Applications
PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
PUP.Optional.Legacy             C:\ProgramData\ytd video downloader

***** [ Files ] *****

PUP.Optional.Legacy C:\END
PUP.Optional.Legacy C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CC7640A9-1481-405A-A9E6-BFA0F3CBB0E0}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B7142E3B-5DCB-469A-8CAE-48EF34F51DF3}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
PUP.Optional.YTDToolbar         HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
PUP.Optional.YTDToolbar         HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

AdwCleaner[C00]

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-20-2025
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.5608)
# Cleaned: 14
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\ESTsoft
Deleted       C:\Program Files (x86)\GreenTree Applications
Deleted       C:\ProgramData\ESTsoft
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted       C:\ProgramData\ytd video downloader
Deleted       C:\Users\OEM\AppData\Local\ESTsoft
Deleted       C:\Users\OEM\AppData\Roaming\ESTsoft

***** [ Files ] *****

Deleted C:\END
Deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CC7640A9-1481-405A-A9E6-BFA0F3CBB0E0}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B7142E3B-5DCB-469A-8CAE-48EF34F51DF3}C:\program files (x86)\markany\maepscourt\macourtsafer.exe
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted       HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2737 octets] - [20/03/2025 13:55:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Edited 15 hours ago by Berny

2025-03-20T06:40:33Z

Also, update Your K. KIS product to new product line Kaspersky Plus.

2025-03-20T07:58:19Z

Thank you so much! After upgrading to Kaspersky Plus, I can now see all security events.

Here is the log for the detected threat.

I’m experiencing repeated attacks even without visiting the website.

Would reinstalling Chrome be the best way to stop this attack completely?

Event: Download Denied
User: DESKTOP-9ROHJNM\OEM
User Type: Initiator
Application Name: chrome.exe
Application Path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result Description: Blocked
Type: Trojan
Name: HEUR:Trojan-Clicker.Script.GhostPlugin.gen
Detection Method: Heuristic Analysis
Threat Level: High
Object Type: File
Object Name: b50b7f30-3efc-40a4-958b-47c84a6ef83f?uuid=d38d129c-b600-4305-b263-be2e6264f713
Object Path: https://infird.com/cdn
Object MD5: 09980ADB6FBBA63F9D79722E072563B6
Reason: Expert Analysis
Database Release Date: Today, 20/03/2025 2:04 PM

2025-03-20T08:11:21Z

Remove all the entries found by AdwCleaner.

The site of that detection looks down: "404 page not found".

2025-03-20T08:53:18Z

It was one of the extensions related to Foxified.

After removing Foxified, I no longer receive any threat notifications. 🙂

Regarding Kaspersky Notification and Missing Report

Recommended Posts

DKDK

Berny

DKDK

harlan4096

DKDK

harlan4096

DKDK

Please sign in to comment

Forum

Products

Support

Personal Account