Jump to content

Recommended Posts

saladass4321
Posted

I was doing some Google search earlier and Kaspersky popped up saying Malicious object detected, I double-checked and did some further research I suspect it's related to the preload function (I've already turned it off) in Google Chrome, do I need to do anything on my end like reinstalling the OS or clear browser cache? Here's the report I got from Kaspersky


 

Quote

 

Event: Download denied
User type: Initiator
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan.Script.Generic
Precision: Heuristic analysis
Threat level: High
Object type: File
Object path: https://aynrand.org
MD5 of an object: E6C72A14F853751246A45FE954F6B58C
Reason: Expert analysis
Databases release date: Today, 3/17/2025 12:12:00 PM

 

Event: Malicious object detected
User type: Initiator
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Script.Generic
Precision: Heuristic analysis
Threat level: High
Object type: File
Object path: https://aynrand.org
MD5 of an object: 71614E2EE01C18730061633A6412E8FF
Reason: Expert analysis
Databases release date: Today, 3/17/2025 12:12:00 PM

 

 

And I just got another detection and block from copying and pasting the report from Kaspersky

I've already done a full scan in Kaspersky and it says no threats detected 

harlan4096
Posted

Welcome to K. Community.

 

Yesterday I reported that site to K. analysts, and this is their reply:


 

Quote

 

Hello,

This is not a false alarm. This site is infected.


Here is the malicious code:


;;if(typeof zqxq==="undefined"){(function(N,M){v

 

If you are a webmaster, please remove the above code from the page. Also we strongly recommend that you change passwords to all services that can be used to modify website contents because they may have been stolen.

 

 

I don't know what You were browsing to get that warning, but this is not a false positive.

 

If You continue getting it, check Your browsers add-ons for suspicious ones, clear browser cache, do a reset config of Your browser, run a K. scan of the system.

  • Like 1
saladass4321
Posted
2 hours ago, harlan4096 said:

Welcome to K. Community.

 

Yesterday I reported that site to K. analysts, and this is their reply:


 

 

I don't know what You were browsing to get that warning, but this is not a false positive.

 

If You continue getting it, check Your browsers add-ons for suspicious ones, clear browser cache, do a reset config of Your browser, run a K. scan of the system.

I was only doing some Google searches, didn't click on any links or download anything (fully stayed on Google), I only get the warning (same warning every time) when I search for a specific term on Google so I suspect it's caused by the preload function of the Chrome browser, but again I also received the same warning when I was trying to copy paste the Kaspersky report to the post after the addresses in the report turned into a hyperlink (already have the preload function turned off).

I already cleared my caches from the last 7 days, didn't install any new extensions (if that's what you meant by add-ons) since maybe like last year so I don't think that's the problem. Did multiple full scans in Kaspersky and it says no threats detected.

 

Is there anything I should be worrying about? Should I take any further action?

  • Like 1
harlan4096
Posted

Ok, if You use a different browser, for example, FireFox, You get the same detection?

 

Also, download this tool: https://www.malwarebytes.com/adwcleaner

 

Run a scan, once ended, don't remove anything if detected, 1st copy/paste the result of the scan in Your next post.

  • Like 1
saladass4321
Posted
Quote

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: 
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-18-2025
# Duration: 00:00:08
# OS:       Windows 11 (Build 26100.3194)
# Scanned:  32093
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F30ED44-285D-43A4-99F2-B00E9751BB59}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06E77C0-E5D8-41B2-89DF-1991CA59492C}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UEIPINVITATION 
Preinstalled.UserExperienceImprovementProgramService   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support:
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-18-2025
# Duration: 00:00:07
# OS:       Windows 11 (Build 26100.3194)
# Scanned:  32103
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2382 octets] - [18/03/2025 09:46:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support:
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-18-2025
# Duration: 00:00:07
# OS:       Windows 11 (Build 26100.3194)
# Scanned:  32096
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F30ED44-285D-43A4-99F2-B00E9751BB59}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06E77C0-E5D8-41B2-89DF-1991CA59492C}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UEIPINVITATION 
Preinstalled.UserExperienceImprovementProgramService   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK 


AdwCleaner[S00].txt - [2382 octets] - [18/03/2025 09:46:35]
AdwCleaner[S01].txt - [1483 octets] - [18/03/2025 09:48:04]
AdwCleaner[S02].txt - [1544 octets] - [18/03/2025 09:48:38]
AdwCleaner[S03].txt - [2565 octets] - [18/03/2025 09:54:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
 

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build:    03-05-2025
# Database: 2024-10-23.4 (Local)
# Support:
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-18-2025
# Duration: 00:00:07
# OS:       Windows 11 (Build 26100.3194)
# Scanned:  32094
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F30ED44-285D-43A4-99F2-B00E9751BB59}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06E77C0-E5D8-41B2-89DF-1991CA59492C}  
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE 
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UEIPINVITATION 
Preinstalled.UserExperienceImprovementProgramService   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK 


AdwCleaner[S00].txt - [2382 octets] - [18/03/2025 09:46:35]
AdwCleaner[S01].txt - [1483 octets] - [18/03/2025 09:48:04]
AdwCleaner[S02].txt - [1544 octets] - [18/03/2025 09:48:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 

I've run a couple of scans using the Malwarebytes adwcleaner, it doesn't seem to have detected anything apart from some software preinstalled on my laptop, I couldn't test the search on other browsers at this moment since I only have Chrome installed and I don't wanna risk it. I could upload the .txt files of the logs of the Malwarebytes scan if it's required.

  • Like 1
harlan4096
Posted

Agree, nothing suspicious in the logs, no need to upload the txt.

 

I would try with a different browser.

saladass4321
Posted

Apart from trying a different browser is there anything else I should do? How do I make sure that I'm in the clear? If possible, I'd also like to know what the malicious code does. Thank you!

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...