Trojan detected while downloading program

[Wandering33]

Hello!

As the title suggests I was downloading a program, Unity game engine from their Unity Hub program. Which I had done a scan on before installing and everything was fine. I started the download of the game engine using Unity's hub program, and left for work. When I came home hours later Kaspersky had a pop up in the bottom right corner of my screen saying it detected a Trojan. To restart the computer. The download did not complete and the computer was disconnected from the internet when I got home. I restarted the computer and followed trough the prompts Kaspersky took me down. Once I restarted the computer I did a full scan. I turned the PC off did another full scan. I also checked with Malwarebytes and nothing came up with any threats. So I am wondering did Kaspersky stop the Trojan from getting downloaded onto my computer? Or could this have been a false positive as I downloaded it right from the developers website then used their program to download the engine.

 

I am using version 21.17.7.539

Kaspersky Premium (I believe total security)

Windows 10

[harlan4096]

Welcome to Kaspersky Community.

 

Default action of K. would usually be blocking the access to a downloading malware, check Quarantine, also check Reports logs.

[Wandering33]

I’ve checked quarantine and the report logs from what I can see there is nothing about Unity other than it trusting Unity Hub. There is nothing about a Trojan either. I am unable to find anything in the program. 

[harlan4096]

So, any detection in Reports Web Anti-Virus or File Anti-Virus modules? 🤔

[Wandering33]

This is all I was able to find. I'm not seeing Web Anit- Virus on there.

[Flood and Flood's wife]

1 hour ago, Wandering33 said:

1. I'm not seeing Web Anit- Virus on there.

 

Hello @Wandering33, 

Thank you for the information!

1. In 21.16.* onwards - Web Anti-Virus has been renamed to Safe Browsing. 

     2. 3 & 4 - Also, the screen-prints: in the horizontal column (you) can rightclick & filter out columns to hide things like User & or blank columns, then - in the top-right-corner to expand the Report window - select the ⬜maximise icon, go back to the actual report & select the relevant event so the event detail shows in the lower-half of the expanded window - then screen-print - as in the example below: 

Thank you🙏
Flood🐳+🐋

Edited June 6, 2024 by Flood and Flood's wife
grammar & numbering

[Wandering33]

Thank you. I tried that I don't have a lot in the safe browsing. I also have nothing in quarantine as well. I'm not able to find anything about it stopping the download at all.

[Flood and Flood's wife]

38 minutes ago, Wandering33 said:

I tried that I don't have a lot in the safe browsing. I also have nothing in quarantine as well. I'm not able to find anything about it stopping the download at all.

Hello @Wandering33, 

Thank you for the information!

In File Anti-virus, in the Detail section, scroll down, to show the lower-section of the event, does it give a reason for the 'Not processed' event - see image below as an example:

Thank you🙏
Flood🐳+🐋

Edited June 6, 2024 by Flood and Flood's wife
Added image

[harlan4096]

Web Anti-Virus module now it is called -> Safe Browsing 😉

[Wandering33]

It shows the reason as size

[harlan4096]

It seems the detection it was in a specific file .dll file... check that temporal folder:

 

[Wandering33]

I tried but I couldn’t find the AppData folder under my user. 

[harlan4096]

It is a system folder, You have to un hide via Windows folder Options, the hidden files and folders.

[Wandering33]

Thank you. It's not there I got as far as temp but the nss7939.tmp wasn't there. Maybe when I did a disk cleanup it was removed?

[harlan4096]

Yes, probably, since they were temporal files...

[Wandering33]

So do you think my computer is safe then? Since they are gone. 

[harlan4096]

If did not get again any detection, I would probably say that yes.