Kaspersky
Products
Support go
Community
Personal Account go
Check a file or link
Kaspersky Club go
Kaspersky Education go
Beta Testing
back back
support
Home Support
Business Support
Virus Fighting
back back
kaspersky club
Россия и СНГ
Global
back back
kaspersky education
Бесплатный образовательный портал
Free educational videocourses
back back
Personal Account
My Kaspersky
KSOS Management Console
CompanyAccount
Question

HEUR:Trojan-Dropper.Win32.Agent.gen

  • 27 December 2021
  • 5 replies
  • 78 views
U

I've downloaded and tried to install a third party setup.zip.

  1. Windows Defender detected Trojans continuously until I rebooted. 
  2. I permanently deleted the downloaded setup.zip and the corresponding files created/modified in the C drive at the same time the Trojans were detected.
  3. I found two folders with long strings in capitals with the same modified/created time that included browsers' (edge and chrome) content (Autofill, CC, Cookies, Downloads, History, Wallets and passwords) in txt files. 
  4. I moved the two folders and renamed them.
  5. Then installed Kaspersky Anti-virus and scanned. The results:

 

All these were pointing to one cache file named: f_002ce3

I deleted all files in the Cache folder and did a full scan. Didn’t find anything.

What does this mean? Was the browser data already been received by whoever made the setup.zip file or is it part of a long game? I realize I have no way of knowing but I’ve been worried sick for the past 2 days. What should I do next?

5 replies

Berny
Rank
Userlevel 7
Badge +9

@user34015 Welcome. 

Please clean your Edge cache + reboot and proceed with a Kaspersky scan ?

If no fix please reset Edge to default ?

Did it answer your question? Please mark it as "Best Answer” | Est-ce la réponse à votre question? Marquez-le comme résolu | Is dit het antwoord op uw vraag? Markeer het als opgelost | (Forum Moderator France & Benelux)
U

Thanks. I did that asap. I still want to find out whether the passwords.txt and others had been stolen already before I installed Kaspersky (if the damage had already been done).

If the scans aren’t showing anything, that must mean, I’m not being monitored or something, right?

Berny
Rank
Userlevel 7
Badge +9

@user34015 Your are welcome.

When a Kaspersky scan doesn’t show anything  means that your system is clean.
 

Did it answer your question? Please mark it as "Best Answer” | Est-ce la réponse à votre question? Marquez-le comme résolu | Is dit het antwoord op uw vraag? Markeer het als opgelost | (Forum Moderator France & Benelux)
U

Ok. I’m a little relieved but I’ll still change the passwords one by one whenever I have time in case they’ve been stolen before I installed Kaspersky av.

Berny
Rank
Userlevel 7
Badge +9

@user34015  Please see Check Password Security 

Did it answer your question? Please mark it as "Best Answer” | Est-ce la réponse à votre question? Marquez-le comme résolu | Is dit het antwoord op uw vraag? Markeer het als opgelost | (Forum Moderator France & Benelux)

Reply


Utilities