New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"HEUR:Trojan.Script.Generic" is detected by Kaspersky #690
Comments
This is a false alarm, because Tampermonkey is not a trojan. Most probably this is related to #635 (comment). I'm not sure how to convince Kaspersky that the extension itself is not a problem. |
This may not be a false alarm; instead, it may be that those files are in fact corrupted on @spnova1's system. If they are corrupted, it was done by some sort of malware which has nothing directly to do with Tampermonkey. TM is just a victim. @spnova1, do you have a way to retrieve the files? Anti-malware packages may either completely remove files, or 'quarantine' them in some package-specific way. If you don't know, maybe Kaspersky support or some sort of FAQ can help you find them. The files it listed are mostly fairly straightforward. I am curious to see the contents of one, let us say:
This should be a file of about 1 kilobyte with 35 text lines, most of which look like:
If it has been changed by malware, the difference should be obvious. If you are able to look at it in a file viewer or text editor, maybe you could paste a screenshot of it here (screenshot should be a sufficiently safe way to pass around potential malware). |
I have got an alert from kaspersky with the same trojan(Trojan HEUR:Trojan.Script.Generic) as mentioned above, however the location is different i.e "C:\Users\xyz\AppData\Local\Google\Chrome\UserData\Default\Extensions\dgpfeomibahlpbobpnjpcobpechebadh\1.5_0\adblock-stats.js" and is flagged with "High" threat level. |
In your case you should remove the extension. As a side note: this is the Tampermonkey browser extension bugtracker and no Kaspersky support forum. ;-) |
### sorry, wrong quotes in previous issue. Files from Tampermonkey are reported here:
"HEUR:Trojan.Script.Generic" is detected from files listed below:
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\storage.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\storage.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\parser.js
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\parser.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\parser.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\jgphnjokjhjlcnnajmfjlacjnjkhleah\5.9.20_0\js\background.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\icon.js
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\icon.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\icon.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\vendor\forge-sha256\forge-sha256.js
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\vendor\forge-sha256\forge-sha256.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
D:\Program Files (x86)\Google\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\vendor\forge-sha256\forge-sha256.js//d:\program files (x86)\google\local\google\chrome\user data\profile 2\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.8_0\background.html
And Kaspersky deleted all those files already.
What's wrong with these files and can i trust all this files and recover them?
The text was updated successfully, but these errors were encountered: