Computer Virus Alert

RT800

So there I was, noodling around on r/funny looking at amusing imgur pictures of cats in hats and whatnot when suddenly I get an alert from my Kaspersky anti-virus program.

Trojan program detected, quarantined, and deleted.

I assume that means I'm all good, right? Dodged the bullet? I dunno, I've never actually gotten an alert before.

I ran a scan and it came up with nothing. I also ran a scan using Malware Byte's free tool. Also nothing. I haven't noticed anything obviously wrong with my computer...yet.

But I still can't help but be paranoid now. Am I still (relatively) safe to buy stuff online? Do I dare ever look at a picture hosted on imgur ever again? Is my computer a zombie!?! Should I take further steps?

Or am I just being a digital hypochondriac now?

Cantido

This is a good question.

I've never seen my PC pop up with a warning on its own. I always had to initiate a scan first. But I'm using McAfee.

Does Kaspersky produce a log you can send to support? Does someone else know how Kaspersky rolls?

Gabriel_Pitt

I haven't used Kapersky in a decade, but there were a couple times it caught something as it appeared. The status message is pretty self explanatory. The trojan was detected and nuked.

Does it still use that really annoying squeal sound when that happens?

LostNinja

Cantido wrote: »

This is a good question.

I've never seen my PC pop up with a warning on its own. I always had to initiate a scan first. But I'm using McAfee.

Does Kaspersky produce a log you can send to support? Does someone else know how Kaspersky rolls?

Kysperski will produce a pop up if it detects anything, and I do believe it produces a log, though I'm not at my computer so I can't tell you how to get to it, but if I remember correctly it's fairly intuitive.


OP: I always get super paranoid about these things too, but if neither a Kasperski full scan nor a malwarebytes full scan detected anything, you are probably fine.

Shadowfire

Kaspersky will keep a log about files it quarantines. You could check that and see what file it was, but I really think you're probably safe at this point.

I'd maybe avoid the site you were on from here on though.

Hevach

Thorough scans are always a good idea following an alert, but whatever it was got caught, likely before it did anything, so it's not an immediate danger, just the possibility that it did something like inserting itself into task scheduler to come back next time you restart.

RT800

Gabriel_Pitt wrote: »

Does it still use that really annoying squeal sound when that happens?

It does.

Shadowfire wrote: »

I'd maybe avoid the site you were on from here on though.

That's my inclination as well, but the site was imgur. Feels like half the images ever posted to the internet are posted through imgur.

I guess it's safe. I hope. I suppose I have no real reason to assume the antivirus didn't nuke the shit out of it.

Anyway, thanks for the input everyone.

baudattitude

Quarantined AND deleted is weird; normally your AV will quarantine something if it is uncertain about the malicious nature of the file, deletion being reserved for "yup we are 100% sure this is bad" so that may just be Kaspersky bragging itself up.

It sounds like it caught an exploit kit or dropper in the process of trying to install something, and blocked the exploit/dropper before it could gain a foothold. You're probably good from now on. (Many kinds of malware are distributed like this nowadays, with an initial program running to install the actual malicious code)

As for how that popped up on imgur, it was likely malware slipstreamed in via an ad network. Running an ad blocker in addition to real-time scanning via your AV is one of the best ways to protect yourself.

RT800

Well I do use a script blocker, but had imgur whitelisted.

I guess no more.

NightDragon

For the record, I used to have some incredibly frequent redirects to the App store, redirects to "you have a virus!! scan now!?" fake pop-ups, phishing sites, etc....when visiting Imgur on my phone through my web browser. On desktop it doesn't happen, and using their app it doesn't happen, but I know that they've had problems with malicious ads on their site before (specifically ads that redirect you to games in the app store) so it really wouldn't surprise me if their website picked up something nasty.

iRevert

baudattitude wrote: »

Quarantined AND deleted is weird; normally your AV will quarantine something if it is uncertain about the malicious nature of the file, deletion being reserved for "yup we are 100% sure this is bad" so that may just be Kaspersky bragging itself up.

It sounds like it caught an exploit kit or dropper in the process of trying to install something, and blocked the exploit/dropper before it could gain a foothold. You're probably good from now on. (Many kinds of malware are distributed like this nowadays, with an initial program running to install the actual malicious code)

As for how that popped up on imgur, it was likely malware slipstreamed in via an ad network. Running an ad blocker in addition to real-time scanning via your AV is one of the best ways to protect yourself.

ESET will give me this now and then when a site or more than likely a banner attempts to load a trojan, you get it from time to time when an advertiser is compromised with a banner that slips through and points to a trojan rather than an image/gif.

EclecticGroove

Quarantine vs quarantine and delete is often a setting, or based upon the classification/severity of the file.
I'd imagine that the file it deleted was in your temp/temp internet files directory, as it was likely an attempt at a drive by infection. Possibly via a CDN network (cloudflare, aws, etc) unless you were browsing a shady site in some tab somewhere.

If you're coming up clean, you're probably good, but may want to keep an eye on things for a bit just to be safe. You could try one of the free online virus scanners as well just to make sure they come up with nothing as well.