Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Trojan.GenericKD.69812247 keeps returning

Options

Windows

On the 22nd October I had a notification "Infected File Detected" See Document1.docx

and then the notification that it had been removed See TrojanRemoved.docx

I kept getting pop ups saying: your pc is being disinfected (Bitdefender) so I find out whether there was a Registry compromise, but did not find any thing on the net. How File Detectedd

Move on to 6th November and more pop ups: your PC is being disinfected(Bitdefender)

Ran another Rescue Environment scan and the results summary:

Resolved items, Item Path

File:C:\Users\JC\AppData\Local\Google\Chrome\User Data\extensions_crx_cache....

and File:C:\Users\AppData \Local\Temp\chrome_url_fetcher_5348_1884829377\JGL....

Both Trojan.GenericKD.69812247. Final Satus Deleted

The question is how to prevent a reoccurance? Is there a Registry change required or what?

Running Windows 10 Home V 10.0.19045 Build 10045. Laptop ASUS UX305CA x64 based

James

Best Answers

Answers

  • valuation100
    edited November 2023
    Options

    Hi Flexx and Gjoksi,

    -Thank you for your help and the detailed solution; that I carried out today. So far I have not had the incorrect pop up advising that it is being disinfected. What I had, is a notification from Bitdefender:

    Infected web page detected

    3 minutes ago

    Feature:

    Online Threat Prevention

    We blocked this dangerous page for your protection:

    url removed by @Flexx

    Threat name: Trojan.GenericKD.69812247

    Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

    -This was received at the time I opened Google GMail and looks as if Bitdefender now recognises the threat having blocked the infected web page. I have been unable to find out what and how this web page is coming from.

    Thanks, again