• 27 December 2021
  • 5 replies

I've downloaded and tried to install a third party setup.zip.

  1. Windows Defender detected Trojans continuously until I rebooted. 
  2. I permanently deleted the downloaded setup.zip and the corresponding files created/modified in the C drive at the same time the Trojans were detected.
  3. I found two folders with long strings in capitals with the same modified/created time that included browsers' (edge and chrome) content (Autofill, CC, Cookies, Downloads, History, Wallets and passwords) in txt files. 
  4. I moved the two folders and renamed them.
  5. Then installed Kaspersky Anti-virus and scanned. The results:


All these were pointing to one cache file named: f_002ce3

I deleted all files in the Cache folder and did a full scan. Didn’t find anything.

What does this mean? Was the browser data already been received by whoever made the setup.zip file or is it part of a long game? I realize I have no way of knowing but I’ve been worried sick for the past 2 days. What should I do next?

5 replies

Userlevel 7
Badge +9

@user34015 Welcome. 

Please clean your Edge cache + reboot and proceed with a Kaspersky scan ?

If no fix please reset Edge to default ?

Thanks. I did that asap. I still want to find out whether the passwords.txt and others had been stolen already before I installed Kaspersky (if the damage had already been done).

If the scans aren’t showing anything, that must mean, I’m not being monitored or something, right?

Userlevel 7
Badge +9

@user34015 Your are welcome.

When a Kaspersky scan doesn’t show anything  means that your system is clean.

Ok. I’m a little relieved but I’ll still change the passwords one by one whenever I have time in case they’ve been stolen before I installed Kaspersky av.

Userlevel 7
Badge +9

@user34015  Please see Check Password Security