Since about a week, I’m experiencing a constant flagging (every couple of minutes) through my antivirus program (Bitdefender Antiviurs Plus 2019) when using Brave (Version 0.67.125 Chromium: 76.0.3809.100 (Official Build) (64-bit)). I get one of the two following warnings from Bitdefender. Both point to “Android.Adware.Agent.XYD”
Successfully blocked infected file
Feature: Antivirus
The file C:\Users\Stefan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\f_000485 is infected with Android.Adware.Agent.XYD. The threat has been successfully blocked, your device is safe.
Infected webpage detected
Feature: Online Threat Prevention
We blocked this dangerous page for your protection: http://proudflex.org/213db237bbd6bf854a.js Accessed by: brave.exe Threat name: Android.Adware.Agent.XYD Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.
This occurs on three different machines (two are Windows 7, one is Windows 10, all have Bitdefender installed). However, it does not occur when surfing the web with a different browser (for example Edge).
Is this a known issue and how can I fix it?
Thanks.
Update: The permanent flagging also occurs after updating Brave to Version 0.68.131 Chromium: 76.0.3809.100 (Official Build) (64-bit)
To confirm, you already had and had been using Brave before it was flagged – that is, this isn’t the first time installing the browser?
If so, follow the steps outlined in the article I linked to above (I will provide some additional resources below as well) to remove the infection from your machine. Additionally, since the source of the virus is likely a webpage (or files downloaded from one), ensure that you don’t re-infect your PC by:
Taking note of recent sites wherein Shields are not active
Recently visited sites that fail to establish a secure connection
Recently visited sites that you downloaded files from
This will also help establish whether or not this is a hole/flaw in Brave and/or the Chromium engine, the work of a crafty malware author, or some other issue entirely.
Yes, all three machines have been using Brave for quite some time (many months) before the flagging suddenly started.
I did a full scan with three different tools: Bitdefender Antivirus Plus, Microsoft Malicious Software Removal Tool, and Spyhunter 5 (recommended in the first article you had linked to). I also checked manually (registry, all folders, browser extensions, installed programs, …) as described in said article. And no trace of Android.Adware.Agent.XYD was found by the scanning apps or my manual search. So I have to assume, that the PC is not infected.
I would find it curious, that three different PCs (used by my wife, my daughter, and myself, all with quite different surfing habits) get infected with the same virus at the same time. And the flagging only occurs when using Brave.