All Activity

Würde vorschlagen ein Ticket beim Support zu eröffnen.

I understand that these are currently only my hypotheses, so I am seeking confirmation and assessment from the community. Furthermore, I have taken the step of submitting a request to Kaspersky Technical Support regarding this issue.

On what basis do you draw this conclusion? None of the above suggests this.

I have been doing that for a while. For most accounts involving personal security, I use two-factor authentication (2FA) and unique, random passwords (which I store in the Enpass application). However, the hacker exploited this by utilizing an App Password for access, which bypasses 2FA. Furthermore, the Enpass application itself is installed on this very device.

If you suspect a brute force login cancel email and switch to an Authenticator app or sms ?

电话 营业时间：周一至周五, 09:00-18:00 (当地时间) 应答时间：6 分钟 语言：普通话 400-611-6633

As you said, that's why I emphasized that this is an AI-powered product. The connection test result from my computer: C:\Users\hoang>netstat -ano | findstr ESTABLISHED TCP 127.0.0.1:49671 127.0.0.1:57083 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:58190 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:60717 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:61434 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:63858 ESTABLISHED 5664 TCP 127.0.0.1:50576 127.0.0.1:50577 ESTABLISHED 5664 TCP 127.0.0.1:50577 127.0.0.1:50576 ESTABLISHED 5664 TCP 127.0.0.1:57083 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:58190 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:60717 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:61434 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:63858 127.0.0.1:49671 ESTABLISHED 15832 TCP 192.168.1.20:51834 4.145.79.80:443 ESTABLISHED 5728 TCP 192.168.1.20:52977 4.1.82.185:443 ESTABLISHED 5664 TCP 192.168.1.20:54839 79.133.168.9:443 ESTABLISHED 5664 TCP 192.168.1.20:55155 79.133.168.9:443 ESTABLISHED 5664 TCP 192.168.1.20:55794 185.201.3.101:443 ESTABLISHED 5664 TCP 192.168.1.20:56194 212.5.110.163:443 ESTABLISHED 10984 TCP 192.168.1.20:56198 185.201.1.202:443 ESTABLISHED 5664 TCP 192.168.1.20:57174 82.202.184.185:443 ESTABLISHED 5664 TCP 192.168.1.20:57486 142.250.197.202:443 ESTABLISHED 15832 TCP 192.168.1.20:58380 199.165.136.100:443 ESTABLISHED 7304 TCP 192.168.1.20:58953 4.145.79.81:443 ESTABLISHED 5728 TCP 192.168.1.20:60420 4.145.79.82:443 ESTABLISHED 16972 TCP 192.168.1.20:60708 20.50.201.203:443 ESTABLISHED 16972 TCP 192.168.1.20:62190 40.74.78.229:443 ESTABLISHED 19460 TCP 192.168.1.20:62195 185.201.3.101:443 ESTABLISHED 5664 TCP 192.168.1.20:64597 65.109.109.243:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:51763 [2001:4860:4860::8888]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:53218 [2404:6800:4005:817::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:54584 [2404:6800:4008:c13::bc]:5228 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:54700 [2404:6800:4005:817::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:54874 [2001:4860:4860::8888]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:56561 [2404:6800:4005:805::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:57338 [2404:6800:4005:805::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:57649 [2803:f800:53::3]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:59536 [2001:4860:4860::8888]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:61934 [2603:1047:1:188::80]:443 ESTABLISHED 16972 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:65204 [2404:6800:4005:81e::200a]:443 ESTABLISHED 15832 The process 5664 belongs to Kaspersky. The reason I suspect my computer has been compromised is that while my computer was online and I was not actively using it, I received emails regarding Microsoft login OTP and password change OTP. I am certain that I did not log in to my account on multiple devices, which led me to suspect that my computer was compromised (despite running Kaspersky).

6 Dec 2025 ! No new update ! No fix !

Nice AI-generated text. Can you please repost that in your own words? There are a few inconsistencies. For example, what data was transferred to the unknown IP? Was it taken into account that Kaspersky essentially acts as a proxy? Who claims that the IP belongs to Russia (it is actually located in Frankfurt, Germany)? With further information, it might be possible to make a statement, but not yet.

@Lê Huy Hoàng Weclome. Please reach out to the Kaspersky Technical Support team via https://support.kaspersky.com/b2c

1. Initial Context and Symptoms Infection Vector: Likely initiated by running a cracked tool/software. Symptoms: Received unsolicited Microsoft one-time codes and password reset emails. Security Setup: The affected machine runs Windows 10/11 with Kaspersky running in real-time (no alerts). 2. Technical Findings (Forensics) The following critical findings were discovered not through manual user inspection, but through an AI-assisted diagnostic process: AI-Guided Diagnostics: I used an AI Assistant to analyze suspicious system behavior after initial self-detection failed. The AI guided me through terminal commands (such as netstat -ano and tasklist) to map network connections to running processes. Crucial Discovery (The Compromise): The diagnostic process identified a highly suspicious external connection associated with PID 5752. Mapping PID 5752 confirmed it belongs to the Kaspersky (32 bit) process. The connection was directed to a foreign, non-Kaspersky IP: 81.19.104.253 (in Russia). Conclusion: This provides strong evidence that a Stealer/Trojan malware used Process Injection to hide and operate within the trusted Kaspersky process space, thus neutralizing the protection and exfiltrating data. 3. Damage Assessment and Actions Taken Data Compromise: High risk that the Enpass Master Password and local files have been compromised. Immediate Actions: Network Disconnection: Permanently disconnected the machine from the internet. Emergency Password Change: Changed all critical passwords using a separate, trusted device. Future Plan: Planning a full, clean Windows reinstall. 4. Request to Kaspersky Experts I am seeking the community's and Kaspersky's official guidance on: Confirming the validity of this AI-assisted finding regarding Process Injection into the Kaspersky process. Guidance on how to formally report this sample and the associated C2 IP (81.19.104.253) for analysis by Kaspersky Labs. Any recommended steps for advanced artifact analysis that should be performed before the system is completely wiped.

Arkadaşlar sorunun çözümü yok 10 gündür düzeltemediler global forumda kısacası çözmeye çalışıyoruz dediler tahminimce bu sorun 1 ay sürcek gibime geliyor.

Got the exact same problem. Kaspersky scan can froze for hours and shows warning on the trojan in Samsung Internet app when clicked. I'm surprised it's not been resolved yet. It's really billions of customers affected so it's most likely a false alert and is not corrected in data base. I did re-install the app when got the warning right from Google play store but got the same warning when Kaspersky scanned. I also had the same warning about Trojan in Samsung Wallet few months ago but I don't really use this app so just deleted it. Now I think it also was a false flag. I wonder if somebody at Kaspersky lab doesn't like Samsung 🤔

@ahmed 995 Welcome. Please reach out to the Kaspersky Technical Support team via https://support.kaspersky.com/b2c and include as many technical details as possible.

sürüm bu ve hala hata aynen devam ediyor

That's my issue as well, right after a clean installation of K-Premium 21.23.6.614(a).

Hab mehrmals neu installiert, VPN funktioniert nur sehr langsam, auf manchen Seiten überhaupt nicht. DuckDuck Go nimmt nur komplett eingegeben Internetseiten, z.B. www. ...... .de . Suchmaschine funktioniert überhaupt nicht.

I have the same issue. Did you find a way to fix it so far?

Looks like we are going to wait 1 month until they fix the VPN.

You can download it from the African site at the moment if you want to. https://www.kaspersky.co.za/downloads/plus You can activate it with the activation code of your subscription. Officially only Ubuntu and some RPM based Linux flavors popular in Russia and third-world countries are supported but I have tested it with some other popular RPM based Linux flavors and it's running fine mostly. It does have some minor issues on SUSE for example with Web Protection but nothing game breaking.

I used to use your VPN (Egypt, UAE, Algeria, Bahrain locations ) to watch TOD TV for months, but last week the website started detecting the VPN and giving me an error. I tried other VPNs (Stream Locator and Boost VPN), and they work — the site doesn’t detect the VPN when I use them WINDOWS 11 V 25H2 VPN V. 21.23.6.614-2 (a)

They said the new "upgraded" Kaspersky VPN doesn't work in Russia, and offered to give me a free license for a Russia-specfic Kaspersky VPN After installing their new VPN, I discovered that it has only 8 available locations!!! And none of these locations enable you to access Facebook, YouTube or any websites unavailable in Russia This is really hilarious

no es version preview de windows, es windows 11 pro 25h2, me ha pasao al desbloquear el almacen en chrome, se ha bugeado, y ni reiniciand, ni reinstalado con la ultima version... solo me ha funcionado renombrando la carpeta de %LOCALAPPDATA%\Kaspersky Lab\ Kaspersky Password Manager a Kaspersky Password Manager-old, y al abrir ya funciona bien, parece que algo se ha corrompido en esa carpeta.. y hacia Excepción: 0xc00000fd → Stack overflow. no se porqué he reinstalado la app y mismo problema... he desinstalado extensiones del navegador, y nada... pero ya me deja algo mosca... que todo se ha iniciado al desbloquear el almacen desde la extensdion de chrome, y se ha bugeado

Hallo 4coons, Bei mir ging dass noch nie über den Kaspersky Account sondern ich durfte ein Nexway Konto eröffnen da kannst Du alles dann. Hier die Anleitung für Dich So erstellen Sie ein Nexway-Kundenkonto https://support.kaspersky.com/de/common/buy/15465#block2 So aktualisieren Sie Ihre Zahlungsdetails oder E-Mail-Adresse im Nexway-Kundenportal https://support.kaspersky.com/de/common/buy/15465#block3 Der Grund warum Du deine Daten aktuallisieren darfst war mal dass Kaspersky diverse Daten gelöscht hat(War auch bei mir der Fall )