Jump to content
Imp1.3

Very strange behaviour after Safe Money opened, msmpeng.exe detected.

Recommended Posts

Hi all, was wondering if you could help me!

When I was paying online on a site, Kaspersky Total Security opened the prompt window to use Safe Money or not. So I clicked yes. Then BOOM a blue screen, the error message I cannot remember but it said there was something related to klhk.sys. 

Then I tried logging in again. The computer booted up but I was brought to a default background screen, there was also the notification from Windows supposedly, 'We cannot connect to your (Microsoft???) account'. I restarted again.... 

On the 2nd restart I was greeted with a warning, that firewall was turned off and there was no firewall. I opened Kaspersky immediately and Kaspersky gave the following message, 'Malware detected on your computer.'

The Protection Center is yellow, says Protection may be at risk. After clicking details, it tells me that msmpeng.exe is a Legitimate program that can be used by criminals to damage your computer or personal data. It gives me the option to 'Resolve'. I have not clicked it yet.

The Kaspersky report on this incident:

07.05.2018 22.26.17;Malware detected;PDM:Trojan.Win32.Generic;Antimalware Service Executable;c:\programdata\microsoft\windows defender\platform\4.12.17007.18022-0\msmpeng.exe;05/07/2018 22:26:17

Then, later, a message that the malware was terminated.

07.05.2018 22.26.17;Malware terminated;PDM:Trojan.Win32.Generic;Antimalware Service Executable;C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe;05/07/2018 22:26:17

 

Then suddenly when browsing Kaspersky, the webcam flashes on and I get the Kaspersky notification 'Host Process for Windows Tasks is using the webcam'. It flashes off immediately.

From the Kaspersky reports, 

07.05.2018 22.48.25;Application is allowed to access webcam;Host Process for Windows Tasks;Host Process for Windows Tasks;C:\Windows\System32\taskhostw.exe;05/07/2018 22:48:25

Additionally, Kaspersky appeared to have rebooted itself and started describing its features as if it was freshly installed again. The history of Kaspersky in reports, files scanned is now gone and only tonight's history exists in the logs.
 

Do I really have malware on my computer? Can someone tell me what is going on? 

P.S. I am running the latest version of Malwarebytes Premium. It just came up and told me no threats were detected. All Kaspersky protection components are up and running

Edited by Imp1.3

Share this post


Link to post

Welcome. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second (2nd) pinned topic. 
There, you will find instructions to post your GSI and AVZ logs.

Please see the small print that is located at the bottom of this message. 

Share this post


Link to post
42 minutes ago, richbuff said:

Welcome. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second (2nd) pinned topic. 
There, you will find instructions to post your GSI and AVZ logs.

Please see the small print that is located at the bottom of this message. 

Hi richbuff, 

I've uploaded my AVZ log files at the bottom of this post.
 

Please find my GSI log here - https://www.getsysteminfo.com/report/6e3b4e46e0eae198d4c12907ccea2173
 

Please note Kaspersky just now blocked an attempt to activate my webcam as I was running the scans.

Thanks so much!

KL_syscure.htm

avz_sysinfo.htm

Edited by Imp1.3

Share this post


Link to post

Thanks richbuff !

I have uploaded the Msmpeng.exe to the VirusDesk, results are: 

File MsMpEng.exe is safe.

The file is safe to keep, use and send.

However, Kaspersky is still displayed as yellow on the home screen - Protection may be at risk. When it says, under Protection - msmpeng.exe is a 'Legitimate program that can be used by criminals to damage your computer...' there is a Resolve button, but clicking the Resolve button does not do anything. Should I click the dropdown menu and select Add to exclusions or Ignore in there? 

Also, an access to my webcam was just blocked again ! Any explanation for this ? I had restricted all webcam access on Kaspersky - Webcam Protection. Do you know why these attempts are happening ?

Thanks once again !

Share this post


Link to post

You're welcome. 1. Update databases > reboot, then scan with Kaspersky.

2. I don't know. I just disable the webcam driver. 

Share this post


Link to post

Hi richbuff, so I followed your advice as below, updated, rebooted then ran a Complete Scan.

Quote

1. Update databases > reboot, then scan with Kaspersky.

Kaspersky still is yellow - Protection may be at risk. For the msmpeng.exe, should I click Add to Exclusions or Ignore.? The Resolve button does not seem to work still.

Thanks !

Edited by Imp1.3

Share this post


Link to post

Instead of Exclude or Ignore, please try this:  Un and re install KTS: Uninstall KTS > when prompted, Save licensing information and Password Manager information > reboot > re install KTS > reboot > do a databases update > reboot. Repeat database update > reboot. Then scan with Kaspersky. Is that file still detected? 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.