As you said, that's why I emphasized that this is an AI-powered product. The connection test result from my computer: C:\Users\hoang>netstat -ano | findstr ESTABLISHED TCP 127.0.0.1:49671 127.0.0.1:57083 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:58190 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:60717 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:61434 ESTABLISHED 5664 TCP 127.0.0.1:49671 127.0.0.1:63858 ESTABLISHED 5664 TCP 127.0.0.1:50576 127.0.0.1:50577 ESTABLISHED 5664 TCP 127.0.0.1:50577 127.0.0.1:50576 ESTABLISHED 5664 TCP 127.0.0.1:57083 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:58190 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:60717 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:61434 127.0.0.1:49671 ESTABLISHED 15832 TCP 127.0.0.1:63858 127.0.0.1:49671 ESTABLISHED 15832 TCP 192.168.1.20:51834 4.145.79.80:443 ESTABLISHED 5728 TCP 192.168.1.20:52977 4.1.82.185:443 ESTABLISHED 5664 TCP 192.168.1.20:54839 79.133.168.9:443 ESTABLISHED 5664 TCP 192.168.1.20:55155 79.133.168.9:443 ESTABLISHED 5664 TCP 192.168.1.20:55794 185.201.3.101:443 ESTABLISHED 5664 TCP 192.168.1.20:56194 212.5.110.163:443 ESTABLISHED 10984 TCP 192.168.1.20:56198 185.201.1.202:443 ESTABLISHED 5664 TCP 192.168.1.20:57174 82.202.184.185:443 ESTABLISHED 5664 TCP 192.168.1.20:57486 142.250.197.202:443 ESTABLISHED 15832 TCP 192.168.1.20:58380 199.165.136.100:443 ESTABLISHED 7304 TCP 192.168.1.20:58953 4.145.79.81:443 ESTABLISHED 5728 TCP 192.168.1.20:60420 4.145.79.82:443 ESTABLISHED 16972 TCP 192.168.1.20:60708 20.50.201.203:443 ESTABLISHED 16972 TCP 192.168.1.20:62190 40.74.78.229:443 ESTABLISHED 19460 TCP 192.168.1.20:62195 185.201.3.101:443 ESTABLISHED 5664 TCP 192.168.1.20:64597 65.109.109.243:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:51763 [2001:4860:4860::8888]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:53218 [2404:6800:4005:817::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:54584 [2404:6800:4008:c13::bc]:5228 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:54700 [2404:6800:4005:817::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:54874 [2001:4860:4860::8888]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:56561 [2404:6800:4005:805::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:57338 [2404:6800:4005:805::200e]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:57649 [2803:f800:53::3]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:59536 [2001:4860:4860::8888]:443 ESTABLISHED 15832 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:61934 [2603:1047:1:188::80]:443 ESTABLISHED 16972 TCP [2402:800:6195:ec43:d05c:566a:9e1c:a1d8]:65204 [2404:6800:4005:81e::200a]:443 ESTABLISHED 15832 The process 5664 belongs to Kaspersky. The reason I suspect my computer has been compromised is that while my computer was online and I was not actively using it, I received emails regarding Microsoft login OTP and password change OTP. I am certain that I did not log in to my account on multiple devices, which led me to suspect that my computer was compromised (despite running Kaspersky).

6 Dec 2025 ! No new update ! No fix !

Nice AI-generated text. Can you please repost that in your own words? There are a few inconsistencies. For example, what data was transferred to the unknown IP? Was it taken into account that Kaspersky essentially acts as a proxy? Who claims that the IP belongs to Russia (it is actually located in Frankfurt, Germany)? With further information, it might be possible to make a statement, but not yet.

@Lê Huy Hoàng Weclome. Please reach out to the Kaspersky Technical Support team via https://support.kaspersky.com/b2c

1. Initial Context and Symptoms Infection Vector: Likely initiated by running a cracked tool/software. Symptoms: Received unsolicited Microsoft one-time codes and password reset emails. Security Setup: The affected machine runs Windows 10/11 with Kaspersky running in real-time (no alerts). 2. Technical Findings (Forensics) The following critical findings were discovered not through manual user inspection, but through an AI-assisted diagnostic process: AI-Guided Diagnostics: I used an AI Assistant to analyze suspicious system behavior after initial self-detection failed. The AI guided me through terminal commands (such as netstat -ano and tasklist) to map network connections to running processes. Crucial Discovery (The Compromise): The diagnostic process identified a highly suspicious external connection associated with PID 5752. Mapping PID 5752 confirmed it belongs to the Kaspersky (32 bit) process. The connection was directed to a foreign, non-Kaspersky IP: 81.19.104.253 (in Russia). Conclusion: This provides strong evidence that a Stealer/Trojan malware used Process Injection to hide and operate within the trusted Kaspersky process space, thus neutralizing the protection and exfiltrating data. 3. Damage Assessment and Actions Taken Data Compromise: High risk that the Enpass Master Password and local files have been compromised. Immediate Actions: Network Disconnection: Permanently disconnected the machine from the internet. Emergency Password Change: Changed all critical passwords using a separate, trusted device. Future Plan: Planning a full, clean Windows reinstall. 4. Request to Kaspersky Experts I am seeking the community's and Kaspersky's official guidance on: Confirming the validity of this AI-assisted finding regarding Process Injection into the Kaspersky process. Guidance on how to formally report this sample and the associated C2 IP (81.19.104.253) for analysis by Kaspersky Labs. Any recommended steps for advanced artifact analysis that should be performed before the system is completely wiped.

Arkadaşlar sorunun çözümü yok 10 gündür düzeltemediler global forumda kısacası çözmeye çalışıyoruz dediler tahminimce bu sorun 1 ay sürcek gibime geliyor.

Got the exact same problem. Kaspersky scan can froze for hours and shows warning on the trojan in Samsung Internet app when clicked. I'm surprised it's not been resolved yet. It's really billions of customers affected so it's most likely a false alert and is not corrected in data base. I did re-install the app when got the warning right from Google play store but got the same warning when Kaspersky scanned. I also had the same warning about Trojan in Samsung Wallet few months ago but I don't really use this app so just deleted it. Now I think it also was a false flag. I wonder if somebody at Kaspersky lab doesn't like Samsung 🤔