[KIS 2020 was not able to stop a malware attack]

Hi

It finished scanning the SSD and it found the virus.

 

Here is the txt report :(

 

25.06.2020 22.33.33    External Device Scan    Task started    Removable drive: E:\    Time: Yesterday, 6/25/2020 10:33 PM
26.06.2020 09.42.50    External Device Scan    Task completed    Removable drive: E:\    Completion time: Today, 6/26/2020 9:42 AM
26.06.2020 09.42.50    Detected object (file) deleted    E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    File: E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    Object name: Trojan.Multi.GenAutorunTaskFile.a
26.06.2020 09.42.50    Detected object (file) moved to Quarantine    E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    File: E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    Object name: Trojan.Multi.GenAutorunTaskFile.a
26.06.2020 09.42.49    Detected object (file) deleted    E:\Windows\System32\winscomrssrv.dll    File: E:\Windows\System32\winscomrssrv.dll    Object name: HEUR:Backdoor.Win64.Agent.gen
26.06.2020 09.42.49    Detected object (file) moved to Quarantine    E:\Windows\System32\winscomrssrv.dll    File: E:\Windows\System32\winscomrssrv.dll    Object name: HEUR:Backdoor.Win64.Agent.gen
26.06.2020 09.42.48    Detected object (file) deleted    E:\Windows\System32\winrmsrv.exe    File: E:\Windows\System32\winrmsrv.exe    Object name: UDS:DangerousObject.Multi.Generic
26.06.2020 09.42.48    Detected object (file) moved to Quarantine    E:\Windows\System32\winrmsrv.exe    File: E:\Windows\System32\winrmsrv.exe    Object name: UDS:DangerousObject.Multi.Generic
26.06.2020 09.42.47    Object (file) not processed    E:\Windows\System32\winrmsrv.exe    File: E:\Windows\System32\winrmsrv.exe    Object name: not-a-virus:HEUR:RiskTool.Win32.Generic    Reason: Allowed by user
26.06.2020 09.42.46    Detected object (file) deleted    E:\Windows\System32\winlogui.exe    File: E:\Windows\System32\winlogui.exe    Object name: HEUR:Trojan.Win32.Miner.gen
26.06.2020 09.42.46    Detected object (file) moved to Quarantine    E:\Windows\System32\winlogui.exe    File: E:\Windows\System32\winlogui.exe    Object name: HEUR:Trojan.Win32.Miner.gen
26.06.2020 09.42.43    Detected object (file) deleted    E:\Windows\System32\StartupCheckLibrary.dll    File: E:\Windows\System32\StartupCheckLibrary.dll    Object name: HEUR:Backdoor.Win64.Agent.gen
26.06.2020 09.42.43    Detected object (file) moved to Quarantine    E:\Windows\System32\StartupCheckLibrary.dll    File: E:\Windows\System32\StartupCheckLibrary.dll    Object name: HEUR:Backdoor.Win64.Agent.gen
26.06.2020 09.32.59    Object (file) not processed    E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    File: E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    Object name: Trojan.Multi.GenAutorunTaskFile.a    Reason: Postponed
26.06.2020 09.32.59    Object (file) detected    E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    File: E:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui    Object name: Trojan.Multi.GenAutorunTaskFile.a
26.06.2020 09.30.17    Object (file) not processed    E:\Windows\System32\winscomrssrv.dll    File: E:\Windows\System32\winscomrssrv.dll    Object name: HEUR:Backdoor.Win64.Agent.gen    Reason: Postponed
26.06.2020 09.30.17    Object (file) detected    E:\Windows\System32\winscomrssrv.dll    File: E:\Windows\System32\winscomrssrv.dll    Object name: HEUR:Backdoor.Win64.Agent.gen
26.06.2020 09.30.17    Object (file) not processed    E:\Windows\System32\winrmsrv.exe    File: E:\Windows\System32\winrmsrv.exe    Object name: UDS:DangerousObject.Multi.Generic    Reason: Postponed
26.06.2020 09.30.17    Object (file) not processed    E:\Windows\System32\winrmsrv.exe    File: E:\Windows\System32\winrmsrv.exe    Object name: not-a-virus:HEUR:RiskTool.Win32.Generic    Reason: Postponed
26.06.2020 09.30.17    Object (file) detected    E:\Windows\System32\winrmsrv.exe    File: E:\Windows\System32\winrmsrv.exe    Object name: not-a-virus:HEUR:RiskTool.Win32.Generic
26.06.2020 09.30.16    Object (file) not processed    E:\Windows\System32\winlogui.exe    File: E:\Windows\System32\winlogui.exe    Object name: HEUR:Trojan.Win32.Miner.gen    Reason: Postponed
26.06.2020 09.30.16    Object (file) detected    E:\Windows\System32\winlogui.exe    File: E:\Windows\System32\winlogui.exe    Object name: HEUR:Trojan.Win32.Miner.gen
26.06.2020 09.29.49    Object (file) not processed    E:\Windows\System32\StartupCheckLibrary.dll    File: E:\Windows\System32\StartupCheckLibrary.dll    Object name: HEUR:Backdoor.Win64.Agent.gen    Reason: Postponed
26.06.2020 09.29.49    Object (file) detected    E:\Windows\System32\StartupCheckLibrary.dll    File: E:\Windows\System32\StartupCheckLibrary.dll    Object name: HEUR:Backdoor.Win64.Agent.gen

 

[KIS 2020 was not able to stop a malware attack]

Interesting that I just found this out recently that my KTS suddenly wasn’t working anymore and same as my Windows Defender.  I also notice when when I go Windows Security its EMPTY!  Same issue when I try to restart KTS it says that it can’t be found.

I tried to reinstall KTS and nothing happens, tried quickly another AV quickly but a free check, couldn’t find it. 

Been using Kaspersky for maybe 10yrs I think, never failed me. 

 

I am not sure how long was my laptop infected.  Took out the SSD and is will be scanned by another laptop with KTS, we’ll see if it will find it.