Tudor

June 26

Thank you, that is great info!

June 25

@Xzz123

Yes, this is how it went:

I have seen the first detection and I didn't think much of it, prompted a disinfection and that's that.

I reported the issue to Kaspersky and the fact that my SSD was running hotter than normal. They sent me KVRT on mail and told me to do a scan (this was a week later from the first detection) and it got another detection, a different executable this time. That's where I began to be worried, did a clean reinstall of Windows only to find other suspicious files and here we are today trying to figure out what to do next.

June 24

The only file that I can access even with these settings is the Google Chrome Installer, I can send it to you if you want. The RogueKiller app is part of the RogueKiller antivirus.

I will add a screenshot with what appears when I try to follow the path of one of the files that appeared before the clean up.

Xzz123

I will attach here the first detection I got from Kaspersky. And the error I got afterwards. Tell me your thoughts.

June 24

Followed the steps you required. After cleaning up Intrusion Prevention only the Google Chrome Installer remained with a low popularity score.

The thing is with these files that I cannot delete them manually, because when I try to follow the path, the folder they are in doesn't appear (I have show hidden files turned on, and tried running File Explorer as admin and other solutions I found online). When I right click on them in Kaspersky and select open folder location it just opens up to the "This PC" section. When I check their history in the Kaspersky app each has been run about 2 times, some more.

I already had AdwCleaner installed but forgot to mention it.

I added images with the txt file from AdwCleaner, because it did not allow me to attach it to this reply, and one with the Intrusion Prevention page after the clean up.

If you think I should do further scans or anything else please let me know, I am very committed to get rid of this, and make sure everything is fine.

June 23

At the end I meant to say: “I tried to install Google Chrome twice”*

Edit: Also in the meanwhile more executables appeared in the list after I uninstalled Google Chrome. I will disconnect my laptop from the internet for the moment. Waiting for your response 👍🏻

June 23

My Windows 10 laptop got recently infected with Malware. For the past year I had Kaspersky Premium on it, and at the beginning of this month (June 2024) it flagged a program as "AdWare". I thought that was it, but after using KVRT, as someone from Kaspersky instructed me on email -> it found another executable. This was a big problem because I used my laptop in the meanwhile as I thought Kaspersky removed the threat.

I saved all my data and reinstalled Windows from scratch only to find my laptop infected again as I used this time multiple tools to scan it, such as: Norton Power Eraser, KVRT, MalwareBytes, HitmanPro, and RogueKiller from Adlice Software. I think I removed all the Malware by using these and other command (sfc /scannow, chkdsk,etc), but now unfortunately as I tried to install Google Chrome these executables appeared in Kaspersky's Intrusion prevention (it scared me because it is similar to the behavior I observed after I found Malware the second time, before reinstalling Windows). Is this all right, is it normal for these programs to appear in Intrusion Prevention after installing Chrome, or is this still unusual behavior?

During this whole process I corresponded with a Kaspersky official on Mail, but they responded in around 4 days for each message which is a lot considering the situation I am in.

*The screenshots with Kaspersky - Intrusion Prevention in dark mode are from before reinstalling Windows and there were over 100 of these type of files.

I will put screenshots below with the current situation in Intrusion Prevention, as well as a few of the results I got from scans after reinstalling Windows. The file appear twice because I tried to install Intrusion Prevention twice.