-
Posts
1867 -
Joined
-
Last visited
Everything posted by Wesly.Zhang
-
Hello, You mean this? Regards.
-
Hello, For answer your question, You should do the following step to analyse which svchost.exe (Host Process for Windows Services) do this behavior. When this popup windows display, you should record this process PID. I use Edge browser to explain how to do. For your situation, It should svchost.exe. There are so many svchost.exe, according to the PID, you should find the related svchost.exe, right-click it and select go to service(s). you will find the services name. Please tell us the services name. Regards.
-
Hello, Please check the website certification via the following method such as chromium edge. First, Set the website to the exclusive rule. Second, check the website certification. Third, Check the certification is like me or not, Please feed back the result and tell us what is it from your side. Regards.
-
Is moqs ransomware decryption tool available? [MOVED]
Wesly.Zhang replied to midhoo's topic in Kaspersky Internet Security
Hi @Wesly.Zhang, Please find the sample as the link below : https://drive.google.com/drive/folders/1nfP833vfKxMJyTwTL4HcUV8-87uqfOpO?usp=sharing ._readme is message of attacker and other is .xlsx file that locked by .moqs extension. Hope we can get solution, and also all DJVU ransomeware can destroyed Thanks before Hello, I see this file you have attached in google driver is a infected file ,not ransomware original file (maybe a exe, xls, word file with vba script). Regards. -
Is moqs ransomware decryption tool available? [MOVED]
Wesly.Zhang replied to midhoo's topic in Kaspersky Internet Security
Hello, Do you have the ransomware sample? Regards -
Hello, Do you have a application named “realtek audio console” or “realtek audio control”? what’s the sound card information? Regards.
-
Deacitvate Incompatible Programs/Software Hint [MERGED]
Wesly.Zhang replied to CronoK's topic in Kaspersky Internet Security
I am familiar with the method to bypass this senseless detection, and I do know what you’re talking about, but this is not the point here. And no, it is definitely not my problem. I only ask KL to do two things: (1) Enable users to hide/deactivate such hints. (2) Remove the software updater SUMo from the list of incompatible programs. Anyway, now I know it’s pointless to discuss this matter here. I have opened another support ticket, hoping that KL can do something about it. If not, well, either SUMo or KIS will have to be removed from my computer due to the alledged compatibility issue. And I already know that SUMo will definitely not be the program to be removed. Hello, I think this magic information will suitable for you. One to delete, one to change value If you want to clear some place. I personally think sumo is not a related to Ring0 level application. This program doesn't have a driver file. But The reason for KL listing in the Incompatible Software list is that it may take effect with software updater function. It is only my personally idea. Regards. -
Deacitvate Incompatible Programs/Software Hint [MERGED]
Wesly.Zhang replied to CronoK's topic in Kaspersky Internet Security
I would also give you some “magic information”. We are talking about “Deactivate Incompatible Programs/Software Hint” in this thread. You need to use your eyes to read this thread before replying. Thank you. Hello, I understand very well what this topic discusses. I provide a hint method to solve the “Deactivate Incompatible Programs/Software Hint ”by handle detection rule for it. I tell you the detection rule for “incompatible Programs/Software Hint” related to Malwarebytes. As for the method to bypass the detection, I will not explain the method here. Those who understand will naturally already know how to do it. You don't understand what I mean, that's your problem. Not me. Regards. -
Deacitvate Incompatible Programs/Software Hint [MERGED]
Wesly.Zhang replied to CronoK's topic in Kaspersky Internet Security
Hello, This is not a bug need KL to fix, guy. I give you a magic information. I think you should know what you need to do…… You need to use your brain to solve the problem. Solve the problem in a curve way. Regards. -
Hello, First, This server could not prove that it is e.crackfold.com; its security certificate expired 12 days ago. So KL doesn't make mistake to report certification issue. The browser tell me the same result. But crackfold.com is OK. Does this information related to imap.billhall.net which belong to your email service provider??? billhall.net <----------------> crackfold.com ??? Could you run windows update once to update system root certification first in order to try to update certification and login email services via http://webmail.billhall.net/ , that’s OK without any problem? Second. I think if you can, please notice email manager to handle this problem. They need update its email certification to resolve the problem. Third. As a temporary workaround. You can do two methods, Please choose a method that can solve the problem and set it up. Go to KL product Settings → Network settings → trusted address → add billhall.net. Does it work? if no, go ahead.Set thunderbird.exe to trusted application and set “Do not scan encrypted network traffic”. But please notice this is not a very good method.Regards.
-
Hello, @mantra This folder save system watcher function log file (similar a database file). the behavior of any application will be logged in this file. So this situation will occur. The reason for frequent disk reads and writes is that there are some behaviors in the running applications every moment. Regards.
-
Photoshop plugins not launching with VPN enabled
Wesly.Zhang replied to dags1's topic in Kaspersky VPN Secure Connection
Hello @dags1 Do you know Topaz Impression2 & Luminar AI want to access the website url? If you know you can set a exclusion rule to avoid kaspersky VPN proxy the network traffic in order to occur this issue. Regards. -
Photoshop plugins not launching with VPN enabled
Wesly.Zhang replied to dags1's topic in Kaspersky VPN Secure Connection
Hello, Which location area do you choose in Kaspersky VPN? Please switch location area to your country if it have. Topaz Impression2 & Luminar AI plugs maybe has limit in usage location. Regards. -
Hello, This detection appear very often. After disinfection, this detection will happen again and again… What I know is that there is a program that attempts to expand the memory and write code in the explorer.exe process. In general, This detection is a false positive. such as a Third-party input methods (sougou input methods) or a other AV product or anti-malware tool which operate system memory. If you encounter this issue very often, Please notice above information and close or uninstall application to check. A very inportmant information reply back from KL virus analyst: Is there a file named “svchost.exe” in my document folder. This information has been provided in past two years. But I think you can not find the file in that folder. But you can try, if you find this behavior, please tell me know. Regards.
-
Hello, I think you can delete all files and folders in this folder without any problem. 😉 Regards.
-
Can Kaspersky antivirus protect against Candiru?
Wesly.Zhang replied to Joey_B's topic in Kaspersky Anti-Virus
Hello, Do you mean this Israeli group and its Candiru’s hacking tool ? https://www.justandroid.net/2021/07/16/microsoft-says-israeli-group-created-and-sold-tools-to-hack-windows/ Regards. -
BSOD after installing KIS on windows
Wesly.Zhang replied to Hacharts's topic in Kaspersky Internet Security
Hello, What’s the sha1 hash value of these files in %systemroot%\WINDOWS\System32\drivers ? NETIO.SYS fwpkclnt.sys win32k.sys Regards.