whwhwh

Hi Flood and Igor, Based on the user controls set, An administrator user is able to manipulate the tempio folder which is what i did by running cmd as administrator and deleting the files via cmd. Igor might be right. I’ve reinstalled the KSC AV and did a scan again. I made sure that the tempio folder is empty before scanning. This time, they found multiple powershell scripts in a zipped folder that i forgot existed. After scanning, the powershell scripts appeared in tempio folder which im guessing is stored as a backup. Thank you all for the help!

Hi Flood and Igor, Thank you for the assistance. The weird thing is the Kaspersky security cloud AV did not flag the malicious script during a scan I did initially with KSC. After the scan, I used the KSC to update my software (OpenVPN, iTunes, TeamViewer etc.) and that's when AVG alerted me of the malicious scripts in KasperSky Lab tempio folder so I thought that the KSC AV might have something to do with it. Also, after removing the malicious scripts, I did multiple rounds of scans with KSC AV, AVG and Windows defender. So far, there are no malware detected so I’m not sure where this script came from.

Hi Igor, I’ve since accessed the tempio directory as administrator and deleted the powershell scripts. It looked exactly like the link here - https://…./Invoke-PSInject.ps1. (Moderator: edited the url) I’ve scanned the script with virustotal as well - https://www.virustotal.com/gui/file/2c416a3571cf4c98bc430372ff1422803bab89a27527000bc25efb4ac7321509

Hi Igor, Thanks for the information. Just wondering if the KasperSky AV could be using this powershell script anywhere else or its because my computer was infected? Because they were detected by AVG after i’ve installed and used the Kaspersky Security Cloud.

Hi Flood, Here are the info: OS: Windows 10 21H1 19043.1288 I downloaded Kaspersky Security Cloud Free but upgraded to Premium for 1 month trial a few hours ago (https://www.kaspersky.com/downloads/thank-you/free-antivirus-download). Thank you!

I was using the update feature of the Kaspersky Cloud AV to update the software in my computer and found that inside the folder KasperskyLab/Temp/tempio, there exists several PSInject.ps1 scripts (https://github.com/EmpireProject/PSInject). May I know if this is intended and what is the use?