Nadia C. Posted Tuesday at 07:03 AM Posted Tuesday at 07:03 AM So in my effort to track down the source of a specific HEUR.Trojan.Python.OSPack.gen, I have made a few pastebins and posted a topic about it. I have no idea why Kaspersky is excelling blocking my own topic/resolution attempts, whilst it is incapable of preventing the actual Trojan from being downloaded to my PC? Please advise on how to address Kaspersky's blocking of my own threads so I can actually seek out a solution.
Berny Posted Tuesday at 04:48 PM Posted Tuesday at 04:48 PM @Nadia C. Hi, Your Topic 53558 containing ' #comment-200883 ' has been closed on your demand : Quote " Hi, I would like to request a closure of this topic as well as the other one with identical title " I can't reproduce your issue on your closed ' #comment-200883 ' with Kaspersky Premium 21.20 🤔 Also, you can always submit blocked scripts in a protected ZIP to Kaspersky Technical Support.
Nadia C. Posted Tuesday at 08:44 PM Author Posted Tuesday at 08:44 PM 3 hours ago, Berny said: @Nadia C. Hi, Your Topic 53558 containing ' #comment-200883 ' has been closed on your demand : I can't reproduce your issue on your closed ' #comment-200883 ' with Kaspersky Premium 21.20 🤔 Also, you can always submit blocked scripts in a protected ZIP to Kaspersky Technical Support. I just tried zipping up the script for submission to bleepingcomputer and got blocked again. This is extremely problematic as I am attempting to submit the script at the request of dennis_l over on that side.
Berny Posted Tuesday at 09:35 PM Posted Tuesday at 09:35 PM @Nadia C. Kaspersky doesn’t open password protected ZIP files. Please feel free to share your ‘ Trojan (False Update Script) contents.txt ‘ link on Google Drive with Kaspersky Technical Support.
Nadia C. Posted Tuesday at 10:37 PM Author Posted Tuesday at 10:37 PM Ok, I was able to upload it by password protecting it. Sorry about that, I didn't fully parse your message earlier. (it went right past my that password protection that would make it able to be uploaded) Regardless, where can I share this with Kaspersky Technical Support? 1
Berny Posted Tuesday at 10:46 PM Posted Tuesday at 10:46 PM @Nadia C. No sorry , you are welcome. Kaspersky Technical Support is available here : https://support.kaspersky.com/b2c/#contacts Please provide the ZIP password in your ticket to K Tech Support, Kaspersky Virus Lab will investigate your issue.
Nadia C. Posted 17 hours ago Author Posted 17 hours ago (edited) 8 hours ago, Berny said: @Nadia C. No sorry , you are welcome. Kaspersky Technical Support is available here : https://support.kaspersky.com/b2c/#contacts Please provide the ZIP password in your ticket to K Tech Support, Kaspersky Virus Lab will investigate your issue. I understand. I am currently still awaiting dennis_l's response over on BleepingComputer, so I will take a defensive approach for the time being. From what I understand: - The program steals all the data from the Chrome database (cookies, passwords, etc.) - It steals secrets files from a large list of file types, targeting ones like .env - It logs keystrokes - Uses anydesk to remote control the machine (indicators showing that in error messages) I have disconnected the device from an electrical source. In the meantime, given these offensive intrusion vectors, what else can I do to prepare or protect myself while awaiting dennis_l's response on Bleepingcomputer? Edited 17 hours ago by Nadia C. update information
harlan4096 Posted 17 hours ago Posted 17 hours ago Can You compress the malware with password "infected" (without "), upload it to a cloud services, and sent me the link to download via personal message, thanks! 1
harlan4096 Posted 17 hours ago Posted 17 hours ago Anyway, I download the content from Your post (link in Google Drie) in Bleeping, and it seems Kaspersky already detectes it: 1
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now