Jump to content

Recommended Posts

Posted

So I’ve got a Trojan called Trojan.Multi.Accesstr.ash in my PC. I tried to resolve it by ‘Disinfect’ option of processing malware, the process got to 100% and the pc restarted. But the virus was still there. Also is was expecting a report to pop up after the restart, but nothing came. Could it be that i have to run a scan one more time or is it some thing im doing wrong. I know that Kaspersky is not the Anti virus to lose to a trojan.

Posted

Im still not sure what to do. Can you give me instructions?

Posted

@MangoBui 

The recovery recommendations are provided in the link above your Post.

Also , for additional   assistance  please contact Kaspersky Technical Support

→ Contact us → Product help → E-mail → Contact Support
Form
→ Request Type ? → Select "Malware"

→ Contact Support

Igor Kurzin
Posted

Hi @MangoBui , 

Trojan.Multi.Accesstr detection is triggered when Kaspersky products detect that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe.

The trojan.multi.accesstr.ash can be detected in situations when cmd.exe was renamed to C:\Windows\System32\sethc.exe

Please check the following: 
1. Press Win+R to open the Run menu. Paste C:\Windows\System32\sethc.exe and press OK. 
If Command Prompt windows opens, it means there is no actual trojan, there is a cmd.exe file that had been renamed to a sethc.exe. Windows contains accessibility features that may be launched with a key combination before a user has logged in (for example, when the user is on the Windows logon screen). Someone can modify the way these programs are launched to get a command prompt or backdoor without logging in to the system. So the renamed cmd.exe file itself does not contain malicious code, but it is a serious security flaw, that needs to be taken care of. And detecting it as "trojan" is a way to mitigate this security flaw. 

You can simply rename sethc.exe back to cmd.exe or delete it.

  • Like 2

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...