MangoBui Posted March 12 Author Share Posted March 12 So I’ve got a Trojan called Trojan.Multi.Accesstr.ash in my PC. I tried to resolve it by ‘Disinfect’ option of processing malware, the process got to 100% and the pc restarted. But the virus was still there. Also is was expecting a report to pop up after the restart, but nothing came. Could it be that i have to run a scan one more time or is it some thing im doing wrong. I know that Kaspersky is not the Anti virus to lose to a trojan. Link to comment Share on other sites More sharing options...
Berny Posted March 12 Share Posted March 12 @MangoBui Welcome.Please see this Kaspersky Support article https://support.kaspersky.com/viruses/protection/15387 Link to comment Share on other sites More sharing options...
MangoBui Posted March 13 Author Share Posted March 13 Im still not sure what to do. Can you give me instructions? Link to comment Share on other sites More sharing options...
Berny Posted March 13 Share Posted March 13 @MangoBui The recovery recommendations are provided in the link above your Post.Also , for additional assistance please contact Kaspersky Technical Support→ https://support.kaspersky.com/b2c#contacts→ Contact us → Product help → E-mail → Contact SupportForm→ Request Type ? → Select "Malware"→ Contact Support Link to comment Share on other sites More sharing options...
Igor Kurzin Posted March 17 Share Posted March 17 Hi @MangoBui , Trojan.Multi.Accesstr detection is triggered when Kaspersky products detect that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe.The trojan.multi.accesstr.ash can be detected in situations when cmd.exe was renamed to C:\Windows\System32\sethc.exePlease check the following: 1. Press Win+R to open the Run menu. Paste C:\Windows\System32\sethc.exe and press OK. If Command Prompt windows opens, it means there is no actual trojan, there is a cmd.exe file that had been renamed to a sethc.exe. Windows contains accessibility features that may be launched with a key combination before a user has logged in (for example, when the user is on the Windows logon screen). Someone can modify the way these programs are launched to get a command prompt or backdoor without logging in to the system. So the renamed cmd.exe file itself does not contain malicious code, but it is a serious security flaw, that needs to be taken care of. And detecting it as "trojan" is a way to mitigate this security flaw. You can simply rename sethc.exe back to cmd.exe or delete it. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now