Jump to content

Disinfection not working.

Recommended Posts

So I’ve got a Trojan called Trojan.Multi.Accesstr.ash in my PC. I tried to resolve it by ‘Disinfect’ option of processing malware, the process got to 100% and the pc restarted. But the virus was still there. Also is was expecting a report to pop up after the restart, but nothing came. Could it be that i have to run a scan one more time or is it some thing im doing wrong. I know that Kaspersky is not the Anti virus to lose to a trojan.

Link to comment
Share on other sites

Hi @MangoBui , 

Trojan.Multi.Accesstr detection is triggered when Kaspersky products detect that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe.

The trojan.multi.accesstr.ash can be detected in situations when cmd.exe was renamed to C:\Windows\System32\sethc.exe

Please check the following: 
1. Press Win+R to open the Run menu. Paste C:\Windows\System32\sethc.exe and press OK. 
If Command Prompt windows opens, it means there is no actual trojan, there is a cmd.exe file that had been renamed to a sethc.exe. Windows contains accessibility features that may be launched with a key combination before a user has logged in (for example, when the user is on the Windows logon screen). Someone can modify the way these programs are launched to get a command prompt or backdoor without logging in to the system. So the renamed cmd.exe file itself does not contain malicious code, but it is a serious security flaw, that needs to be taken care of. And detecting it as "trojan" is a way to mitigate this security flaw. 

You can simply rename sethc.exe back to cmd.exe or delete it.

  • Like 2
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.