Jump to content

Disinfection not working.

Recommended Posts

So I’ve got a Trojan called Trojan.Multi.Accesstr.ash in my PC. I tried to resolve it by ‘Disinfect’ option of processing malware, the process got to 100% and the pc restarted. But the virus was still there. Also is was expecting a report to pop up after the restart, but nothing came. Could it be that i have to run a scan one more time or is it some thing im doing wrong. I know that Kaspersky is not the Anti virus to lose to a trojan.

Link to comment
Share on other sites

Hi @MangoBui , 

Trojan.Multi.Accesstr detection is triggered when Kaspersky products detect that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe.

The trojan.multi.accesstr.ash can be detected in situations when cmd.exe was renamed to C:\Windows\System32\sethc.exe

Please check the following: 
1. Press Win+R to open the Run menu. Paste C:\Windows\System32\sethc.exe and press OK. 
If Command Prompt windows opens, it means there is no actual trojan, there is a cmd.exe file that had been renamed to a sethc.exe. Windows contains accessibility features that may be launched with a key combination before a user has logged in (for example, when the user is on the Windows logon screen). Someone can modify the way these programs are launched to get a command prompt or backdoor without logging in to the system. So the renamed cmd.exe file itself does not contain malicious code, but it is a serious security flaw, that needs to be taken care of. And detecting it as "trojan" is a way to mitigate this security flaw. 

You can simply rename sethc.exe back to cmd.exe or delete it.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...