Jump to content

HEUR:Trojan.Win32.Miner.gen detected, winlogui.exe


Mirza98
Go to solution Solved by Flood and Flood's wife,

Recommended Posts

So i ran a scan and it shows HEUR:Trojan.Win32.Miner.gen detected,

Im a bit paranoid to do anything that's why I ask here first

Link to comment
Share on other sites

Flood and Flood's wife

 Hello @Mirza98,

Welcome!

  1. For  winlogui.exe - “HEUR:Trojan.Win32.Miner.gen”, select Resolve, allow KTS to action, at the completion, shutdown the computer, restart, login, run a Full Scan, recheck if KTS detects again? Let us know the outcome?
  2. Regarding the wimrmsrv.exe detection, do you need help with that as well? 

Please let us know?

Thank you🙏

Flood🐳

Link to comment
Share on other sites

 Hello @Mirza98,

Welcome!

  1. For  winlogui.exe - “HEUR:Trojan.Win32.Miner.gen”, select Resolve, allow KTS to action, at the completion, shutdown the computer, restart, login, run a Full Scan, recheck if KTS detects again? Let us know the outcome?
  2. Regarding the wimrmsrv.exe detection, do you need help with that as well? 

Please let us know?

Thank you🙏

Flood🐳

Yes there is wimrmsrv.exe detection as well

Link to comment
Share on other sites

Flood and Flood's wife

Hello @Mirza98,

You’re most welcome☺ !

  • You’ve done excellent work👏

Thank you for letting us know👌

Flood🐳

Link to comment
Share on other sites

  • 3 weeks later...

Hello there,

I have come across the same issue but when I click resolve it sits at 99% and nothing happens. I have restarted my computer a few times and its still there. I have successfully resolved other issues but there are three that wont go away and Heur:Trojan.Win32.Miner.gen is one of them.

Any suggestions?

 

 

Link to comment
Share on other sites

Flood and Flood's wife

Hello @KattM8 
Welcome!

  • When Resolve is selected does a popup display - with options to take on the detected objects and does another popup display, requesting permission be granted, to run the process?
  • Do the detected files actually still exist in the location paths specified in the Report?
  • Has the Trojan been quarantined?

Also, please follow this process:

1 Create a System Restore Point. 
2Export Kaspersky Security Cloud Settings - see video

Link


2🅰Restore Kaspersky Security Cloud to Default settings - see same video🙂
2🅱 Note, atm, do not Import Kaspersky Security Cloud settings, that will be done later on. 
3 Run the Windows in SafeMode.
4 Delete everything in each of the following Temp folders:

  • C:\Windows\Temp
  • C:\Users\YOURNAME\AppData\Local\Temp

5 Return to Normal Mode.
6 Export all browser Bookmarks.
7Reset all browsers to default
8 Exit all browsers and all applications other than Kaspersky Security Cloud.
9 Run a manual Kaspersky Security Cloud Database update - allow it to complete
10 Run a manual Kaspersky Security Cloud Full scan - allow it to complete. 
11 Recheck original issue:

  • Fixed👏 , please let us know? 
  • Not fixed😥 , please let us know? 

12 Import Kaspersky Security Cloud Settings.

Thank you🙏

Flood🐳

Additional resource:

@richbuff’s topic: Notification of Detection, file or website detected.

Link to comment
Share on other sites

Hello there @FLOOD.

I believe I have SOLVED the issue. Yes the popup that was saying delete and disinfect had popped up many times and I had clicked it but with no luck it would not be able to delete it. I had full scanned my PC a few times and everytime I had it would still be there.

I did end up solving this problem with a little extra help from another additional 2 Anti-Viruses. 
I have run full PC scans with all 3 Anti-Viruses and it no longer seems to appear. 

I did come to find through the other Anti-Viruses that they had picked up a couple other things that was not detected on this. I believe they were minor but for the safety for all, this may need to be looked into. 

This was a very good Anti-Virus software though and solved many other problems.

(Also why does the scan pause when full screen in Youtube?)

Thank you for your help @FLOOD 

Link to comment
Share on other sites

Flood and Flood's wife

Hello @KattM8

You’re most welcome☺ !

  • Thank you for letting us know you’ve resolved the issue and the steps taken to get there👌
  • We’re delighted the issue is resolved🤸
  • Re “other AV’s picked up a couple other things, not detected by KTS, minor but believe this may need to be looked into”, without knowing what was picked up, it’s not possible to advise, if you’d be kind enough to provide the report data/detections please, we’re more than happy to look into your findings. 
  • Re  “scan pause/full screen youtube” is it every scan: Full, Quick, Selective, Vulnerability?

Please let us know?

Thank you🙏

Flood🐳

Link to comment
Share on other sites

Flood and Flood's wife

Hello @KattM8

Additional, to test, I ran a Full Scan & watched a 2 Youtube videos in full screen mode, no pause in the scan

  • May we have more information, KTS Scan reports & images of the issue please? 

Please post back?

Thank you🙏

Flood🐳

Link to comment
Share on other sites

Hello @FLOOD.

I would be more then happy to send you the reports from the other Anti-Virus (Malwarebytes), however I had to temporarily delete it because it was interfering with the settings of the other Anti-Virus (Avast) and I had not made an account so the History is Gone. 

With the Pausing issue on Fullscreen I had only done full scans so I am unaware if it would have done it on the other scans as well.

Sorry I am unable to be anymore helpful. 
Feel free to ask anymore questions if you wish.

KattM8

 

 

Link to comment
Share on other sites

Flood and Flood's wife

Hello @KattM8,

Thank you for replying and the extra information👌

  • The report we wished to see was from installed Kaspersky software.
  • Note: both MBAM & Avast are on the Kaspersky software conflict list, has a software compatibility check ever been run? 

Please post back?

Thank you🙏

Flood🐳

Link to comment
Share on other sites

  • 1 month later...
nazmunsadat

I used to be a former user of Kaspersky products. I am aware that this forum is probably no longer intended for me, but I still want to share my experience in the hopes it will be useful to everyone in this thread.

 

Recently I switched to Bit Defender Free Antivirus. However, yesterday I found that something deleted Bit Defender, although the shortcuts in Start Menu, and the entries in Apps in settings were still there. Opening the shortcut location, I found almost the entire content of Bit Defender's install directory is empty.

 

At first I thought this was a faulty update. However, just to make sure, I opened Windows Security just to check why it didn't notify me that something was wrong. To my utter surprise, Windows Security was blank and none of its functions are working properly.

It also told me that my Windows FireWall settings were not safe, but wouldn't let me fix it from the app itself. 

I also noticed that I couldn't update my Windows 10, it gave me a error (0x80070002). By this time I was fairly certain that my PC was infected, so I installed Avast Free Antivirus.

Avast then detected the following:

winscomrssrv.dll,C:\Windows\System32  Win64:Trojan-gen

winrmsrv.dll,C:\Windows\System32  Win64:Trojan-gen

wslogony82.dat,C:\Windows\System32, Win32:Miner-DM [Trj] 

pagefile.sys, G:, Win64:Trojan-gen

After this, a scan by Malwarebytes gave these results:

Registry changes:

PUM.Optional.DisabledSecurityCenter

Trojan.Agent, file, System32\Tasks\Microsoft\Windows\Application Experience\STARTUPCHECKLIBRARY

Trojan.Agent, file, System32\Tasks\Microsoft\Windows\Wininet\Winlogui

Trojan.FakeMS.TskLnk, file, C:\Windows\System32\STARTUPCHECKLIBRARY. DLL

And a ton of registry changes. 

These files were quarantined, and registry changes fixed by Malwarebytes. Subsequent scans by Malwarebytes and Avast (including one boot scan) found no viruses so it seems my PC is safe for the time being.

But my Windows Updates and Windows Defender were both non-functional even after the removal of the viruses above. Eventually I managed to fix Updates by following the instructions from this link: shorturl.at/fgij2

But Windows Defender still isn't working and that's where I am at right now. 

Hope this helps. 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...