how to remove "Trojan.Multi.Accesstr.ash? [merged]

[Cary]

Small Office Security can detect Trojan.Multi.Accesstr.ash, but it can't disinfect it. It can't show where it is located to manually erase it. I've tried Symantec, Avast, Malwarebytes, Bitedefender, and ZoneAlarm. Some programs can locate it, but like Kaspersky, they can't remove it. How do I find and/or remove this trojan? Thank you

[hk852]

anyone have idea how to remove "Trojan.Multi.Accesstr.ash? as Kaspersky cannot disinfect it. Thanks,

[hk852]

I have the same issue & looking for solution as well as Kaspersky cannot disinfect it but keep alerting this.

[Flood and Flood's wife]

anyone have idea how to remove "Trojan.Multi.Accesstr.ash? as Kaspersky cannot disinfect it.

Hello hk852 , Welcome! (It helps us, help you, if system, software, hardware and detailed issue information are provided), however, you could try Kaspersky Virus Removal Tool Please check: (a) System requirements for Kaspersky Virus Removal Tool If your system meets the requirements, please use KVRT according to documented instructions: KVRT library (My recommendation, providing (a), is met) (1) Download KVRT (2) Start system in SafeMode. (3) Start KVRT, check all 4 "Objects to scan" options

1. If objects are detected, action as per documented instructions.

(4) Shutdown device, using full shutdown method. (5) Restart system in SafeMode. (6) Run KVRT again - to CHECK the system is clean.

1. IF system is clean, shutdown device, using full shutdown method.

(7) Restart system in NormalMode. (8)Make sure KAV is active (9) Run manual KAV Fullscan

1. IF system is clean, good:clap_tone3:
2. IF problem persists, please post back., with the following information:

(10) Operating system full name? version? build? (11) KAV, free or licensed? version? patch(x) x=letter (12) Detailed history of issue, include screen shots and KAV REPORTS, showing events that identify the issue, upload the report, as a text file, using the upload icon, in your reply. Thanks Note1: Please don't upload any contaminated files or urls. Note2: KVRT does not provide RealTime protection Note3 : Kaspersky free software has (config) limitations, advertising & no Technical Support. If we know this, we ensure we never waste your time, advising you, for example: "contact Technical Support".

[hk852]

Thanks FLOOD & will come back to you with the result.:thumbsup_tone2:

[Flood and Flood's wife]

I have the same issue & looking for solution as well as Kaspersky cannot disinfect it but keep alerting this.

Hello hk852 Welcome! (again:wink:).

1. Is this KSOC #post16864, a duplicate of your other post, https://community.kaspersky.com/kaspersky-anti-virus-12/how-to-remove-trojan-multi-accesstr-ash-3185#post16881?

IF "yes", we'll ask the Moderators to remove your "reply", here, as KAV/#post16881, is answered comprehensively, this one will be redundant. Please let us know? Many thanks:pray_tone3:

[hk852]

yes please, thanks!

[hlhart]

I have done this multiple times. The instructions after the first scan day to cure and reboot. When it reboots it detects it again and does the same thing. It is an endless loop. My customer who just bought a 3 year 10 user license is getting upset because it cannot remove this.

[Schulte]

Hi hlhart, welcome to the new forum. This verdict indicates that for example the original 'utilman.exe' has been replaced by the 'cmd.exe' (and was renamed). This is often used by administrators to reset lost passwords. If KES cannot find a backup of the file, it cannot solve the problem. Please check this manually.

[Friend]

Hi, @hk852, @hlhart ,
Malware of the Trojan.Multi.Accesstr family replaces Windows service files with cmd.exe or powershell.exe. This can be used for gaining unauthorized access to the system.

Recovery recommendations:

After detecting the threat, Kaspersky applications will try to find backup copies of corrupted files and restore them.

If it is impossible to find a backup copy or restore a corrupted file, run the tool for scanning system files:  sfc /scannow. For instructions, see the Microsoft support site.

If the issue persists, try to manually replace the file from the list below with a good copy of the file. You can copy the file from another computer running the same version of Windows, a Windows folder in the network environment, or a removable drive, e.g. a DVD drive with Windows.

More information in the article. https://support.kaspersky.com/viruses/protection/15387#block1

Also try cleaning your antivirus reports and performing a full scan of your computer.

 

[Friend]

​ Hi, @hk852, @Cary 
Malware of the Trojan.Multi.Accesstr family replaces Windows service files with cmd.exe or powershell.exe. This can be used for gaining unauthorized access to the system.

Recovery recommendations:

After detecting the threat, Kaspersky applications will try to find backup copies of corrupted files and restore them.

If it is impossible to find a backup copy or restore a corrupted file, run the tool for scanning system files:  sfc /scannow. For instructions, see the Microsoft support site.

If the issue persists, try to manually replace the file from the list below with a good copy of the file. You can copy the file from another computer running the same version of Windows, a Windows folder in the network environment, or a removable drive, e.g. a DVD drive with Windows.

More information in the article. https://support.kaspersky.com/viruses/protection/15387#block1

Also try cleaning your antivirus reports and performing a full scan of your computer. https://support.kaspersky.com/15097#block1

 

​

[Wesly.Zhang]

Hello,

Could you provide a avz report to here or pm to me?

http://www.z-oleg.com/secur/avz_doc_en/