I met a "HEUR: Mauritius - Downloader. The Script. The Generic" Trojan problem, in accordance with the security software prompt to restart the system, and but is invalid.

[robinqb_luo]

I met a "HEUR: Mauritius - Downloader. The Script. The Generic" Trojan problem, in accordance with the security software prompt to restart the system, and but is invalid.

 

I don't shut down this computer for a long time, mainly used to build some simulator experiments. When I returned to the desktop one day, Kaspersky alerted me that I had discovered a Trojan.

It is the name of "HEUR: Mauritius - Downloader. The Script. The Generic", path in "C: \ Windows \ pagefile sys".

I followed the instructions of Kaspersky's security software and restarted the system, but it still told me that the Trojan was still there. I had to reboot the system repeatedly, but it didn't work.

 

Event: A malicious object was detected
User: ROBINQB-LUO\mtlops
User type: Active user
Component: Virus scan
Result: Detected
Result description: Detected
Type: Trojan
Name: HEUR: Mauritius - Downloader. Script. Generic
Precision: Heuristic analysis
Threat level: High
Object type: file
Object name: pagefile.sys
Object path: C:\Windows
MD5: 51EB291E5FB292A88A1FD158C49D920D
Reason: Expert analysis
Database release date: Today, 2024/7/12 10:59:00

[robinqb_luo]

The content of the original theme has a typo, updated to:

 

事件: 检测到恶意对象
用户: ROBINQB-LUO\mtlops
用户类型: 活动用户
组件: 病毒扫描
结果: 检测到
结果说明: 检测到
类型: 木马
名称: HEUR:Trojan-Downloader.Script.Generic
精确度: 启发式分析
威胁级别: 高
对象类型: 文件
对象名称: pagefile.sys
对象路径: C:\Windows
MD5: 51EB291E5FB292A88A1FD158C49D920D
原因: 专家分析
数据库发布日期: 今天，2024/7/12 10:59:00

[harlan4096]

Welcome to Kaspersky Community.

 

Can You provide the version of KAV installed?

 

Hum very suspicious since pagefile.sys usually in the root of the drive C :, but not in folder C:\Windows 🤔

[robinqb_luo]

4 hours ago, harlan4096 said:

Welcome to Kaspersky Community.

 

Can You provide the version of KAV installed?

 

Hum very suspicious since pagefile.sys usually in the root of the drive C :, but not in folder C:\Windows 🤔

Hi,Bro

Application version: 21.3.10.391 (1)

The database is the latest version.

I can't search for this file under C:\Windows either and I'm very confused about it...😩

[Flood and Flood's wife]

24 minutes ago, robinqb_luo said:

Application version: 21.3.10.391 (1) The database is the latest version.

1. I can't search for this file under C:\Windows either and I'm very confused about it...😩

 

 

Hello @robinqb_luo, 

Thank you for the information!

1. Show hidden items - read: enable access to hidden folders in Windows

Thank you🙏
Flood🐳+🐋

[robinqb_luo]

17 minutes ago, Flood and Flood's wife said:

Hello @robinqb_luo, 

Thank you for the information!

1. Show hidden items - read: enable access to hidden folders in Windows

Thank you🙏
Flood🐳+🐋

Unfortunately, the "pagefile.sys" file still cannot be found. I have "hidden folder" unhidden.😩

 

 

[harlan4096]

Enable also to unhide system files and folders...

[robinqb_luo]

3 minutes ago, harlan4096 said:

Enable also to unhide system files and folders...

I seem to have found this "pagefile.sys" file under "quarantine", can I restore the security after deleting it in Kaspersky?

 

 

[harlan4096]

Then click on Ignore in detection warning.

[robinqb_luo]

3 minutes ago, harlan4096 said:

Then click on Ignore in detection warning.

That seems to have solved the problem, as Kaspersky stopped alerting me to the existence of the Trojan.

The first time I encountered the Trojan threat, I looked bewildered.😂

Thank you very much for your patient help, thank you!🤩

[harlan4096]

I'm not sure if in your country region new product line version 21.17 is already available, if so, You should migrate to it, Your KAV license would activate the new K. Standard.