I scanned a file that appeard suspicious and Kaspesky couldnt disinfect it.

[Veerain]

Hello 

I am using kts on my windows 10 home

 

and kaspersky Kts version 21.3.10.391 (i)

Just recently I downloaded a file from mega (was a setup file for some programm that I needed  (had the name setup.exe)) and  I have a habbit of scanning the exe file which I download so as always I scanned them with Kaspersky before opening them(running the exe files)) So i ran the scan and voila! it was indeed malicious.

it said after the scan:

here is the scan report

Spoiler

Today, 05-07-2022 20:20:26        Task completed    Task completed                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:20:26        Task completed    Task completed                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:20:26    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Deleted    Object deleted    HEUR:Trojan.MSIL.Fileless.gen        File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Deleted    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:20:26    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Detected    Malicious object detected    UDS:Trojan.MSIL.Fileless.gen    Cloud Protection    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Detected    Trojan    High    Exactly    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:19:37    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Backup copy created    A backup copy of the object was created    HEUR:Trojan.MSIL.Fileless.gen        File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Backup copy created    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:17:27    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Not processed    Disinfection not possible    UDS:DangerousObject.Multi.Generic    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Not processed        High    Exactly    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:16:51    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe\chrome.exe    Not processed    Disinfection not possible    HEUR:Trojan.MSIL.Fileless.gen    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe//    chrome.exe    Not processed    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:16:51    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Not processed    Disinfection not possible    UDS:DangerousObject.Multi.Generic    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Not processed        High    Exactly    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:15:53    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe\chrome.exe    Not processed    Disinfection not possible    HEUR:Trojan.MSIL.Fileless.gen    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe//    chrome.exe    Not processed    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:14:52    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Not processed    Disinfection not possible    UDS:DangerousObject.Multi.Generic    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Not processed        High    Exactly    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:14:52    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe    Detected    Malicious object detected    UDS:DangerousObject.Multi.Generic    Cloud Protection    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)    setup.exe    Detected        High    Exactly    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:14:11    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe\chrome.exe    Not processed    Disinfection not possible    HEUR:Trojan.MSIL.Fileless.gen    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe//    chrome.exe    Not processed    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:14:11    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe\chrome.exe    Detected    Malicious object detected    HEUR:Trojan.MSIL.Fileless.gen    Machine learning    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe//    chrome.exe    Detected    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:14:03    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe\chrome.exe    Not processed    Disinfection not possible    HEUR:Trojan.MSIL.Fileless.gen    Postponed    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe//    chrome.exe    Not processed    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:14:03    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe\chrome.exe    Detected    Malicious object detected    HEUR:Trojan.MSIL.Fileless.gen    Machine learning    File    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736)\setup.exe//    chrome.exe    Detected    Trojan    High    Heuristic Analysis    XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:13:04        Task started    Task started                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 20:12:56        Task started    Task started                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 19:48:52        Task started    Task started                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 19:47:17        Task completed    Task completed                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 19:47:17        Task started    Task started                                        XENOMORPH\VeerainSood    Active user
Today, 05-07-2022 19:47:17    C:\Users\veera\OneDrive\Desktop\REPACK PASS (812736).rar    Password-protected    Password-protected archive detected            File    C:\Users\veera\OneDrive\Desktop    REPACK PASS (812736).rar    Password-protected                XENOMORPH\VeerainSood    Active user

Now all of these files I didnt run them but scanned them. So I wanted to ask( I deleted both the files btw) Even after deletion do they pose a threat? if i did not run the setup?

btw i deleted the setup.exe file which came out from the REPACK PASS (812736).rar

[Veerain]

I ran a full system scan(deep Heuristic Analysis) and found that REPACK PASS (812736).rar  file created copies of itself 

Actually the file i downloaded was this rar one and i extracted it to get that setup.exe file

I deleted  all the above mentioned files , any suggestions what to do now?(as a precautionary measure?

Edited July 5, 2022 by Veerain

[Berny]

@Veerain

Please reboot and run another scan ?

 

 

[Veerain]

Yeah sorry for the late response (I posted this feed late at night and then slept and looked at it in the morning)

I scanned my full pc 2 times and windowsC: drive once and it says no threats detected.

but this time kts scanned about 481171 files on my  system.

Earlier (yesterday it scanned 638796 files)(this was before I deleted some files as kts couldn't handle them(kts postponed them , I dont know what that means and when will it refocus to those files) so that might be the cause of lesser files scanned?) 
anyway

1)is there anything more to do regarding this issue?

2) Is there a way to check which applications have made their registry key to run at startup just incase if I wanted to delete any unwanted mess that these files might have created?

Edited July 6, 2022 by Veerain

[Berny]

@Veerain

Thank you  for your  feedback.
The second scan has only scanned new and changed files.
Concerning (2) , are you talking about an unwanted modification from your Start Up items ?

[Veerain]

thank you for reaching out.

I have disabled the "scan only new and changed files option"

Still it didnt scan all the files because I think I deleted a few of them.

anyway in 2nd  I was asking about the fact that does kaspersky detect any malicious registry keys made by the malware? and why did it postponed some of the files?