Kaspersky Security Cloud vs Trojan.Win32.Generic

[Kalus]

Hi,

every time I boot my PC, when I get on my desktop I get a pop up message

Detected: PDM:Trojan.Win32.Generic

Location: c:\windows\installer\msiaa65.tmp

The last part after Installer\ changes all the time.

I disinfect and restart the computer, but I am always in the same situation.

Even a total scan doesn't yield any result, and nothing is found.

I have Windows 11 updated to the last version available at the time of writing, same for Kaspersky Security Cloud - Personal.

Thanks for any help to get rid of this annoyance.

[harlan4096]

Welcome to Kaspersky Community.

 

Please provide exact version of KSCloud installed.

 

You should migrate to the new product line, Your current KSCloud license will activate the new Kaspersky Plus.

 

Check in Your system if there is any suspicious app that starts during Windows boot:

 

 

Also:

 

[Kalus]

Hi Harlan,

I installed Kaspersky plus 21.15.8.493

It overwrote the Cloud version, that now doesn't show up in Apps anymore.

It seems the problem was with Razer Synapse, as Kaspersky was blocking its updating process, and now that I have uninstalled it, the Trojan pop up doesn't show anymore.

Is it a known issue with that software? I there a way to avoid it to happen? Because I can of need it for my peripherals.

[harlan4096]

If that tool (Ryzer Synapse) is the cause of the false detection/positive, can be reported, but I've downloaded it (not installed), and K. does not detect anything, so it seems You should install it to get the suspicious activity.

 

The false detection can be reported to K. official support, but They will ask You to enable K. product traces and reproduce the false detection, and finally send them the traces, to find a fix.

[Kalus]

I tried to install it and now with Kaspersky Plus installed, before was at least letting me install it, and block the update process, now it directly blocks the installation.

[harlan4096]

As I told You in my previous post, Your best bet is to report to K. Support, They will ask You to collect traces if They can reproduce the issue.

[harlan4096]

Ok, I've just reported via service KOTIP

[harlan4096]

This is the reply from K. analyst:

Quote

 

Hello,

We were unable to reproduce the detection.

Please update your antivirus bases.

If the problem persists, please send us the trace log of the product containing the detection. Here are the instructions for how to obtain trace logs

http://support.kaspersky.com/12797?utm_source=virus_lab_notifications&utm_medium=email&utm_campaign=virus_lab

For the web pages, also please send us an .mht archive of the page. It's available in the Internet Explorer browser from the context menu "Save As" on the page.

 

Our support team will provide more details if you have troubles with this. To get assistance please create a Support request using our portals:

* for home products: https://my.kaspersky.com
 

If you have problems with the form, you can contact our technical support by phone (according to your location):

* for home products: http://support.kaspersky.com/b2c
 

Prior to sending your request we strongly recommend you to check our Kaspersky Lab official forum:

 

http://forum.kaspersky.com as it may have the information you are looking for.

 

Thank you for your help.

Best regards,
Malware Analyst, Kaspersky
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

 

[Kalus]

So,

I managed to reproduce the detection, and got the traces. Problem is that on the KOTIP maximum file size is 246MB, but as you can see, some file are much bigger than that.

What can I do?

Thanks

[Flood and Flood's wife]

31 minutes ago, Kalus said:

I managed to reproduce the detection, and got the traces. Problem is that on the KOTIP maximum file size is 246MB, but as you can see, some file are much bigger than that.

Hello @Kalus, 

Thank you for posting back! 

The instructions above from the Virus Lab do not require any further use of KOTIP.

The PDM Report, the executable & the log files all need to go to Kaspersky's Virus Lab experts -> via Kaspersky Customer Service, ask them to send it to the Virus Lab, provide the following in the submission:

• Include the URL for this topic.
• The databases update date in the Kaspersky application?
• Any malware - zip it & protect it with a password - use either MALWARE OR INFECTED & make sure (you) tell support the password.
• Fill in the template as follows: 

When you get a result from the Virus Lab, please share the outcome with the Community? 

Thank you🙏
Flood🐳+🐋

Edited November 14, 2023 by Flood and Flood's wife
grammar

[Kalus]

Hi everyone,

unfortunately or luckily, Razer updated its software, from version ending 110 to 116.

Now installing or updating the application, doesn't trigger the detection anymore.

Virus Lab was very helpful sending me a very clear and detailed mail, about what to do.

I was almost sad to not be able to replicate the detection anymore.

Kind regards to everyone that helped me here too.