Jump to content

KIS 2020 was not able to stop a malware attack


Recommended Posts

Posted

Hi sorry about that, Razer is just the software for my mouse which is a viper mini.


Hello,

OK, Goger that.

Let us run a avz script:

begin
QuarantineFile('%windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1','');
QuarantineFile('C:\Windows\system32\bootim.exe','');
QuarantineFile('d:\83280b899080454a159e577d\DW\DW20.exe','');
DeleteSchedulerTask('Microsoft\Windows\SMB\UninstallSMB1ClientTask');
DeleteSchedulerTask('Microsoft\Windows\SMB\UninstallSMB1ServerTask');
CreateQurantineArchive('C:\AVZ_Qurantine.zip');
SaveLog('C:\AVZ_Qurantine.log');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

This script will try to quarante three file  “%windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1”, “C:\Windows\system32\bootim.exe”, “d:\83280b899080454a159e577d\DW\DW20.exe” and delete supicious “Scheduler Task” using powershell. After execute this script, OS will reboot.

After reboot, Please send the quarante file and log file to me via google disk. The quarante file is at c:\AVZ_Qurantine.zip. The log file is at c:\AVZ_Qurantine.log.

Regards.

Posted

And how do I delete the “Scheduler Task” exactly?

Posted

And how do I delete the “Scheduler Task” exactly?


Hello,

You can run the avz script to delete the scheduler task or …

Regards.

Posted

Ok I sent it to you through a pm.


Hello, Rosai

I have received the log file. You system is clean. Do you have any problem now? If problem turn back, Please pay attation to the addones of browsers and running cracked program.

Regards.

Posted

It’s weird, it’s like that at first but later on after a month or so passes the same virus comes back again with the same payload. Why is it like this? Is it tied to my IP address or something? I already contacted support.

Posted

It’s weird, it’s like that at first but later on after a month or so passes the same virus comes back again with the same payload. Why is it like this? Is it tied to my IP address or something? I already contacted support.


Hello,

If “startupchecklibrary dll” come back again, Please notic me. I will follow this case.

Regards.

Posted

startupchecklibrary dll  would appear after kaspersky was “uninstalled” by the malware.

Posted

startupchecklibrary dll  would appear after kaspersky was “uninstalled” by the malware.


Hello,

startupchecklibrary.dll is related to CoinMiner. If convenience, Could you please sent Autorunce log to me? Let’s check the Autorun item in your OS.

Autoruns: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Run autoruns or autoruns64.exe.

When scan finished, Please press File → Save… the report and sent it to me via google disk.

Regards.

Posted

Hi I uploaded it to the same google drive link that I sent to you earlier. The log file for autorun is there.

Posted

Hi I uploaded it to the same google drive link that I sent to you earlier. The log file for autorun is there.


Hello, @Rosai 

There is a supicious system driver file in your system

c:\windows\system32\drivers\btha2dp.sys

This file lost Microsoft digital signature and has been editor its timestamp. So this file maybe has been editor by malware.

Could you zip this file to google driver and send to me?

AND Delete this item.

And check whether there is a strange file name (just like a random name: 9DA2A76D.sys) existed in c:\windows\system32\drivers folder or not? If also exist those file, Please send to me as well, thanks.

Regards.

  • 5 months later...
Posted

i have multiple licences for this product and have had this exact issue on all my machines at one time or another.

the s/w does not only fail to find the malware/virus but allows it to uninstall kaspersky all together thereby removing any protection. The first time you know is when the icvon dissapears from the task bar or the desktop.

It seems kaspersky are not only aware of but either unable or unwilling to fix this.

One must pose the question, with the increasing number of cyber attacks eminating from the baltic states and russia , is it still prudent to use a virus protection tool eminating from that region.

IMHO

NO

I think ill be ditching it and investing in something that will offer me full protection without these problems.

I had used kaspersky for many years, like since it came out, and was happy with it until this problem and the failure of the company to address it.

The only solution is to run their virus removal tool, then reinstall.  its a nonsense and they keep denying it happens or making excuses that require the end user to provide more and more information until they lose interest.

A typical response from a company that CANT FIX IT.

 

My 2c + GST

Wesly.Zhang
Posted

i have multiple licences for this product and have had this exact issue on all my machines at one time or another.

the s/w does not only fail to find the malware/virus but allows it to uninstall kaspersky all together thereby removing any protection. The first time you know is when the icvon dissapears from the task bar or the desktop.

It seems kaspersky are not only aware of but either unable or unwilling to fix this.

One must pose the question, with the increasing number of cyber attacks eminating from the baltic states and russia , is it still prudent to use a virus protection tool eminating from that region.

IMHO

NO

I think ill be ditching it and investing in something that will offer me full protection without these problems.

I had used kaspersky for many years, like since it came out, and was happy with it until this problem and the failure of the company to address it.

The only solution is to run their virus removal tool, then reinstall.  its a nonsense and they keep denying it happens or making excuses that require the end user to provide more and more information until they lose interest.

A typical response from a company that CANT FIX IT.

 

My 2c + GST


Hello,

What actually problem do you encounter?

Regards

Posted

Clearly you only read 1 comment and not the thread. Try reading the thread and you might actually understand.
Until then ill just ignore this reply and go back to my work.

Wesly.Zhang
Posted

Clearly you only read 1 comment and not the thread. Try reading the thread and you might actually understand.
Until then ill just ignore this reply and go back to my work.

Hello @vk2bfc 

There is no 100% security protection solution in this world. Just like you don’t keep taking 100 points in all exams. If there is such a solution, criminals will give up crime long ago. It is precisely the deficiencies in the product that require continuous improvement of the product. Unresolved problems in the process can be solved in the process. The role of this community is here, so I asked you what specific problems you have, and we will solve specific problems.

Best regards.

Posted

……...One must pose the question, with the increasing number of cyber attacks eminating from the baltic states and russia , is it still prudent to use a virus protection tool eminating from that region.

IMHO

NO

I think ill be ditching it and investing in something that will offer me full protection without these problems.

 

What exactly are you implying vk2bfc. Surely if Kaspersky were doing anything underhand then the last thing they would do is advertise the fact by uninstalling thieir own protection to advertise the fact to the end user.  This looks like it might be a case of “fake news” or at least “fake implied news” ??

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...