Malware removal mode: disabled

[Axel92]

Hi, i just have a problem whit my kaspersky.

 

I recently had a program installed on my computer via TW, but the antivirus was blocked/closed, looking for these programs.

Since then the settings don't show that everything is OK, but in the AZV report through GSI it shows that everything is closed.

 

 

Attention !!! Database was last updated 3/14/2023 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.67 private build [14.03.2023  5:00:04]
Scanning started at 06.08.2023 08:53:47
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 14.03.2023 04:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 654627
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.19045,  "Windows 10 Home" (Windows 10 Home) x64, install date 05.08.2023 13:42:47 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user

 

8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete

 

 Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)

 

[harlan4096]

Welcome to Kaspersky Community.

 

What do You mean with TW?

 

Quote

but the antivirus was blocked/closed, looking for these programs.

Can You elaborate better this? I don't understand 🤔

[Axel92]

I mean TeamViewer - Remote connectivity software

 

Kaspersky has closed the scan for  "Malware removal mode: disabled" by user but i don t do that.

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user

6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user

8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled

I need information to activate them all, because they are disabled by the user, but I haven't done that, in the settings in Kaspersky it shows me that everything is ok, but AVZ, everything is off

I try resetting to initial settings, but it's still the same.

 

 

 

[Axel92]

I installed windows 3 times, deleted the old windows, deleted the registry from the old windows.

[harlan4096]

Go to Settings -> Security Settings -> Advanced Settings -> Exclusions and Actions on Object Detection:

 

Check if enabled:

 

 

 

Go to Settings -> Security Settings -> FireWall:

 

Check if enabled:

 

 

In Packet Rules:

 

 

Go to Settings -> Security Settings -> Advanced Settings -> NetWork Settings:

 

[Axel92]

Yes, everything is like that.

 

But I don't know why the GSI report in AVZ shows me that they are off by the user.

[Axel92]

Have you tried to do something?

[harlan4096]

I don't see anything weird in that pic 🤷‍♂️

 

Just do horizontal scroll to check which apps are processed...

[Axel92]

1 minute ago, harlan4096 said:

I don't see anything weird in that pic 🤷‍♂️

 

Just do horizontal scroll to check which apps are processed...

 

[Axel92]

 

[harlan4096]

Yeah, and? Usual and normal activity being logged in that module...

[Axel92]

Just now, harlan4096 said:

Yeah, and? Usual and normal activity being logged in that module...

I'm just asking if you guys have done anything, just to be sure, as I said someone has registered a Mallware program on my pc, that's why I try to be cautious with everything, back to the question.

"But I don't know why the GSI report in AVZ shows me that they are off by the user."

[Axel92]

1 minute ago, Axel92 said:

I'm just asking if you guys have done anything, just to be sure, as I said someone has registered a Mallware program on my pc, that's why I try to be cautious with everything, back to the question.

"But I don't know why the GSI report in AVZ shows me that they are off by the user."

Even if in the antivirus states they are turned on exactly as you sent the pictures.

[harlan4096]

I don't think Your system is compromised by any malware, anyway You can try to contact to official Kaspersky Support K. Support and explain Your case.

[Axel92]

1 minute ago, harlan4096 said:

I don't think Your system is compromised by any malware, anyway You can try to contact to official Kaspersky Support K. Support and explain Your case.

I understand, thanks for your help! 

I already have a request for support, but it's the weekend and they are not working, I thought I'd try the forum.