MEM:Trojan.Win32.Sepeh.gen, detected, cleaned, but why?

[Mitch]

Here is the deal, my computer started to act a bit slow while playing video games around a week ago and I don’t often click on any weird links or any ads or anything but still I got paranoid. I have ESET protection fully enabled and also MalwareBytes scanner as second option. I scanned with MalwareBytes and ESET both and nothing came up, I downloaded Kaspersky in case and ran a full scan and a background scan and again nothing came up. About maybe an hour later all of a sudden I get a message saying I have MEM:Trojan.Win32.SEPEH.gen and it automatically cleaned it for me but I don’t even know why I got the message an hour later when I was just playing video games with friends and ran a full scan earlier. Why didn’t the full scan pick up the virus? Is this just some sort of false positive?

I got lucky and ran FRST maybe an hour and half before getting the virus notification, I have posted a thread to bleeping computer with my FRST.txt and other relevant files in the post.

https://www.bleepingcomputer.com/forums/t/739501/memtrojanwin32sepehgen/#entry5105110

Can you please tell me what is going on? I used the computer in the meantime to do some purchases and wish to know if I should be prepared for any issues in that regard. Thank you.

[Berny]

@Mitch Welcome. Are you actually running a Kaspersky trial version ?

Also, here is a similar Topic.

[Mitch]

Yes I am running a trial version and I ran a full scan an hour before the detection and found nothing, I also ran a FRST scan before the full scan and can post it here if you want. I ran a malwarebytes scan after frst and also found nothing, I was wondering if this was some sort of false positive because I didn’t do anything in the meantime except open a video game called warzone.

[Berny]

@Mitch Kaspersky is either deleting or moving a FP in Quarantine (> please check) and if it comes out that the object is clean after reanalyze K-Lab will update their Database definitions. Anyway if nothing gets detected after scanning means that your system is clean. 

[Mitch]

I cannot find the quarantine, also I think I remember trying to see the quarantine but it didn’t have any files in it.

[Berny]

@Mitch That sounds Good. To view Quarantine please go to “Tools”.

[Mitch]

This is what it gives me

[Mitch]

@Berny Is this just a False Positive then? The FRST files have been checked by people on Bleeping Computer and they said nothing is there, If you want, I can upload logs from Kaspersky and FRST here.

[Berny]

@Mitch We can’t request reports and logs that may contain personal or confidential data which doesn’t comply with our community rules. Your only option is Kaspersky Lab Technical Support which is only available for paid versions.
 

[Mitch]

OK, but do you believe this is a false positive if a full scan was run beforehand (1 hour before detection) using Kaspersky, a MalwareBytes scan and another Antivirus all came back negative?

[Berny]

@Mitch Only Kaspersky Lab can confirm or deny a false positive.

[Igor Kurzin]

Hi @Mitch , 

Check the reports of File Anti-Virus via More tools → Reports, will there be any information on the object that was detected as  MEM:Trojan.Win32.SEPEH.gen and deleted?

Regards,

Igor

[Mitch]

It just says this

 

[Schulte]

Hello @Mitch,

do you run another AV product with real-time protection besides Kaspersky?
Or any cracked software?

The 'Trojan' was found in the system memory. Where it came from, Kaspersky cannot determine. My two questions might contribute something to the solution.

[Mitch]

Hello @Mitch,

do you run another AV product with real-time protection besides Kaspersky?
Or any cracked software?

The 'Trojan' was found in the system memory. Where it came from, Kaspersky cannot determine. My two questions might contribute something to the solution.

1.) I use ESET, MalwareBytes. I thought I turned off real time protection for both of them but sometimes for no reason when I restart the computer as what happened before this they automatically re-activate themselves.

2.) No, I do not use any cracked software.

3.) I also ran a full FRST scan (attached files), as well as a full Kaspersky scan only 1-2 hours before the detection and they found nothing. In the meanwhile I simply was playing some video games with a friend and didn’t go to any suspicious websites or download anything.

[Mitch]

In addition randomly whenever I started up my computer some time when I opened Chrome would always want access to Webcam for some reason, sometimes the webcam would request access immediately as I opened, sometimes I wouldn’t.

[Igor Kurzin]

Hi @Mitch ,

Thank you for the screnshot. 

For further analysis please collect a GSI report (https://support.kaspersky.com/common/diagnostics/3632) and submit a ticket to technical support. Let me know the incident number. 

Regards,

Igor

[Schulte]

Hello @Mitch,

there is only one way to shed some light:
uninstall ESET and test if the message still appears.

AV products often interfere with each other and cause FPs.

We'll worry about the camera later.