Jump to content
Kaspersky Support Forum

MEM:Trojan.Win32.SEPEH.gen; Kaspersky says its disinfected but its back again

Bleb

By Bleb
in Kaspersky Anti-Virus

 Share
Go to solution Solved by Berny,

Recommended Posts

Bleb

Bleb

Posted
  • Author
Posted

Hi there I recently disinfected the Trojan on the 26 of October but now it is back as of today for some reason

as you can see it was disinfected but it may be back soon. 

Thank you.

Bleb

Bleb

Posted
  • Author
Posted

Hello Berny, thanks for the help, my only problem is how to submit a ticket

Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello,

Do you have a file named svchost.exe in PATH C:\Users\YOUR ACCOUNT NAME\Documents?

Regards.

Wesly.Zhang

Wesly.Zhang

Posted
Posted

 


Hello,

No, You haven't this file in that folder. But Could you search a folder named “my document”. Our KL chinese virus lab analyst once told me search that folder.

If you also haven’t that folder, Do you use any language input method, such as Sougou or …? Please uninstall the input method and observe related issues. or Do you use any cracked program, just like adobe keygen...

This issue is related that the hash of explorer.exe in memory is different in disk detected by anti-rootkit scan. There are something inject to it and string “ my document\svchost.exe” also include in it.

Discussion of related issues: https://translate.google.cn/translate?sl=zh-CN&tl=en&u=https%3A%2F%2Fbbs.kafan.cn%2Fthread-2173483-1-1.html

Regards.

 

 

  • 3 weeks later...
Bleb

Bleb

Posted
  • Author
Posted

 


Hello,

No, You haven't this file in that folder. But Could you search a folder named “my document”. Our KL chinese virus lab analyst once told me search that folder.

If you also haven’t that folder, Do you use any language input method, such as Sougou or …? Please uninstall the input method and observe related issues. or Do you use any cracked program, just like adobe keygen...

This issue is related that the hash of explorer.exe in memory is different in disk detected by anti-rootkit scan. There are something inject to it and string “ my document\svchost.exe” also include in it.

Discussion of related issues: https://translate.google.cn/translate?sl=zh-CN&tl=en&u=https%3A%2F%2Fbbs.kafan.cn%2Fthread-2173483-1-1.html

Regards.

 

 

I used a cracked vegas

 

Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...