Jump to content

MEM:Trojan.Win32.SEPEM.gen


spike277

Recommended Posts

Flood and Flood's wife

Hello @spike277,@Cribble@kgb

What Kaspersky software is installed and what patch(x) x= letter?

Please follow these steps:

  1. KASPERSKY application: select ⚙ , in Settings window, select Manage Settings, select Export Settingssave Configuration file.
  2. KASPERSKY application: select ⚙ , in Settings window, select Restore Settings.
  3. KASPERSKY application: select ⚙ , in Settings window, select Security Level, select Maximum Security Level. 
  4. KASPERSKY application: select ⚙ , in Settings window, select Additional, select Reports & Quarantine, select Clear.
  5. Shutdown device using FULL shutdownnot Restart.
  6. Power device on, login, start Kaspersky application.
  7. Run manual Kaspersky application Database Update.
  8. Run manual FullScan.
  9. Monitor for MEM:Trojan.Win32.SEPEM.gen, if any detections, export KASPERSKY REPORT: ALL Events, save as a text file  (*.txt) and attach to your post please?

Thank you

Link to comment
Share on other sites

I’ve done every thing you suggested currently in the full scan step which on my system takes over 10 hours. In the past have done quick scan rootkit scan every available scans and they never actually detect it. It is always detected at random intervals but not during any scan, problem is it could take 24 hours for a detection to occur. My only comfort is that when Kaspersky detects it it does say it blocked it but never is able to disinfect. Anyway I’m going to follow the steps you laid out and when I get  a detection I’ll send ya the reports

Link to comment
Share on other sites

Can’t understand. No other AV are finding win32.sepem.gen. Only Kaspersky seems to trigger this. I haven’t touched the PC or installed any new programs and suddenly this warning comes up everyday! I don’t even surf on suspicious websites etc, nor have I opened any strange emails. Have scanned with Malwarebytes, Panda AV, Super Antispyware, Windows Defender. I don’t want to resolve it by reinstalling Windows. Is this a “fake” warning?? Will try other scanners if they don’t find anything I’m uninstalling Kaspersky.

Link to comment
Share on other sites

Flood and Flood's wife

Hello @SteeV,

Welcome!

  1. Do the detections happen irrespective of browsers used?
  2. Are there any extensions, themes or addons (other than Kaspersky) installed in browser(s)? 
  3. Reset all browsers to default. 
  4. Run the PC Cleaning Wizard.
  5. Clear all files in C:\Windows\Temp
  6. Clear all files in C:\Users\YOURNAME\AppData\Local\Temp
  7. Reboot device using FULL shutdown, not Restart
  8. Run manual Database Update
  9. Run manual Full Scan - do not use computer while it’s running. 
  10. Contact Kaspersky Lab Technical Support, submit the detection, ask them if it’s a false positive?

Thank  you

Link to comment
Share on other sites

@FLOOD thanks, but already uninstalled Kaspersky. I tried so many solutions, even turned off many running processes, no opened programs, closed down onedrive etc. To minimize active processes. Problem still persists. Seemes clearly like a false positive. I am now trying Avast instead

Link to comment
Share on other sites

Hello @SteeV,
I respect your decision, of course.
But it can't be a solution to change the AV until nothing is recognized anymore.
Personally, I will look into the matter until it is clear whether it is a detection which other programs do not provide or perhaps a false alarm.

Link to comment
Share on other sites

Thanks for all the suggestions. I fully understand the resolution switching AV until nothing is recognised. That was not my intention. I switched to see if other AV can detect and remove, but also inform where it comes from. Else i am fully happy with Kaspersky and will switch back sooner or later. 

Link to comment
Share on other sites

Hello @SteeV,

Welcome!

  1. Do the detections happen irrespective of browsers used?
  2. Are there any extensions, themes or addons (other than Kaspersky) installed in browser(s)? 
  3. Reset all browsers to default. 
  4. Run the PC Cleaning Wizard.
  5. Clear all files in C:\Windows\Temp
  6. Clear all files in C:\Users\YOURNAME\AppData\Local\Temp
  7. Reboot device using FULL shutdown, not Restart
  8. Run manual Database Update
  9. Run manual Full Scan - do not use computer while it’s running. 
  10. Contact Kaspersky Lab Technical Support, submit the detection, ask them if it’s a false positive?

Thank  you


I Did all this and Finally all of sudden Kaspersky went crazy with detections. even detections I had excluded. These detections did not occur during any scan they just popped up. Anyway saved the report. I'm really only concerned about this one in memory AutoKMS I installed myself to keep my old 2010 Office. Attached is the report. and a screen grab of the specific trojan

Link to comment
Share on other sites

  • 1 year later...
  • 2 months later...
Wesly.Zhang

Hello,

This detection appear very often. After disinfection, this detection will happen again and again…

What I know is that there is a program that attempts to expand the memory and write code in the explorer.exe process. In general, This detection is a false positive. such as a Third-party input methods (sougou input methods) or a other AV product or anti-malware tool which operate system memory. If you encounter this issue very often, Please notice above information and close or uninstall application to check.

A very inportmant information reply back from KL virus analyst: Is there a file named “svchost.exe” in my document folder. This information has been provided in past two years. But I think you can not find the file in that folder. But you can try, if you find this behavior, please tell me know.

Regards.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...