Jump to content

powershell.exe malicious object detected but Kaspersky didn't do anything about it?


Recommended Posts

Got absolutely frustrated with my Lenovo Yoga Slim laptop. Everything started to run especially slow one day and even occasional screen freenzes happen. The laptop went over-heated but memory and cpu usage was actually quite low. Couldn't properly load Youtube video in full screen. Everything is lagging hard. I full scanned my laptop using Kaspersky Standard and a malicious objected was detected. It was a kind of Trojan named HEUR:Trojan.Multi.Runner.l 

 

But Kaspersky seemed to do absolutely nothing about it. No disinfection, no quarantine, no deletion? And the next time I full scanned it, Kaspersky simplied told me that No threats are found.

 

Please help me. I have got work to do and I have even tried restoring Windows but in vain.

 

Details are as below:

Event: Malicious object detected
User type: Active user
Component: Virus Scan
Result: Detected
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Multi.Runner.l
Precision: Exactly
Threat level: High
Object type: File
Object name: powershell.exe
Object path: proc:\C:\Windows\System32\WindowsPowerShell\v1.0
Reason: Expert analysis

Link to comment
Share on other sites

Hi Thank you! Before I reset my PC, I did run a full scan as well. And there were four threats detected but all deleted or disinfected by Kaspersky. The issue of lagging and frozen/black screen persisited. So I reset my PC and ran a full scan again, which was the one I reported as above. No other detection as of now.

 

My Kaspersky version is 21.17.7.539

My system is Windows 11

 

And by the way, I just ran a full scan again and this time the Kaspersky even froze (it stuck at 1% and the blue circle wasn't spinning anymore, as shown in the attached screenshot)

Screenshot 2024-05-13 185455.png

Link to comment
Share on other sites

I tried to find as much information as possible for your reference.


Processor    12th Gen Intel(R) Core(TM) i7-1260P   2.10 GHz
Installed RAM    16.0 GB (15.7 GB usable)
System type    64-bit operating system, x64-based processor
Pen and touch    No pen or touch input is available for this display

Video Card: Intel(R) Iris(R) Xe Graphics

Storage: Micron MTFDKBA1T0TFH - 953.87 GBs

Memory: Samsung LPDDR5 6400 MHz 16.000 GB

  • Like 1
Link to comment
Share on other sites

That's an enough powered system to get those issues are getting 🤔

 

About the detection of Your 1st post:

 

Quote

Event: Malicious object detected
User type: Active user
Component: Virus Scan
Result: Detected
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Multi.Runner.l
Precision: Exactly
Threat level: High
Object type: File
Object name: powershell.exe
Object path: proc:\C:\Windows\System32\WindowsPowerShell\v1.0
Reason: Expert analysis

 

PowerShell it's a Windows legit app, but it's true that it can be abused to execute malicious activity in the system, Kaspersky in those cases, can't delete PowerShell for obvious reasons, but blocks the malicious activity or any other malicious files spawned about that abuse...

 

I never run Full Scans in my system, that's so crazy at best, and in a new system with all new files it may take hours... I run Quick Scans adding in the scope the folders:

 

Quote

 

C:\Users\

C:\ProgramData\

 

 

And with these tweaked settings:

 

Security Level -> Extreme

And enabling these settings:

image.png.698e3a699a84bb0abcd10169b2d57b3d.png

 

image.png.969c27b1652498d8e1f2a8160b0a9cc8.png

 

In Full Scan settings, you may enable this settings, to run it faster the later scannings:

 

image.png.7527d6afd042a0b50de7a79379635d31.png

 

Just because progress remains at 1% for a long time does not mean that it has stopped or frozen there, that % may eventually be updated

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...