Rhadamanthys

[V.i.k.t.o.r]

I have a problem with the Rhadamanthys PSW trojan. Kaspersky finds it in the path: pmem:\C:\Windows\SysWOW64.I also tried cleaning in Safe Mode and there is no change. I checked the detected "infected" svchost.exe file from the SysWOW64 directory online, and nothing unusual is reported. After cleaning without restarting, Kaspersky reports infection of e.g. Firefox tabs, Twitch... programs that are currently active. Ignoring and adding to exceptions does not work. To open the infected file from the antivirus I need a special program to read from pmem:.

[harlan4096]

Welcome to Kaspersky Community.

 

Please provide version of operating system and K. product installed.

 

Also, attach a capture with the K. details of the detection.

[V.i.k.t.o.r]

I have Windows 11 Pro and Kaspersky Standard.

Why does Kaspersky AV ask me to put kaspersky.com in the exceptions as unsafe?

[harlan4096]

Kaspersky Standard 21.22a or b?

 

[V.i.k.t.o.r]

21.22.7.466(b)

[harlan4096]

Could You change temporally Your K product into English with key combination SHIFT + F12, as You can guess I can understand Russian language in Your captures 😊

[V.i.k.t.o.r]

This is the best it can do. It's Serbian Cyrillic. In the interface settings I only have options for Serbian Cyrillic and Latin. I assume the order of the columns with information is the same in the English version...

Откривено - Discovered

Није могућа дезинфекција - Disinfection is not possible.

није обрађено - Not processed

Тројанац - Trojan

Тачно - Accurate

Веома - High

Датотека - File

[Berny]

↓ EN translation attempt ↓🤔

[AlexeyK]

1 час назад, V.i.k.t.o.r сказал:

I checked the detected "infected" svchost.exe file from the SysWOW64 directory online, and nothing unusual is reported. After cleaning without restarting, Kaspersky reports infection of e.g. Firefox tabs, Twitch... programs that are currently active. Ignoring and adding to exceptions does not work.

Svchost.exe is not being detected. This is a file that tried to access malicious code in the System Memory, after which it was scanned and detected. Try to perform an Advanced Disinfection (disinfection with a restart), if it's still offered. Ignoring and adding to exceptions is a bad idea.

[V.i.k.t.o.r]

12 minutes ago, AlexeyK said:

Try to perform an Advanced Disinfection

Done many times so far.

[AlexeyK]

6 минут назад, V.i.k.t.o.r сказал:

Done many times so far.

And what information do you want to get here on the forum?

More possible solutions. Perform KRD scan (download, instructions). Contact support team. Create a topic on the KL club's forum (in Russian), the rules are here.

[V.i.k.t.o.r]

10 minutes ago, AlexeyK said:

And what information do you want to get here on the forum?

I want to know what else I can try. If a trojan is TRYING to run and Kaspersky keeps notifying me about it but can't block/clean it, it would at least help if I didn't get popups (that can't be hidden) every time notifying me of something trying to do something.

[harlan4096]

With KRD you can boot the system, and remove manually that file.

 

Would be interesting to get that file and send it to K. analysts, or maybe is it a false positive? 🤔

 

The quality of captures is very low, but... WAIT A MOMENT!!!

 

 

IS THAT AN "O" AND NOT A C??????????????? 

[AlexeyK]

41 минуту назад, harlan4096 сказал:

IS THAT AN "O" AND NOT A C?

Just a bad screenshot, in original it's "c". 

48 минут назад, V.i.k.t.o.r сказал:

I want to know what else I can try.

Are you not satisfied with the solutions listed above? Yes, sometimes antiviruses cannot cure the system and detailed cleaning work is required.

[V.i.k.t.o.r]

I'll try KRD too.