The New Trojan which kasper couldn't do anything till now [MOVED]

[M.davoodi]

HI to all

we have 300 clients which are protected by kasper anti virus version 11.1 ,i go straight to the problem , there is a Trojan in our network which is new i think , it cause that kasper process takes all the victim resources suck as memory CPU and HDD , the things is i have  already updated my OS and everything but kasper couldn't terminate it completely  after deleting the Trojan *.exe file in the C:\Windows\Temp it comes back again and again  , the source of this Trojan is unknown , its growing , right now 50 % of all clients are infected , kindly if u have any idea could help , i would be so appreciated to hear it.

i have attached a sample in 1 client 

 

//Mod Note: moved to the correct section.

[Guest #37]

Hi,

Do you have sample of the Trojan? Can you send me the the link to download the sample file via personal message?

Please upload your getsysteminfo (gsi) to review it.

To generate the getsysteminfo (gsi) check this link: https://support.kaspersky.co.uk/common/diagnostics/3632#block7

Getsysteminfo (GSI) direct download: http://media.kaspersky.com/utilities/ConsumerUtilities/GetSystemInfo6.2.zip

Try to clean using Kaspersky Rescue Disk.

Download: https://rescuedisk.s.kaspersky-labs.com/updatable/2018/krd.iso

Review: https://support.kaspersky.com/viruses/krd18

Also open a support ticket in Kaspersky Company Account.

Regards

[M.davoodi]

Hi,

Do you have sample of the Trojan? Can you send me the the link to download the sample file via personal message?

Please upload your getsysteminfo (gsi) to review it.

To generate the getsysteminfo (gsi) check this link: https://support.kaspersky.co.uk/common/diagnostics/3632#block7

Getsysteminfo (GSI) direct download: http://media.kaspersky.com/utilities/ConsumerUtilities/GetSystemInfo6.2.zip

Try to clean using Kaspersky Rescue Disk.

Download: https://rescuedisk.s.kaspersky-labs.com/updatable/2018/krd.iso

Review: https://support.kaspersky.com/viruses/krd18

Also open a support ticket in Kaspersky Company Account.

Regards

thank you for your attention

as you know getting these kind of sample is hard , but as soon as i get it i will send it here ,

right now i’m generating the gsi now, after it gets done i will send it to you in private MSG .

[Guest #37]

Hi,

You´re welcome.

Yes, I know.

Please post the gsi in the Kaspersky Community.

Regards

[M.davoodi]

Hi,

You´re welcome.

Yes, I know.

Please post the gsi in the Kaspersky Community.

Regards

GSI generator is done which files do you need to see?

[Guest #37]

Hi,

The full gsi.zip.

If you don´t want to upload the gsi to the forum/community, then send to Kaspersky support using Kaspersky Company Account.

Regards

[Guest #37]

Hi,

Please open a support ticket in Kaspersky Company Account.

The sample file sent (setup-install.rar) is detected by Kaspersky: Trojan.Win32.Fsysna.ezky

Also in gsi I found:

• C:\Windows\Temp\svchost.exe

Kaspersky detects: UDS:Trojan.Win32.Trickster.dm

•  C:\Windows\YDCJjyoA.exe 

Kaspersky detects: HackTool.Win32.Remoxec.c
https://www.virustotal.com/gui/file/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71/detection

• C:\Windows\SysWOW64\drivers\svchost.exe

Kaspersky detects: HEUR:Trojan.Win32.Generic

• C:\Windows\SysWOW64\wmiex.exe

Kaspersky detects: HEUR:Trojan.Win32.Generic

Review all the files in C:\Windows\Temp\ ,  C:\Windows\SysWOW64\ , and C:\Users\your user.

Etc…

Please uninstall KMSPico (Please don´t use pirate software), update winrar to the last version, update Firefox to the last version, install all windows updates, etc…

Regards