Jump to content
Kaspersky Support Forum

Trojan in Recovery hidden folder

ArzS

By ArzS
in Virus and Ransomware related questions

 Share
Go to solution Solved by harlan4096,

Recommended Posts

ArzS

ArzS

Posted
Posted

Hello,

I ran a scan this morning and I got a message from Kaspersky Total Security (version 21.2.10. 391 (m)) that there is a Trojan in my recovery folder (see the print screen below). Kaspersky was not able to disinfect the object. I tried to access to the folder and without success. I also scan the system but there is no error. My laptop is on windows 11 home x64 Build 26100Any idea to get rid of this malware? 

 

virus_kapsersky_print screen.png

harlan4096

harlan4096

Posted
Posted

Welcome to Kaspersky Community.

 

Your KTS is a bit obsolete, You should migrate to Kaspersky Plus (current 21.20):

 

 

Folder C:\Recovery:

 

"The C:\Recovery folder in Windows is used to store files necessary for the Windows Recovery Environment, which helps repair the operating system if issues arise. It's generally best to leave this folder alone, as deleting it can prevent recovery options from functioning properly."

 

It usually has system rights and not easy to direct remove a file inside.

 

I'm not sure if that is actually a malware or a false positive ?

  • Like 1
ArzS

ArzS

Posted
  • Author
Posted

Thank for your reply. I switched of version of Kapersky and run a scan. It is still there and I cannot remove it. Kaspersky identifies it as a passwords stealer. I saw some weird update inside of some accounts. I change theirs passwords.


 

  • Confused 1
Xzz123

Xzz123

Posted
Posted

try boot your system in safe mode

can you delete the file in safe mode?

If not

you need to:

1. modify the access right by your self. It may be difficult so you google the process.

2. you can also try to boot your machine in PE. Just like harlan suggested, KRD is a PE tool designed by K. Using KRD you can not only scan files in another system which make any malware visible and ignore all kinds of permission restrictions under Windows. You aso have a file explorer in KRD so that you can do anything you like.

You may choose other PE you like but It is your responsibility to ensure the security of the third-party software.

  • Like 1
ArzS

ArzS

Posted
  • Author
Posted

Thanks you so much for your help. I was able to remove them (one sneaky was hidden in image folder) with KRD. 

 
 

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...