Jump to content

Trojan.Multi.GenAutorunBITS.a detected in System Memory.


Recommended Posts

Posted
Hi, Kaspersky detected that the following Trojan.Multi.GenAutorunBITS.a is in my system memory, I was able to be remove. I want to under how this trojan get into the system, does anyone has any information to share? This is the second time I have this alert. I was not visiting any website only reading normal email and there was no attachment. I am concern how this Trojen can enter the system. Any advise will be appreciated. Regards Andy
Flood and Flood's wife
Posted
Kaspersky detected Trojan Multi GenAutorunBITS a is in system memory, I want to understand how this trojan get into the system, This is the second time I have this alert. I was not visiting any website only reading normal email and there was no attachment. I am concern how this Trojan can enter the system.
Hello Andy, Welcome!
  1. When posting about malicious objects or detections, it's important not to post potentially unsafe links. Always modify the link (as I have) or copy the link to a text file, upload the text file.
  2. Kaspersky database releases/signatures update continuously, classifications change frequently, sometimes, objects/files, previously not classified, are given new classifications.
  3. Please go to KIS (application) REPORTS, find the events that match Trojan Multi GenAutorunBITS a, select, the CATEGORY, the events are in (not ALL EVENTS), export the report, save as a .txt file, upload, using the "upload" icon, in your reply please?
Thank you:pray_tone3:
  • 2 weeks later...
Posted
Hi, Sorry for the delay. I have attached the file. I happen today.
Posted
Hi, Distribution Methods: Spam messages, sketchy sites, fake ads, links, pop-ups, infected email messages and attachments, compromized installers, exploit kits.... Regards
Flood and Flood's wife
Posted
Sorry for the delay. I have attached the file. It happen today.
Hello Andy Tan, Thanks for posting back:pray_tone3:
  1. In the last 13 days, between when you first posted and today, how frequently has the detection happened?
  2. Is the detection happening after any particular action, for example: system startup?
****Please let me know before following the remainder of my post**** Preparation: (A) KIS application: select Settings, select Additional, select Reports & Quarantine, select Clear - ref: Reports and Quarantine (B) Create a system restore point. (C) Make sure all backups are up to date ---- Procedure: (1) If operating system is Windows (Note1), check: KVRT system requirements IF, system meets requirements, download Kaspersky Virus Removal Tool (2) Start system in SafeMode. (3) Start KVRT, run as Administrator , check all 4 "Objects to scan" options IF objects are detected, action as per documented instructions.
  1. Then (4) Shutdown device, using full shutdown method (see method at the end of my reply)
  2. (5) Restart system in SafeMode.
  3. (6) Run KVRT again - to CHECK the system is clean.
IF system is clean, shutdown device, using full shutdown method (7) Restart system in Normal Mode. (8) Make sure KIS is active (9) Run MANUAL database update (10) Run MANUAL KIS Fullscan (11) Check if Object (system memory) detected issue continues IF system is clean, good:clap_tone3: IF problem persists, please post back., with the following information: (12) Operating system full name? version? build? (13) KIS, free or licensed? version? patch(x) x=letter (14) GSI & Windows Logs upload to cloud, post or pm link please? (Note1) Thank you KVRT library KIS library Threats Full Shutdown: Press Ctrl+Alt+Del to show security screen Press and hold Shift & click on Shutdown symbol in bottom right corner of screen, then Shutdown. Note1: If operating system is not Windows, please let me know? Note2: KVRT does not provide RealTime protection Note3 : Kaspersky free software has (config) limitations, advertising & no Technical Support. If we know this, we ensure we never waste your time, advising you, for example: "contact Technical Support".
Posted
HI, So far 2 times. I will monitor and report any new information. Regards Andy Tan
Posted
Hi, I have completed the KVRT in Windows 10 safe mode and there was no issue. Regards Andy Tan
  • 7 months later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...