trojan.win32.sepeh.gen

[DARKxx56]

i got this trojan.win32.sepeh.gen malware it has been detected by kaspersky total security but when i want to disinfect it my pc start crashing and reboot it self but the malware still there pls help me out guys

[Igor Kurzin]

Hi @DARKxx56 , 

You can submit a ticket via https://support.kaspersky.com/b2c/ for assistance with this issue. 

[Wesly.Zhang]

Hello, @DARKxx56

Have you installed any other security product just like huorong safety guard?

Regards.

[Bagus1414]

Hello, Admin

 

sorry if my english is not good. 

i have the same problem with this "Trojan.Win32.SEPEH.gen" and it is not resolved. I'm confused as to how I handled it.
when I tried to disinfect with Kaspersky. my pc suddenly black screen without being able to do anything.Please help me.

 

Thanks,

Bagus

[Wesly.Zhang]

30 minutes ago, Bagus1414 said:

Hello, Admin

 

sorry if my english is not good. 

i have the same problem with this "Trojan.Win32.SEPEH.gen" and it is not resolved. I'm confused as to how I handled it.
when I tried to disinfect with Kaspersky. my pc suddenly black screen without being able to do anything.Please help me.

 

Thanks,

Bagus

Hi, @Bagus1414

Could you export microsoft autoruns logs to me via pm？File-->Save...

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Regards.

[Bagus1414]

1 hour ago, Wesly.Zhang said:

Hi, @Bagus1414

Could you export microsoft autoruns logs to me via pm？File-->Save...

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Regards.

Dear, Wesly

 

I've sent it. can you help? thank you very much.

 

Thanks,

bagus

 

[Wesly.Zhang]

Hi, @Bagus1414

I have received your file and check some place. As an investigation, I need you to prevent some software from running in the background first, for example, to prevent some software from starting automatically at OS boot period. At this point, wait a while to see if the detection still occurs. Finally report the situation and give us feedback.

First, you should update the windows to install all hotfix or patch.

Second, Try to config some application settings.

Synapse3 - C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe //If you have some basic functions to use, you can terminate process

Lightshot - C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe //search its settings to uncheck start with system boot optional or kill its process.

Web Companion - C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe //search its settings to uncheck start with system boot optional or kill its process.

TrayApplication - C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe //search its settings to uncheck start with system boot optional or kill its process.

vksts - C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\vksts.exe //search its settings to uncheck start with system boot optional or kill its process.

CodecPackTrayMenu.lnk - C:\Windows\SysWOW64\Codecs\TrayMenu.exe //search its settings to uncheck start with system boot optional or kill its process.

BlueStacksHelper - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe //kill this process

Winrar - D:\Folder APP\WinrarFile\rarext.dll // I recommend you use 7zip instead of this software.

Regards.

 

[Wesly.Zhang]

All the above operations about terminate the process are only valid for the current one. If you shut down and restart OS, please re-terminate the related process again.

[Bagus1414]

Dear Wesly.Zhang

 

I've followed your advice. My question means this virus will not go away? and this is only for temporary prevention? I've removed apps that aren't recommended and I've changed the winrar app to 7zip. but this warning still appeared.

Regards,

bagus

[Wesly.Zhang]

Hello, @Bagus1414

Have you updated any software or installed any software recently? As I think, Usually this detection is to find the existence of expanded memory in the memory process to store code. For example, this situation exists under the explorer.exe process. This operation may be due to a legitimate program (just a false alarm) or an illegal program. So now you need to troubleshoot the problem one by one, you can also report this situation to Kaspersky technical support.

 

[Wesly.Zhang]

Also, May I ask you what input method do you use, Microsoft input method or other third-party input method? Is this detection very regular, between 15 minutes and 20 minutes after the system starts up? Until there is no final solution, you can turn off background (rootkit) detection first.

https://support.kaspersky.com/KTS/21.3/en-US/199672.htm