Jump to content
Kaspersky Support Forum

Virus that is blocked but cannot be deleted

Eren Bostan

By Eren Bostan
in Virus and Ransomware related questions

 Share

Recommended Posts

Eren Bostan

Eren Bostan

Posted
Posted

Hello;
A few days ago, the path c:\users\....\appdata\roaming\vhcirwh was infected with a virus that Kaspersky identified as a Trojan. (I tried with all the popular virus programs, none of them could see it except Kaspersky.)

The feature of the virus somehow appears on the cmd screen for a few seconds at the first boot of the computer and then disappears. This process is repeated every 10 minutes. (like 21:00, 21:10, :21:20...)
Kaspersky blocks this virus but cannot clean it because the file is not in the path Kaspersky detects and I see and hear Kaspersky notification every 10 minutes.

What would you recommend if you faced a similar problem?

Berny

Berny

Posted
Posted

@Eren Bostan Welcome.

Can you please check your Kaspersky reports and post a screenshot from the detections. Could you please also provide a screenshot from the CMD window.

Also,please check your Startup items ?

  • Like 1
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted (edited)
5 hours ago, Eren Bostan said:
  • A few days ago, the path c:\users\....\appdata\roaming\vhcirwh was infected with a virus that Kaspersky identified as a Trojan.
  • Kaspersky blocks this virus but cannot clean it because the file is not in the path Kaspersky detects.
  • The feature of the virus somehow appears on the cmd screen for a few seconds at the first boot of the computer and then disappears.
  • I see and hear Kaspersky notification every 10 minutes.

Hello @Eren Bostan

Also:

  1. Which Kaspersky Free version & patch(x), x = letter, is installed, on the Windows Taskbar or hidden icons, rightclick the Kaspersky icon & select About
  2. In File explorer, is Hidden items checked? 
  3. Read & follow guide by Moderator @richbuff:  Kaspersky notification of detection, file or website detected

Thank you?

Flood? +?

Edited by Flood and Flood's wife
Eren Bostan

Eren Bostan

Posted
  • Author
Posted

Hi, thank you so much for support.
I use to Internet Security (free ). and hidden files are visible. I didn't feel anything weird with the startup items. (Devre dışı = disabled, Etkinleştirildi = enabled)
I saved the CMD screenshot in two stages. This is in Turkish but as far as I understand it looks like a .net framework installer.

But I found the program and blocked it from running on startup before Kaspersky started.

virus 2.png

virus.png

Screenshot_7.png

Screenshot_7.png

Screenshot_8.png

Eren Bostan

Eren Bostan

Posted
  • Author
Posted

and I attach the Kaspersky report.

Screenshot_3.png

Eren Bostan

Eren Bostan

Posted
  • Author
Posted
17 minutes ago, Berny said:

@Eren Bostan Please try this ?

1) Uninstall NET Framework + reboot

2) Download and reinstall Net Framework + reboot

I removed all .net frameworks and related updates and windows features on my computer but nothing changed. ?

  • 2 weeks later...
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello @Eren Bostan

You encounter a fake dotnet framework installation file. This file maybe is dropped by other malware. Not a main function malware. Please do a clean boot to see whether this detection occur again or not and reply the result here.

Regards.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...