Virus Undetected - Backdoor:PHP/Dirtelti.MTF

[Spare_Profile7853]

I have the virus go on scheduled scan and automatic updates, but it never detected Backdoor:PHP/Dirtelti.MTF

Quote

This threat can perform a number of actions of a malicious actor's choice on your device.

 

Devices affected by this threat might exhibit the following unexpected behavior:

• Slow performance
• Presence of added or modified files
• Changes in desktop settings
• Freezing or crashing
• Diminished storage space

I recently decided to update Microsoft Defender Antivirus and do a Full Scan. It detected the trojan!

Apparently, I have been experiencing random crashes and BSOD so I'm suspicious. Why did Kaspersky didn't detect the virus?

Also, it's constantly detecting that my database is not updated.

 

 

What is it that I don't understand here? Why is Kaspersky on my device like this? 

[harlan4096]

Welcome to Kaspersky Community.

 

Can You provide the detection details of Microsoft Defender? also provide version of K. produco installed.

[Spare_Profile7853]

Here is the detection of Microsoft Defender

 

Here's the Kaspersky scans

 

Installed K Premium and VPN

[harlan4096]

 

Ok, but no info of the file name, and where was located 🤔

[Spare_Profile7853]

Ooh, good point. I thought of not including it for privacy. Here you go!

If the virus is doing something in the background, regardless of where the file is saved, wouldn't Kaspersky detect its activity anyhow?

[harlan4096]

Looks like the detection was not active, since it is in G: drive, maybe an external device? also it is a compressed file in format .bz2, usually used in Linux systems.

 

And looks like this file was taken from there, but an older version:

 

https://www.php.net/releases/7_4_4.php

 

https://www.php.net/downloads.php

 

and I would bet that is not malware, but a MD false positive 🤔

[Spare_Profile7853]

I see. So, it shouldn't be affecting my system?

I'm just too anxious about it.

My laptop has been getting BSOD, lags and super slow prior to the removal.

What is the explanation for the database though?

[harlan4096]

Was there an external drive? did you download that file?

 

The BSOD maybe caused, probably by other system issues, You can find the cause with a free tool called WhoCrashed, and setting in Your Windows, the full memory dump, if there is a new BSOD.

 

Also, run a ScanDisk of Your main drive C :

[Spare_Profile7853]

Thanks for the suggestion but I paid for Kaspersky thinking it would help all with the issues I have raised here.

I have tried all the Windows tools like CHKDSK, ScanDisk, SFC Scannow, and DISM but they do not detect any error.

Maybe you are right that a file on my external drive might not be the problem. My laptop is a mess. Slowdowns, freezes, crashes, blue screens... it's happening. 

 

Shouldn't Kaspersky be able to find and stop something like that? 

 

Why would it report a false positive database update? 

 

[harlan4096]

Check the steps in this link:

 

https://support.kaspersky.com/common/error/update/13285

 

Also, in what country are You?

[Spare_Profile7853]

I have read those before posting here in the forum.

Apparently, Kaspersky wouldn't update when it is connected on its own VPN server. I need to turn VPN and Kill Switch for the update. I need to turn off Kill Switch for Kaspersky VPN to connect too.

Why would it block its own app when connected on its own VPN server?

[harlan4096]

If You are in US or use a US node in VPN, then it's normal, due to the ban.