Kaspersky
Products
Support go
Community
Personal Account go
Check a file or link
Kaspersky Club go
Kaspersky Education go
Beta Testing
back back
support
Home Support
Business Support
Virus Fighting
back back
kaspersky club
Россия и СНГ
Global
back back
kaspersky education
Бесплатный образовательный портал
Free educational videocourses
back back
Personal Account
My Kaspersky
KSOS Management Console
CompanyAccount
Solved

GoogleUpdateTaskMachineUAC detected as Virus

M
Userlevel 1

At around 1:40 my kaspersky detected deleted some files (I was in the middle of the game), the things it detected were

 

C:\Users\heise\AppData\Roaming\d_temp\service.exe

C:\Users\heise\AppData\Roaming\Valve Software\service.tdi

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUAC (Apparently a Chrome service whose real name is GoogleUpdateTaskMachineUA, I don’t have Chrome installed)

It also deleted some Registry Entries belonging to simply game.exe (not belonging to the game I played)

I am at a loss where it could come from or if it was just a false positive, help would be appreciated.

 

EDIT: Kaspersky found another file, a xmrig-cuda.dll, apparently belonging to a crypto miner?

icon

Best answer by Berny 2 August 2020, 03:46

  1. They were in Quarantine, Service.exe and Service.tdi that was, but I deleted them, don’t know if that was a mistake
     

Also,  please  run another Kaspersky scan with following option : https://help.kaspersky.com/KAV/2019/de-de/68189.htm

Erkennung von anderen Programmen, mit denen ein Angreifer den Computer oder die Benutzerdaten beschädigen kann“

View original

15 replies

Flood and Flood's wife
Rank
Userlevel 7
Badge +9

Hello @MarcyUnchained,

Welcome!

  1. Are the detected objects in Quarantine? 
  2. Which supported browsers are installed and used: Firefox, IE, Edge Chromium? 
  3.  Run the KAV Report, open KAV, select More tools, select Reports, select Detailed Reports, select All events, select 24hrs, select Export, save the report as a text file, attach:paperclip: to your reply please? 

Post back please?

Thank you:pray_tone3:

Flood:whale:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
M
Userlevel 1
  1. They were in Quarantine, Service.exe and Service.tdi that was, but I deleted them, don’t know if that was a mistake.
  2. Only Firefox and Edge are installed. Edge only because of the new windows update
  3.  Reports are attached

Thanks for the quick reply! I’m getting really worried now. Running Malwarebytes at the moment.

1 Attachment
Flood and Flood's wife
Rank
Userlevel 7
Badge +9

Hello @MarcyUnchained,

You’re most welcome:relaxed: !

Thank you for the report:ok_hand_tone3:

  • We’re looking at the report, itmt & regarding “ I’m getting really worried now”, please try not to: Kaspersky detected & quarantined the objects. 
  1. Post the Malwarebytes report before taking any recommended actions please? 
  2. Download CCleaner, run the Registry Scan, not the Fix, post the CCleaner Registry Scan report please?

Thank you:pray_tone3:

Flood:whale:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
M
Userlevel 1
  1. Report is attached and I haven’t taken any action
  2. Registry Scan Report attached, and here aswell, I haven’t fixed as you said.
2 Attachments
Flood and Flood's wife
Rank
Userlevel 7
Badge +9

Hello @MarcyUnchained,

Thank you:ok_hand_tone3: !

Run the CCleaner Registry Fix, including backing up the Registry option, then re-scan, post the scan report please? 

Thank you:pray_tone3:

Flood:whale:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
M
Userlevel 1

done, and done, sadly I misclicked and didn’t backup the registry.

1 Attachment
Flood and Flood's wife
Rank
Userlevel 7
Badge +9

Hello @MarcyUnchained,

Thank you:ok_hand_tone3: !

Run the CCleaner Registry Fix again, including backing up the Registry option, then re-scan, post the scan report please? 

Thank you:pray_tone3:

Flood:whale:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
M
Userlevel 1

done

1 Attachment
Flood and Flood's wife
Rank
Userlevel 7
Badge +9

Hello @MarcyUnchained,

Thank you:ok_hand_tone3: !

  • Again, run the CCleaner Registry Fix, including backing up the Registry option, then re-scan, post the scan report please? 

Thank you:pray_tone3:

Flood:whale:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
M
Userlevel 1

can’t save a report because there was nothing found

Berny
Rank
Userlevel 7
Badge +8
  1. They were in Quarantine, Service.exe and Service.tdi that was, but I deleted them, don’t know if that was a mistake
     

Also,  please  run another Kaspersky scan with following option : https://help.kaspersky.com/KAV/2019/de-de/68189.htm

Erkennung von anderen Programmen, mit denen ein Angreifer den Computer oder die Benutzerdaten beschädigen kann“

Forum Moderator France & BeNeLux - Did it answer your question? Please mark it as "Best Answer” | Est-ce la réponse à votre question? Marquez-le comme résolu | Is dit het antwoord op uw vraag? Markeer het als opgelost | Errare humanum est.
Flood and Flood's wife
Rank
Userlevel 7
Badge +9

Hello @MarcyUnchained,

Thank you:ok_hand_tone3:

Thank you:pray_tone3:

Flood:whale:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
M
Userlevel 1

@Berny Will do.

M
Userlevel 1

@FLOOD Here’s the report that came out of GSI

1 Attachment
M
Userlevel 1

@Berny The scan came back clean. I used the setting you mentioned.

Reply / Ответить


 Utilities