Kaspersky
Solved

GoogleUpdateTaskMachineUAC detected as Virus


Userlevel 1

At around 1:40 my kaspersky detected deleted some files (I was in the middle of the game), the things it detected were

 

C:\Users\heise\AppData\Roaming\d_temp\service.exe

C:\Users\heise\AppData\Roaming\Valve Software\service.tdi

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUAC (Apparently a Chrome service whose real name is GoogleUpdateTaskMachineUA, I don’t have Chrome installed)

It also deleted some Registry Entries belonging to simply game.exe (not belonging to the game I played)

I am at a loss where it could come from or if it was just a false positive, help would be appreciated.

 

EDIT: Kaspersky found another file, a xmrig-cuda.dll, apparently belonging to a crypto miner?

icon

Best answer by Berny 2 August 2020, 03:46

  1. They were in Quarantine, Service.exe and Service.tdi that was, but I deleted them, don’t know if that was a mistake
     

Also,  please  run another Kaspersky scan with following option : https://help.kaspersky.com/KAV/2019/de-de/68189.htm

Erkennung von anderen Programmen, mit denen ein Angreifer den Computer oder die Benutzerdaten beschädigen kann“

View original

15 replies

Userlevel 7
Badge +8

Hello @MarcyUnchained,

Thank you:ok_hand_tone3: !

  • Again, run the CCleaner Registry Fix, including backing up the Registry option, then re-scan, post the scan report please? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 7
Badge +7
  1. They were in Quarantine, Service.exe and Service.tdi that was, but I deleted them, don’t know if that was a mistake
     

Also,  please  run another Kaspersky scan with following option : https://help.kaspersky.com/KAV/2019/de-de/68189.htm

Erkennung von anderen Programmen, mit denen ein Angreifer den Computer oder die Benutzerdaten beschädigen kann“

Userlevel 1

@Berny Will do.

Userlevel 1

@Berny The scan came back clean. I used the setting you mentioned.

Userlevel 7
Badge +8

Hello @MarcyUnchained,

Welcome!

  1. Are the detected objects in Quarantine? 
  2. Which supported browsers are installed and used: Firefox, IE, Edge Chromium? 
  3.  Run the KAV Report, open KAV, select More tools, select Reports, select Detailed Reports, select All events, select 24hrs, select Export, save the report as a text file, attach:paperclip: to your reply please? 

Post back please?

Thank you:pray_tone3:

Flood:whale:

Userlevel 1
  1. They were in Quarantine, Service.exe and Service.tdi that was, but I deleted them, don’t know if that was a mistake.
  2. Only Firefox and Edge are installed. Edge only because of the new windows update
  3.  Reports are attached

Thanks for the quick reply! I’m getting really worried now. Running Malwarebytes at the moment.

Userlevel 7
Badge +8

Hello @MarcyUnchained,

You’re most welcome:relaxed: !

Thank you for the report:ok_hand_tone3:

  • We’re looking at the report, itmt & regarding “ I’m getting really worried now”, please try not to: Kaspersky detected & quarantined the objects. 
  1. Post the Malwarebytes report before taking any recommended actions please? 
  2. Download CCleaner, run the Registry Scan, not the Fix, post the CCleaner Registry Scan report please?

Thank you:pray_tone3:

Flood:whale:

Userlevel 1
  1. Report is attached and I haven’t taken any action
  2. Registry Scan Report attached, and here aswell, I haven’t fixed as you said.
Userlevel 7
Badge +8

Hello @MarcyUnchained,

Thank you:ok_hand_tone3: !

Run the CCleaner Registry Fix, including backing up the Registry option, then re-scan, post the scan report please? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 1

done, and done, sadly I misclicked and didn’t backup the registry.

Userlevel 7
Badge +8

Hello @MarcyUnchained,

Thank you:ok_hand_tone3: !

Run the CCleaner Registry Fix again, including backing up the Registry option, then re-scan, post the scan report please? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 1

done

Userlevel 1

can’t save a report because there was nothing found

Userlevel 7
Badge +8

Hello @MarcyUnchained,

Thank you:ok_hand_tone3:

Thank you:pray_tone3:

Flood:whale:

Userlevel 1

@FLOOD Here’s the report that came out of GSI

Reply / Ответить