Kaspersky
Question

how to remove "Trojan.Multi.Accesstr.ash? [merged]

  • 2 September 2019
  • 10 replies
  • 11371 views

anyone have idea how to remove "Trojan.Multi.Accesstr.ash? as Kaspersky cannot disinfect it.

Thanks,

10 replies

Small Office Security can detect Trojan.Multi.Accesstr.ash, but it can't disinfect it. It can't show where it is located to manually erase it. I've tried Symantec, Avast, Malwarebytes, Bitedefender, and ZoneAlarm. Some programs can locate it, but like Kaspersky, they can't remove it. How do I find and/or remove this trojan? Thank you
I have the same issue & looking for solution as well as Kaspersky cannot disinfect it but keep alerting this.
Userlevel 7
Badge +9
anyone have idea how to remove "Trojan.Multi.Accesstr.ash? as Kaspersky cannot disinfect it.


Hello @hk852 ,
Welcome!
(It helps us, help you, if system, software, hardware and detailed issue information are provided), however, you could try Kaspersky Virus Removal Tool
Please check:
(a) System requirements for Kaspersky Virus Removal Tool
If your system meets the requirements, please use KVRT according to documented instructions:
KVRT library
(My recommendation, providing (a), is met)
(1) Download KVRT
(2) Start system in SafeMode.
(3) Start KVRT, check all 4 "Objects to scan" options


  • If objects are detected, action as per documented instructions.
(4) Shutdown device, using full shutdown method.
(5) Restart system in SafeMode.
(6) Run KVRT again - to CHECK the system is clean.
  • IF system is clean, shutdown device, using full shutdown method.
(7) Restart system in NormalMode.
(8)Make sure KAV is active
(9) Run manual KAV Fullscan
  • IF system is clean, good👏🏽
  • IF problem persists, please post back., with the following information:
(10) Operating system full name? version? build?
(11) KAV, free or licensed? version? patch(x) x=letter
(12) Detailed history of issue, include screen shots and KAV REPORTS, showing events that identify the issue, upload the report, as a text file, using the upload icon, in your reply.

Thanks

Note1: Please don't upload any contaminated files or urls.
Note2: KVRT does not provide RealTime protection
Note3 : Kaspersky free software has (config) limitations, advertising & no Technical Support. If we know this, we ensure we never waste your time, advising you, for example: "contact Technical Support".
Thanks FLOOD & will come back to you with the result.👍🏼
Userlevel 7
Badge +9
I have the same issue & looking for solution as well as Kaspersky cannot disinfect it but keep alerting this.
Hello @hk852
Welcome! (again😉).
  • Is this KSOC #post16864, a duplicate of your other post, https://community.kaspersky.com/kaspersky-anti-virus-12/how-to-remove-trojan-multi-accesstr-ash-3185#post16881?
IF "yes", we'll ask the Moderators to remove your "reply", here, as KAV/#post16881, is answered comprehensively, this one will be redundant.

Please let us know?
Many thanks🙏🏽
yes please, thanks!
I have done this multiple times. The instructions after the first scan day to cure and reboot. When it reboots it detects it again and does the same thing. It is an endless loop. My customer who just bought a 3 year 10 user license is getting upset because it cannot remove this.
Userlevel 7
Badge +7
Hi @hlhart, welcome to the new forum.

This verdict indicates that for example the original 'utilman.exe' has been replaced by the 'cmd.exe' (and was renamed).
This is often used by administrators to reset lost passwords.
If KES cannot find a backup of the file, it cannot solve the problem.
Please check this manually.
Userlevel 7
Badge +9

Hi, @hk852, @Cary 
Malware of the Trojan.Multi.Accesstr family replaces Windows service files with cmd.exe or powershell.exe. This can be used for gaining unauthorized access to the system.

Recovery recommendations:

After detecting the threat, Kaspersky applications will try to find backup copies of corrupted files and restore them.

If it is impossible to find a backup copy or restore a corrupted file, run the tool for scanning system files:  sfc /scannow. For instructions, see the Microsoft support site.

If the issue persists, try to manually replace the file from the list below with a good copy of the file. You can copy the file from another computer running the same version of Windows, a Windows folder in the network environment, or a removable drive, e.g. a DVD drive with Windows.

More information in the article. https://support.kaspersky.com/viruses/protection/15387#block1

Also try cleaning your antivirus reports and performing a full scan of your computer. https://support.kaspersky.com/15097#block1

 

Userlevel 7
Badge +4

Hello,

Could you provide a avz report to here or pm to me?

http://www.z-oleg.com/secur/avz_doc_en/

Reply