Kaspersky
Solved

MEM:Trojan.Win32.SEPEH.gen; Kaspersky says its disinfected but its back again

  • 1 November 2020
  • 8 replies
  • 2559 views

  • Community Citizen
  • 4 replies

Hi there I recently disinfected the Trojan on the 26 of October but now it is back as of today for some reason

as you can see it was disinfected but it may be back soon. 

Thank you.

icon

Best answer by Berny 1 November 2020, 17:08

@Bleb You are welcome. Please go to  https://center.kaspersky.com 

> Summary > Technical Support Center > Request Technical Support > “Create Request”

View original

8 replies

Userlevel 7
Badge +8

@Bleb Welcome. Please submit a ticket to Kaspersky Lab Technical Support: https://center.Kaspersky.com 

Hello Berny, thanks for the help, my only problem is how to submit a ticket

Userlevel 7
Badge +8

@Bleb You are welcome. Please go to  https://center.kaspersky.com 

> Summary > Technical Support Center > Request Technical Support > “Create Request”

Userlevel 7
Badge +4

Hello,

Do you have a file named svchost.exe in PATH C:\Users\YOUR ACCOUNT NAME\Documents?

Regards.

Yes I do have a file named that.

 

Userlevel 7
Badge +4

 


Hello,

No, You haven't this file in that folder. But Could you search a folder named “my document”. Our KL chinese virus lab analyst once told me search that folder.

If you also haven’t that folder, Do you use any language input method, such as Sougou or …? Please uninstall the input method and observe related issues. or Do you use any cracked program, just like adobe keygen...

This issue is related that the hash of explorer.exe in memory is different in disk detected by anti-rootkit scan. There are something inject to it and string “ my document\svchost.exe” also include in it.

Discussion of related issues: https://translate.google.cn/translate?sl=zh-CN&tl=en&u=https%3A%2F%2Fbbs.kafan.cn%2Fthread-2173483-1-1.html

Regards.

 

 

 


Hello,

No, You haven't this file in that folder. But Could you search a folder named “my document”. Our KL chinese virus lab analyst once told me search that folder.

If you also haven’t that folder, Do you use any language input method, such as Sougou or …? Please uninstall the input method and observe related issues. or Do you use any cracked program, just like adobe keygen...

This issue is related that the hash of explorer.exe in memory is different in disk detected by anti-rootkit scan. There are something inject to it and string “ my document\svchost.exe” also include in it.

Discussion of related issues: https://translate.google.cn/translate?sl=zh-CN&tl=en&u=https%3A%2F%2Fbbs.kafan.cn%2Fthread-2173483-1-1.html

Regards.

 

 

I used a cracked vegas

 

Reply