Kaspersky
Solved

Trojan.Multi.BroSubsc.gen - difficult to remove [Moved]

  • 26 March 2021
  • 10 replies
  • 5488 views

  • Community Citizen
  • 2 replies

We’ve had multiple detections of Trojan.Multi.BroSubsc.gen.  Deleting and reinstalling the browser (with a restart in there too) seems to help but in one case the malware returned.  Anybody having the same problem?  

icon

Best answer by Danila T. 21 September 2021, 16:03

View original

This topic has been closed for comments

10 replies

Userlevel 7
Badge +6

 

Badge


Application: Kaspersky Endpoint Security for Windows
Operating system: Windows 10 64-bit
Computer name: PC1
Domain: DC
Notifications:
Critical event: 10/05/2021 14:50:03:
Event type: Malicious object detected
User: DC\007 (Active user)
Component: Virus Scan
Result description: Detected
Type: Trojan
Name: Trojan.Multi.BroSubsc.gen
Threat level: Exactly
Precision: High
Object type: File
Object name: System Memory
Reason: Expert analysis
Database release date: 10/05/2021 11:45:00




Application: Kaspersky Endpoint Security for Windows
Operating system: Windows 7 SP1 64-bit
Computer name: PC2
Domain: DC
Notifications:
Critical event: 10/05/2021 14:42:09:
Event type: Malicious object detected
User: DC\008 (Active user)
Component: Virus Scan
Result description: Detected
Type: Trojan
Name: Trojan.Multi.Accesstr.ash
Threat level: Exactly
Precision: High
Object type: File
Object name: System Memory
Reason: Automatic analysis
Database release date: 10/05/2021 11:45:00
 
 

If it is a false positive, then why does Windows remains in ‘hibernation’ preventing KRD to perform any intervention?

Userlevel 1
Badge

We tend to get them too quite often. After starting the Advanced Disinfection it goes away.

Userlevel 7
Badge +7

What browser are you using? If it's Chrome, go to the address bar in the settings address:

chrome://settings/content/notifications

or open manual on Google-Help.

Check each allowed site in the "Allowed" box.
Remove suspicious ones.

 

Denying all notifications seems extreme.  How can I tell which sites are causing the problem?  Also, there are no suspicious processes and the hosts file only has internal mappings.  Could this be a false positive?

Userlevel 7
Badge +7

You need to deny all notifications in browsers or allow only for specific sites.

More information:
https://translate.google.com/translate?sl=auto&tl=en&u=https://habr.com/ru/post/442026/

Userlevel 7
Badge +9

@Gren I moved your Topic to the Kaspersky Corporate Product Section.

Which report or info are you looking for?  The summary report says the path is “System memory” and the action taken is “N/A”, which isn’t helpful.  The rest of it is date, time, device, etc.,   We’re using Endpoint Security for Windows v 11.0.0.6499

Userlevel 7
Badge +9

@Gren Welcome. Can you please check your Kaspersky reports and post a screenshot from the detection.