Kaspersky
Question

Persistent Trojan on my laptop


Hi guys.

I am running KIS 2019 on my Dell XPS15 Windows 10 64 bit laptop.

Recently, KIS red-flagged to inform a trojan had been detected at the following location,

C:\Users\xxxx\AppData\Roaming\34270ECE-2DBB-F39F-B25B-462083AC4FDF\Hamelab.dat.,

and ordered a reboot to remove, which I did. However, upon restarting, the red-flag did not go away and I was ordered to do another reboot. After a couple more restarts, I decided enough was enough. This sucker is not going away that easily.

I would like to know if anyone else has faced the same problem. Need help. Thank you.

12 replies

Userlevel 7
Badge +2
Hi, welcome to Kaspersky Community.
Please try this AVZ Computer Scanning tool.
https://support.kaspersky.com/14612#block1
Then send the report into Kaspersky Support.
https://my.kaspersky.com/
Thanks
Userlevel 7
Badge +5
Hi, when sending the report to Kaspersky Support team, please also include the GSI report:
https://support.kaspersky.com/3632

And traces, recorded during detection and removal attempt of the trojan:
https://support.kaspersky.com/common/diagnostics/12797#block1
Userlevel 7
Badge +5
Hello,

Could you provide this file Hamelab.dat via PM?

Thanks.
Userlevel 7
Badge +2
Hi, as well as all above posts.
Just an "update" i never included the GSI Parser for the GSI Log.
You will need to create the GSI Log here.
https://forum.kaspersky.com/index.php?/topic/915-how-to-help-us-help-you-with-a-log-of-your-system/
Then drop the zip in here.
https://www.getsysteminfo.com/
Copy and paste the easy to read link and put it in your report.
You can post it back here to please.
Hi KarDip,

Thank you for your reply. I went to the link for the AVZ tool and found the following instructions.

  1. Download the AVZ tool executable file.
  2. Run the avz5.exe file on your computer. If the Windows Defender SmartScreen prevented avz5.exe from launching, in the Windows protected your PC window, click More infoRun anyway.
  3. Click FileCustom scripts.
  4. In the input field, enter the script you received from the Kaspersky Lab technical support specialist.
  5. Click Run.Wait until the tool has finished running and complete the rest of the Kaspersky Lab technical support specialist’s instructions.
Item 4 says I need to enter the script provided by Kaspersky technical support. Any idea?

Thanks.

Submariner
Hi Wesly,

Thank you for your interest in this problem. I tried looking for the file using the path in the red-flag to try delete the trojan manually but could not find it. My guess is Kaspersky must have removed and quarantined it.

I am not sure if this is related but having been alerted to a trojan infection I began looking through my installed programs and running services and discovered Chromium had somehow been installed on my laptop. Now, I am not sure how it got installed because I know what Chromium does and would never have consciously installed it. The Hamelab.dat trojan could have been snuck in by Chromium.

Regards.

Submariner
Hi Igor,

Does Kaspersky provide any scripts for the AVZ tools?

Thanks.

Submariner
Userlevel 7
Badge +2
Hi Submariner.
Yes Kaspersky does provide "scripts' to remove the offending "virus or etc".
But first they need to know how to write the scripts viewing some software information about you computer.

Yes AVZ Tool it looks confusing, but it is very easy to use.
For now please send the GSI Log to get started, lets think about AVZ for later.
Mean while just take a look here to study how to configure.
http://www.z-oleg.com/secur/avz_doc_en/index.html?t_about.htm
Please do not remove "anything" in testing.

Lets do this the easy way first.
Do your GSI Log.
https://forum.kaspersky.com/index.php?/topic/915-how-to-help-us-help-you-with-a-log-of-your-system/
Please drop the Zip in the GSI Parse.
Then "copy and paste post the "easy read link" back here and in your support "report"
https://forum.kaspersky.com/index.php?/topic/915-how-to-help-us-help-you-with-a-log-of-your-system/
Thank you.
Userlevel 2
Badge +1
https://support.kaspersky.com/viruses/krd18?cid=KIS_19.0&utm_source=interceptor&utm_medium=product&utm_campaign=KIS_19.0
Many thanks KarDip. Terribly sorry for the late reply. I shall give it try and get back to you.
Hi xiongliang. Tq for the link. I will definitely give it a try too.
Userlevel 7
Badge +5

Hi @Submariner 

Was this malware infected event been solved?If yes, Please set best answer to finish your toptic. Thanks in advance !

Regards.

Reply