Kaspersky
Question

Fileless Trojan when scanning with Boot Disk

  • 3 May 2019
  • 3 replies
  • 215 views

I booted a Windows 10 computer with the Kaspersky boot rescue disk. When performing a scan of two different Windows 10 systems with this Kaspersky boot disk, both time a Trojan named Trojan.Multi.GenAutorunReg.a was found, and it's categorized as a Fileless object. I'm confused how a fileless Trojan got on both systems when I was booting from the Kaspersky boot disk.

Can someone explain?

It makes it seem that there is an issue with the boot disk.

3 replies

hello @MagnusKnight ,
i am not sure,
but AutorunReg sounds to me, that there is an autorun registry entry on you systems.
those autorun entries can contains filenames and commandline opperations as well.

those autorun entried will be executed everytime your system boot or when a user logged in.

when the autorun entry is a commandline opperation, then it is fileless, because no specific/additional file is envolved, that can be "quarantained".

remember, in a commandline you can put a lot of opperations and can contain a full trojan/virus script or at least commands to download and execute other software.
Userlevel 2
Badge
I booted a Windows 10 computer with the Kaspersky boot rescue disk. When performing a scan of two different Windows 10 systems with this Kaspersky boot disk, both time a Trojan named Trojan.Multi.GenAutorunReg.a was found, and it's categorized as a Fileless object. I'm confused how a fileless Trojan got on both systems when I was booting from the Kaspersky boot disk.

Can someone explain?

It makes it seem that there is an issue with the boot disk.


Hello.

Please provide traces https://support.kaspersky.com/14223
Selam,
Windows 10 bu önyüklemeyi bilgisayarımda çalıştıramıyor. Bir disk yazarken farklı bir yol yazmalıyım. Yardım edebilirseniz sevinirim.

Reply / Ответить