Jump to content

Interaction with Kaspersky

Ray1942
 Share

Recommended Posts

daledoc1

daledoc1

Posted
Posted

Hello and :welcome:, @Ray1942:

Short answer:  No.

Longer answer: It's impossible to say for sure what's going on, based on the information presented so far.
Each security application (whether an AV, such as Kaspersky, or an anti-malware, such as MBAM) targets different types of malware and uses different databases.

So, if Kaspersky detects an item and MBAM does not detect it, it could be a legitimate detection by Kaspersky of a file type not targeted by MBAM (IOW you may be infected).
Or, it could be False Positive by Kaspersky.
Or, something else might be going on.

In order to get a slightly better idea, so that we can better assist you, I suggest following the advice here: Assistance obtaining computer system information

Then, please ATTACH all 3 logs to your next reply in this thread.

We'll go from there.

Thanks,

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

I've asked the forum staff to review your logs.

Until then, yes, as @Aura originally suggested, what is the exact file path of the detection you report?
(You may need to open the KIS GUI and then use the sliders in the headers at the top of the logs window to fully view the entire path.)

This may be either a legit detection by KIS (IOW you are infected), or a false positive by KIS (which might need to be reported to the virus lab at KL tech support), or something else.

But, to get back to your original question, based on the available information, no, this does not appear to be something "caused by Malwarebytes".

Thanks for your patience,

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

This entry does not look legit and could possibly be what Kaspersky is finding.

Task: {36CE2BB5-61E8-443A-AE58-7C731B7F5C8D} - System32\Tasks\{0E087847-7805-0F7E-7911-7F050E09117F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAOwA7ACAAOwAgADsAIAA7ACAAIAA7ADsAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYA (the data entry has 9968 more characters). <==== ATTENTION

 

PowerShell is a Windows scripting system but I'm not aware of any encoded or hidden commands setup by Microsoft. That makes it very suspect as to what it's doing. Unless you can confirm yourself what it's doing I'd remove it. In any case, I'd recommend you have someone assist you in scanning and cleaning your computer.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.