0
(0)

Threats of the Trojan.Multi.Accesstr family replace Windows service files with cmd.exe or powershell.exe. This can be used for gaining unauthorized access to the system.
For the list of threats and corrupted files, see below.

 

Recovery recommendations

After detecting the threat, Kaspersky applications will try to find backup copies of corrupted files and restore them.

If it is impossible to find a backup copy or restore a corrupted file, run the tool for scanning system files: sfc /scannow. See the instructions on the Microsoft website.

Open the command line and run the command:

sfc /scannow

If the issue persists, run the DISM command to scan your computer and fix the problems.
To do so:

  1. Run the command:
DISM /Online /Cleanup-Image /RestoreHealth
  1. After the DISM is finished, run the command:
sfc /scannow
If you have Windows 7, use /ScanHealth instead of /RestoreHealth.
Before running DISM with the /ScanHealth option, make sure that the Windows update is installed on your computer.

If the issue persists, contact Microsoft technical support.

 

List of threats and corrupted files

  • Trojan.Multi.Accesstr.aok and Trojan.Multi.Accesstr.bok:
    • %SystemRoot%\\system32\\osk.exe
    • %SystemRoot%\\syswow64\\osk.exe
  • Trojan.Multi.Accesstr.amf and Trojan.Multi.Accesstr.bmf:
    • %SystemRoot%\\system32\\magnify.exe
    • %SystemRoot%\\syswow64\\magnify.exe
  • Trojan.Multi.Accesstr.ads and Trojan.Multi.Accesstr.bds:
    • %SystemRoot%\\system32\\displayswitch.exe
    • %SystemRoot%\\syswow64\\displayswitch.exe
  • Trojan.Multi.Accesstr.aab and Trojan.Multi.Accesstr.bab:
    • %SystemRoot%\\system32\\atbroker.exe
    • %SystemRoot%\\syswow64\\atbroker.exe
  • Trojan.Multi.Accesstr.aum and Trojan.Multi.Accesstr.bum:
    • %SystemRoot%\\system32\\utilman.exe
    • %SystemRoot%\\syswow64\\utilman.exe
  • Trojan.Multi.Accesstr.ash and Trojan.Multi.Accesstr.bsh:
    • %SystemRoot%\\system32\\sethc.exe
    • %SystemRoot%\\syswow64\\sethc.exe
  • Trojan.Multi.Accesstr.aed and Trojan.Multi.Accesstr.bed:
    • %SystemRoot%\\system32\\easeofaccessdialog.exe
    • %SystemRoot%\\syswow64\\easeofaccessdialog.exe
  • Trojan.Multi.Accesstr.anr and Trojan.Multi.Accesstr.bnr:
    • %SystemRoot%\\system32\\narrator.exe
    • %SystemRoot%\\syswow64\\narrator.exe

Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 336 times, 1 visits today)