About Trojan.Multi.Accesstr
Latest update: March 03, 2021
ID: 15387
Do you want to prevent infections? Install Kaspersky for Windows
Threats of the Trojan.Multi.Accesstr family replace Windows service files with cmd.exe or powershell.exe. This can be used for gaining unauthorized access to the system.
For the list of threats and corrupted files, see below.
Recovery recommendations
After detecting the threat, Kaspersky applications will try to find backup copies of corrupted files and restore them.
If it is impossible to find a backup copy or restore a corrupted file, run the tool for scanning system files: sfc /scannow. See the instructions on the Microsoft website.
Open the command line and run the command:
sfc /scannow
If the issue persists, run the DISM command to scan your computer and fix the problems.
To do so:
- Run the command:
DISM /Online /Cleanup-Image /RestoreHealth
- After the DISM is finished, run the command:
sfc /scannow
If you have Windows 7, use /ScanHealth instead of /RestoreHealth.
Before running DISM with the /ScanHealth option, make sure that the Windows update is installed on your computer.
Before running DISM with the /ScanHealth option, make sure that the Windows update is installed on your computer.
If the issue persists, contact Microsoft technical support.
List of threats and corrupted files
- Trojan.Multi.Accesstr.aok and Trojan.Multi.Accesstr.bok:
- %SystemRoot%\\system32\\osk.exe
- %SystemRoot%\\syswow64\\osk.exe
- Trojan.Multi.Accesstr.amf and Trojan.Multi.Accesstr.bmf:
- %SystemRoot%\\system32\\magnify.exe
- %SystemRoot%\\syswow64\\magnify.exe
- Trojan.Multi.Accesstr.ads and Trojan.Multi.Accesstr.bds:
- %SystemRoot%\\system32\\displayswitch.exe
- %SystemRoot%\\syswow64\\displayswitch.exe
- Trojan.Multi.Accesstr.aab and Trojan.Multi.Accesstr.bab:
- %SystemRoot%\\system32\\atbroker.exe
- %SystemRoot%\\syswow64\\atbroker.exe
- Trojan.Multi.Accesstr.aum and Trojan.Multi.Accesstr.bum:
- %SystemRoot%\\system32\\utilman.exe
- %SystemRoot%\\syswow64\\utilman.exe
- Trojan.Multi.Accesstr.ash and Trojan.Multi.Accesstr.bsh:
- %SystemRoot%\\system32\\sethc.exe
- %SystemRoot%\\syswow64\\sethc.exe
- Trojan.Multi.Accesstr.aed and Trojan.Multi.Accesstr.bed:
- %SystemRoot%\\system32\\easeofaccessdialog.exe
- %SystemRoot%\\syswow64\\easeofaccessdialog.exe
- Trojan.Multi.Accesstr.anr and Trojan.Multi.Accesstr.bnr:
- %SystemRoot%\\system32\\narrator.exe
- %SystemRoot%\\syswow64\\narrator.exe