Solved Possible Network Intrusion.

[Xeno1234]

Hello!

After giving malwarebytes forums my FRST logs they said they noticed Kaspersky running from the temp folder. This would align with what Practical Response said.

I did notice show file extensions get turned off randomly then turned back on. Or well Kaspersky said they got turned off. Not sure if it’s a bug or something but 6 antivirus scanners came back clean and I’m on malware removal forums.

Hello!

After giving malwarebytes forums my FRST logs they said they noticed Kaspersky running from the temp folder. This would align with what Practical Response said.

I did notice show file extensions get turned off randomly then turned back on. Or well Kaspersky said they got turned off. Not sure if it’s a bug or something but 6 antivirus scanners came back clean and I’m on malware removal forums.

There are for some reason weird Kaspersky drives installed when Kaspersky isn’t installed.

 

[harlan4096]

But there are leftovers of using KVRT2020 at some time...

 

[Practical Response]

But there are leftovers of using KVRT2020 at some time...

Exactly, they are left over files from Kaspersky monitoring drivers. Using the Kavremoval tool will remedy this problem.

 

[Xeno1234]

But there are leftovers of using KVRT2020 at some time...

I did use Kaspersky virus removal tool, not sure if it was 2020.

 

[Xeno1234]

There was also 63bcba32a. sys

 

[harlan4096]

Yes, this is a common behavior of KVRT, it generates random names when running in a system, to avoid possible malware running to identify and try or kill it

 

[Xeno1234]

63bcba32a. sys

Yes, this is a common behavior of KVRT, it generates random names when running in a system, to avoid possible malware running to identify and try or kill it

that would make sense. Thank you