We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Kepavll!rfn
Aliases: No associated aliases
Summary
Trojan:Win32/Kepavll!rfn heuristic detection label for malicious software based on the behavior associated with the trojan-type malware. It spreads via software installs that piggybacks from legitimate software installers. Many legitimate apps online are repackaged to include installation of drive-by apps. The "!rfn" suffix means that the detection was based on monitoring the device for suspicious activities and behavioral heuristics rather than traditional virus signature matching.
Every attempt to instantiate detection of Kepavll can often result in false positives, as it behaves similar to game modding tools, legit system utilities, and software development apps. This makes Kepavll very difficult to identify post-infection, it can also function as loaders or downloaders, to retrieve additional malicious payloads from a remote command and control (C2) servers. This causes full system compromise opening the device to more malware and backdoor infections.
- Disconnect from the network to prevent further damage or propagation.
- Check and remove suspicious scheduled tasks using schtasks.
- Restart the computer and boot into Safe Mode with Networking (often by pressing F8 during startup) to load only essential system processes, preventing most malware components from activating.
- Open the Task Manager (Ctrl+Shift+Esc), look for any suspicious processes with high resource usage or strange names, and end them.
- Check the Windows Scheduled Tasks folder and delete any unknown or suspicious tasks.
- Change all passwords that were stored on or typed into the infected computer, including website logins, email accounts, and banking credentials, as they may have been stolen by the trojan.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
