Kaspersky silently deletes "Infected" false-positive .exe files

Browsing through my old development folders I noticed that executables of some applications I developed years ago (using Borland C++Builder) were missing. Luckily I had the same folders in zipped archives. Trying to extract affected .exe files from .zip archives were failing with Access Denied errors. Trying to extract whole folder was resulting in the affected .exe files disappearing.

All this looked like actions of an antivirus software. However, my Kaspersky was showing that everything was fine, computer protected, no alerts, no errors, etc. After manually diving into Kaspersky Quarantine (under More Tools section) I found that my application was silently quarantined as HEUR:Trojan.Win32.Generic.

As this was an application I developed myself, I was pretty sure that it wasn't a Trojan. Just to be completely sure I scanned the affected .exe files on Virustotal and no other mainstream antivirus had any issues with these files. It was pretty obvious that the detection was a false-positive.

The user profile service service failed. The sign-in user profile cannot be loaded

 Issue

Creating a new local profile on a Windows 10 PC. When the new user tried to login for the first time following error is displayed:

Resolution

The issue was caused by a corrupted Default user profile (that is used as a template for new user profiles). To resolve this I had to copy the default user profile from another Windows 10 PC (C:\Users\Default).

Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait