hello
recently i purchased kav5.0 pro after i trialed kav5 personal. upon installing i updated it and did a full system scan...and it found my mirc.exe to be a riskware. when i was using kav5 personal trial, it didnt detect anything wrong with it. i used it recommended action...'skip'
to my surprise i couldnt use my mirc anymore. tried uninstalling and installing mirc again didnt help. the only solution is to quit kav5 pro and on my mirc then enable my kav5 pro. anyone can help? what is riskware? is it dangerous? i downloaded my mirc from download.com and its a trial version.
any help is appreciated...tks
pardon my poor english

Well IRC is the biggest source for worms and other nasty things... I'm not sure why Kaspersky makes it non-functional anyway...
Try to install a alternative IRC client like xchat or whatever, and see if Kaspersky responds the same at it :)

this is a know 'problem' discussed several times at the kav forums here http://forums.useice.com/cgi-bin/ikonboard.cgi?s=3ec0bba4579affff;act=SF;f=1


kav locks it, but u can add mirc.exe to the exclusions and it wont be scanned again and after a reboot u can use it again...thats the best solution for me at least

my goodness...thats real fast replies from u ppl...tks stylewarz and tahoma
i've already added mirc.exe to trusted riskware.
tks for your fast replies

after adding it to trusted riskware...still doesnt quite help...
currently i disable that detection

'Not a virus Riskware' is not malware, but it is considered a 'risk' because malware could, in certain circumstances use it to your detriment. KAV is merely pointing this fact out to you, so you know what is on your machine, with a recommendation that you 'skip' rather than delete it.

This only comes about when you use the extended data bases. In 'Personal' you have to download these especially whereas with 'Pro' you just have to tick the Detect Riskware box (done by default I believe). If you untick this box in Pro your problem will be solved!

There is another box 'Detect Hack Tools' which will give a lot of FPs and is useful for analysis only.

I have no problems with using the extended data bases though. I do have one prog flagged, but I put this into the exclude Trusted Riskware list.

It is not an FP by the way, it is merely 'riskware'.

tks topperID
i've just disabled Detect Riskware....
so does that means i am vulnerable to other threats too? (if i unchecked that box)

if u turn off the riscware thing it wont scan for riskware at all i think. it seems the exclude from riskware thing isnt working properly. what i do is to completely exclude mirc.exe for any type of scan

-{ Quote: "tks topperID
i've just disabled Detect Riskware....
so does that means i am vulnerable to other threats too? (if i unchecked that box)" }-
If you by other threats mean, viruses, worms & trojans, then no, you're still protected by 115987 signatures, 24 March 2005 at 21:56 (GMT +0300), more than most AV's even with the standardbases. From Extra Database Options page:
-{ Quote: "Extra Database Options

About our additional databases
Our standard antivirus solutions protect you from all viruses, Internet worms, Trojans and other malicious programs. However, there are other means for hackers, spammers and other cyber criminals to harm users.

Kaspersky Labs provides additional antivirus databases for special usage. We do recommend that you contact our technical support specialists before using these databases.

Additional databases
Extended database option
SuperSecure database option
These options are primarily for use by network administrators and experienced users. We do not recommend these options to beginners or inexperienced users. However, some of these databases will be included in a new version of Kaspersky Anti-Virus scheduled for release in April 2004.

These options include databases for detecting programs that are not malware but could potentially cause damage and are additions to the standard antivirus databases." }-
You're just a little unlucky, i have used the extendedbases for a year without a problem. :)

You are quite safely protected against normal malware such as viruses, worms and trojans. The extended databases are only protecting you against certain additional threats of a lower level - such as adware, diallers and general spyware (together with riskware).

I have only recently started using the extended bases, and although it does give a bit of extra coverage, it is not essential. Programs like A2 and Ewido will probably offer a better protection in this field in any case.

Edit - darn it, you beat me to it Don! ;)

tks for ur replies tamoha, don and topperID
i am running teatimer (spybot) and ewido so i guess i wont be using extended database....
sad only mirc and qchat got infected (though qchat can still be used - LAN)

Just to complicate matters a little, AVK 2005 - which does not have the extended data bases of KAV, but does use the KAV engine - also identifies mirc.exe as riskware:

'virus was found in file "not-a-virus:RiskWare.mIRC.6.01 (KAV engine)"'

Making mirc an exception sorts this out for the AVK monitor

i tried scanning without the extended database and it doesnt show mirc.exe as a riskware....
maybe avk2005 has other kav databases? (i am just guessing...totally new to antivirus)

-{ Quote: "i tried scanning without the extended database and it doesnt show mirc.exe as a riskware....
maybe avk2005 has other kav databases? (i am just guessing...totally new to antivirus)" }-

Yes, AVK 2005 uses a combination of KAV/BitDefender engines with data bases to match, but not the extended data bases of KAV. That's why I made my post as it seemed people were saying the riskware identification came from the extended data bases of KAV, but I get the same identification from the KAV engine without the extended data bases. I am just muddying the water a little ;D

-{ Quote: "Yes, AVK 2005 uses a combination of KAV/BitDefender engines with data bases to match, but not the extended data bases of KAV. That's why I made my post as it seemed people were saying the riskware identification came from the extended data bases of KAV, but I get the same identification from the KAV engine without the extended data bases. I am just muddying the water a little ;D" }-
Howard, may i ask how many signatures the Kav engine in AVK has. :)

I dont think there's a way to find that out....

-{ Quote: "I dont think there's a way to find that out...." }-
Is there no way to see it in the program (can't remember myself, it's a couple months since i tried AVK2005).

-{ Quote: "Howard, may i ask how many signatures the Kav engine in AVK has. :)" }-

I wish I could tell you, but I'm afraid I don't know and I suspect Firecat is right as there doesn't appear to be a way to find out. I did some rummaging about and AVK 2005 does have riskware.avc which Kaspersky lists [ http://www.kaspersky.co.uk/extraavupdates?chapter=146235718 ] as part of its extended database option, but not Adware.avc or Pornware.avc (AVK 2005 has obscene.avc but I wouldn't know if this is comparable with Pornware.avc)

Not sure if this is information or me just making noise ;D

-{ Quote: "I wish I could tell you, but I'm afraid I don't know and I suspect Firecat is right as there doesn't appear to be a way to find out. I did some rummaging about and AVK 2005 does have riskware.avc which Kaspersky lists [ http://www.kaspersky.co.uk/extraavupdates?chapter=146235718 ] as part of its extended database option, but not Adware.avc or Pornware.avc (AVK 2005 has obscene.avc but I wouldn't know if this is comparable with Pornware.avc)

Not sure if this is information or me just making noise ;D" }-
Obscene.avc is an updated version of PornWare.avc

I remember that in eScan the PornWare.avc was replaced by obscene.avc without any loss in detections.

So AVK includes PornWare database too.

Regards,
Firecat

-{ Quote: "I wish I could tell you, but I'm afraid I don't know and I suspect Firecat is right as there doesn't appear to be a way to find out. I did some rummaging about and AVK 2005 does have riskware.avc which Kaspersky lists [ http://www.kaspersky.co.uk/extraavupdates?chapter=146235718 ] as part of its extended database option, but not Adware.avc or Pornware.avc (AVK 2005 has obscene.avc but I wouldn't know if this is comparable with Pornware.avc)

Not sure if this is information or me just making noise ;D" }-
Ah, so that's why you detect mirc, you have at least part of the extendedbases present.

Thank you for that bit of information/noise, Howard. ;) ;D

if i have riskware disabled will it still be able to find spyware and other malaware or i have to enable it to do so???

-{ Quote: "if i have riskware disabled will it still be able to find spyware and other malaware or i have to enable it to do so???" }-
If you want it to detect any of these:
-{ Quote: "The Extended database option includes the following databases:

Riskware.avc

This database detects malware that initiates remote observation and control over the victim PC. For example:


programs for remote administation
keyboard espionage
password detection
automatic dial-up to paid sites

System adminstrators should remember that this database may generate warnings from exisiting information security software, for instance software providing remote control and not having its own installers and icons.

Pornware.avc

This database contains texts identifying various pornographic sites:


programs that auto-dial porn sites
programs for auto downloads of files containing explicit materials

Adware.avc

This database identifies several types of ads and related programs.

Warning! We advise utmost caution in removing such programs, since removal of the ad can cause the original program where it was attached to fail." }-
Then yes, you will have to enable it. :)

Ooh, this is good news about AVK 2005. If I have understood correctly, it includes 2/3 of the extended databases - Riskware.avc and Obscene.avc

-{ Quote: "Just to complicate matters a little, AVK 2005 - which does not have the extended data bases of KAV, but does use the KAV engine - also identifies mirc.exe as riskware:

'virus was found in file "not-a-virus:RiskWare.mIRC.6.01 (KAV engine)"'

Making mirc an exception sorts this out for the AVK monitor" }-

Same with AVK 2004. mIRC is considered "risky ware".