ISRCopyRSS.exe & KIS 7 Tojan.Cryptor warning

Discussion in 'FirstDefense-ISR Forum' started by TonyW, May 24, 2007.

Thread Status:
Not open for further replies.
  1. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    During a Copy/Update procedure this afternoon, KIS' Proactive Defense gave me a warning as follows:

    24/05/2007 4:06:16 PM C:\$ISR\0\ISRCopyRSS.exe Process is trying to encrypt personal data. This behaviour is typical of Trojan programs.

    I allowed, and it happened 6 more times till it stopped. The modifications were being made to Firefox's Profiles folder as I had installed a dictionary. Files were being removed or added.

    This is the first time I have seen this. Has anyone else come across this?
     
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    Actually, looking at the timestamps, it's more like files being added to or removed from the cache.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I haven't I guess, because I always disable Kav/kis before doing a copy. No point in scanning files during that copy. Just slows you down.
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    I'll disable in future. I have done that before, but didn't today.
     
Thread Status:
Not open for further replies.