ISRCopyRSS.exe & KIS 7 Tojan.Cryptor warning

Discussion in 'FirstDefense-ISR Forum' started by TonyW, May 24, 2007.

Thread Status:
Not open for further replies.
  1. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,720
    Location:
    UK
    During a Copy/Update procedure this afternoon, KIS' Proactive Defense gave me a warning as follows:

    24/05/2007 4:06:16 PM C:\$ISR\0\ISRCopyRSS.exe Process is trying to encrypt personal data. This behaviour is typical of Trojan programs.

    I allowed, and it happened 6 more times till it stopped. The modifications were being made to Firefox's Profiles folder as I had installed a dictionary. Files were being removed or added.

    This is the first time I have seen this. Has anyone else come across this?
     
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,720
    Location:
    UK
    Actually, looking at the timestamps, it's more like files being added to or removed from the cache.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,908
    I haven't I guess, because I always disable Kav/kis before doing a copy. No point in scanning files during that copy. Just slows you down.
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,720
    Location:
    UK
    I'll disable in future. I have done that before, but didn't today.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.