kaspersky anti-malware boot CD scan: password protected files

Discussion in 'other anti-malware software' started by wearetheborg, Aug 6, 2010.

Thread Status:
Not open for further replies.
  1. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    I ran the anti malware cd of
    http://support.kaspersky.com/viruses/rescuedisk/main?qid=208282173

    It did not find any malware, but during the scan, it did throw up some notiications on "password protected file".

    I do have password protected any files. Looking at the report, I see many password protected files, eg, in the cache of firefox, or in the klite codecs directory etc.

    Is this normal?

    EDIT: For example, there is a file klcodec490f.exe
    I'm seeing password protected: klcodec490f.exe/data0001
    klcodec490f.exe/data0002 etc
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    if you check one of those files, what format are they in; can you access them?
     
  3. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    For example, there is a file klcodec490f.exe (not a directory)
    I'm seeing password protected: klcodec490f.exe/data0001
    klcodec490f.exe/data0002 etc
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Is that file an executable zip/archive file? It could be that any archives KIS can't open, for whatever reason, it classifies as password protected files. As long your machine is malware free I wouldn't worry too much.
     
  5. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Nope, its a not-zipped file .
    There was another such file in myusername/AppData something in firefox cache; again a file (apparently with an unknown filename extension or no extension).

    I could have sworn that the scan also gave notifications on password protected files in the windows system directory, but they are not readily visible in the massive log of the scan
     
  6. chris1341

    chris1341 Guest

    I've always had this notification from Kaspersky about KL Codec Packs. I know the file is safe so never bothered.

    I would have thought the log is simply highlighting the file has not been inspected as thoroughly as the others. If you know its safe its no issue.

    I would also be interested though as to why Kaspersky has issues with it. Have you tried their forums?

    Cheers
     
  7. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Hmmm, I swear when I had searched yesterday, I had found a thread on Kaspersky with no replies mentioning the same problem. Today I find this:
    http://forum.kaspersky.com/index.php?showtopic=52352

    This leads me to wonder --- if AV cant scan password protected files, then why dont all malware password protect themselves?
     
  8. chris1341

    chris1341 Guest

    I am no AV expert but would think the file is still scanned just not inspected as thoroughly i.e. the archive is scanned but not unpacked as the AV can't possibly hold they key to do so. That's certainly what Lucian is suggesting I think in the link you gave. I would think that would be enough for detection in most cases if the packer/file was known bad, but maybe not.

    Certainly when the password triggers the unpacking or execution of the file the AV would scan/detect. No?
     
  9. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Good point, I guess that is the where the real time AV comes in. Darn, I was hoping I could do with a on demand scanner.


    I tried scanning another computer with the Kaspersky rescue CD, but the scan hangs soons after it starts, CPU usage 100% with "scan malfunction" in the logs.
    Oh well.
     
Loading...
Thread Status:
Not open for further replies.