Kaspersky

Discussion in 'malware problems & news' started by gre87y, Jul 31, 2005.

Thread Status:
Not open for further replies.
  1. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    I uploaded a file to Jottis and Kaspersky indicated I had a trojan. McAfee which I am using never complained. So I decided to try Kaspersky. I ran a scan in safe mode and nothing came up. Although there were some password protected files Kaspersky alerted me on and I am guessing these files could not be scanned? I have a few questions I am hoping some of you kind people could help me with. Should I be concerned about the password protected files that couldn't be scanned and what can I do about it? Why wasn't I able to detect the trojan jottis scanner did?
    Thanks
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I guess the first question to ask is which version of KAV did you load on your machine, and what was the date and time of the database. In other words, are they all current. Also, which database were you using: standard or extended?

    Rich
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If you have AdAware installed you will have a lot of password protected files that cannot be scanned. AdAware does this to protect itself from attack from malware that otherwise might disable it. There is nothing to be concerned about.

    If you can't find the trojan that Jotti's found that could be because your settings are different. Are you using extended data bases etc?

    Also the trojan could have been in a temp location and become deleted.

    You would have to give the exact name of the malware together with the full filepath for us to help you more.
     
  4. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    No, no scanner can scan (inside) a password protected file without the password, it just an option Kaspersky has if you do have the password. The default setting is "Do not ask for passwords when scanning objects", you have change this yourself in the settings.
    If Kaspersky was the only detecting at Jotti's, then it could simply be a mistake, it wouldn't be the first time something is detected, that is not infected or the other way around.

    What kind of file are we talking about? Is it an archive?

    The password protected files, what did they belong to?
     
  5. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    Thanks Don, Topper and Rich. I'll try and provide you with more information. I recently installed ZApro 6 but it wasn't directly from zonelabs . Someone at ZA forums posted a link to the new version and I downloaded it. Here is the link..
    http://forum.zonelabs.org/zonelabs/...pic&message.id=6533&highlight=hellomoto#M6533
    The version of Kaspersky personal 5.0.372. After I read about you asking what the trojan name was I went back and scanned the file again at Jottis. This time several virus scanners said I was infected. Kaspersky said the file was infected with P2P-Worm.Win32.SdDrop.c.
    I am using just the standard database. I looked into the extended database but wasn't able to figure out how to use.
    Most of the password protected files were from spybot, adaware, Mcafee antispy, pest patrol, some were temp files
    Thanks for the help.
     
  6. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You change to the extendedbases in "Threats and exclusions" (update after setting it) in the settings, stil there you open the on-demand setting and choose "on-demand scan settings", i believe it's called nowadays, this an older version, but the placing should be the same, here it's called "troubleshooting", but you get the picture:
    http://img85.imageshack.us/img85/3476/kav50ondemandscansettings0cq.jpg
    In the next picture (this is also from an older version), you check this one:
    http://img85.imageshack.us/img85/2061/kav50ondemandtroubleshooting2b.jpg

    This is the default setting in 5.0.372 and i don't understand why it's not in yours.

    The real-time setting you should keep at "Recommended", best performance/security combo, you can always lower it to "High speed" when gaming. :)
     
  7. dog

    dog Guest

    Actually that DL is from ZoneLabs server.The url for the pro DL is:
    Code:
    http://download.zonelabs.com/bin/free/1043_hoproducts/zapSetup_60_631_002.exe
    a scan with DR.Web say's the file is clean.
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    P2P-Worm.Win32.SdDrop.c looks to be KaZaA related to me:-
    http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.f.worm.html
    http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.worm.html
    Symantec call it W32.Kwbot.Worm, but it is the same thing.

    What was the full file path of the file you submitted to Jott's?

    I don't know why you've got password protected files in temp locations, but if you clear out your temp files before you scan you would not have that problem. Though it is best to configure KAV not to report password protected files; as Don has explained above.
     
  9. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    I was able to figure out extended database ( thanks Don). Last night I updated after I selected extended database, ran a scan in safe mode, nothing was detected. This morning I ran a normal scan , nothing was detected this time either. Must of been a false positive from Jottis? I believe so now, thank you very much Don, Topper, and Dog you guys are awesome :-*
    P. S. Really like Kaspersky, makes me feel safer then McAfee home version. Thanks again guys and takecare.
     
Thread Status:
Not open for further replies.