kis6 and msnmsgr riskware

Discussion in 'other anti-virus software' started by chrcol, May 1, 2006.

Thread Status:
Not open for further replies.
  1. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    785
    Location:
    UK
    Every so often kis6 pops up a warning about msn messenger which I have running.

    msnmsgr.exe detected new variant of riskware (loader)

    and in the logs this shows

    detected: riskware Invader (loader) Running process: C:\WINNT\system32\TaskSwitch.exe
    detected: riskware Invader (loader) Running process: C:\WINNT\CTHELPER.EXE
    detected: riskware Invader (loader) Running process: C:\Program Files\MSN Messenger\msnmsgr.exe

    if these are all innocent I am ok to set them as trusted?

    thanks.
     

    Attached Files:

  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It's just a false psitive made by PDM module of KAV6. Report to Kaspersky Labs team as the KAV6 is still in beta test phase.
     
  3. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    And next time add it to exclusions in the alert.
     
  4. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    785
    Location:
    UK
    ok thanks
     
  5. 12gaugebill

    12gaugebill Registered Member

    Joined:
    Nov 18, 2006
    Posts:
    4
    hello.. i just joined the forum.

    i had the same riskware loader warning pop up the other day. i emailed kaspersky lab. i was sent back an email telling me this has the same function as RISKWARE INVADERS. they went on to say if i dont use messenger to disable it..heres the info i received Dear Sir/Madam

    This application msmsgs.exe -has the same function as riskware Invader.
    If you don't use Messenger - you can disable this service - rigth click
    on "My computer" - Manage - Services and applications - Services.
    Disable Messenger and set the StartUp Type - Manual.

    hope this helps anyone
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i also had problems with it popping up, (proactive defense)

    i would get it also when clicking favourites in IE.
     
  7. 12gaugebill

    12gaugebill Registered Member

    Joined:
    Nov 18, 2006
    Posts:
    4
    gday,

    the thing is kav6 has detected it but when i scan the computer it doesnt say anything is infected..i emailed kaspersky lab and told them this..thats when they basically said to disable messenger.
     
  8. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    That's not a bad idea,disabling Messenger service.
    I did that previously and have not missed the service at all.
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    The reason it wasn't detected when you subsequently scanned is because it is a detection made with the proactive defense (behavior based detection) in Kaspersky 6.0, you can add it to the trustedzone in Kav/Kis or do as support suggested.
     
  10. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    a couple features like the proactive portion always bothers me. I'm a game player not an AV expert so I'm never sure what to do when I get that popup and I don't always run to the forum to get an an answer so when I had this happen over the weekend with a new game I installed since I just stopped the popups. their are several exe in the game that continued to cause popups. WHat's the point of a AV that makes you guess if it's a problem or not I got it to decide for me.And WHile DOn & others at the forum are always helpful when I do go, this needs work...
     
  11. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Actually it's the user that needs .................ehmm a bit work ;) , in your case maybe you should simply consider uninstalling this module, it's an option, not something you have to use if it is very annoying and you get more frustrated than protected! You will not see much improvement if what you're looking for is something that will give you a 100% "This is malware X or Y", thats not the point of the PDM (although it will also give detections almost like that too).....it's to discover more malware than heuristics will do based on behavior which sometimes also legit programs will exhibit, so a bit of user interpretation (for lack of a better word) is required, but when you get the hang of it, it's not that difficult.

    It's easily removed by simply running the uninstaller and choosing Modify this will make it possible to uninstall any component you wish to remove witout having to actually uninstall the whole program only to reinstall it again.
     
  12. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    the user in this case does need work, you can ask my wife ;-) ...I'll check that out the game in question always throws Kis6 a curve (sorry baseball game) as it always see the updates or patches as a problem or defines it as a variant of some malware. Would this also be part of the proactive defense?, or do I need a manual for this ;-) , thanks

    PS have seen alot of problems as their most recent update caused more problems than it fixed so have a few 'too many' fixes...it had been quiet up till now...
     
  13. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    What is the most recent update to you? 6.0.1.411 has been released today:http://www.kaspersky.com/productupdates, if you haven't then uninstall what version you have now, reboot and install 411.......use basic mode when you can select this during the install.
     
  14. 12gaugebill

    12gaugebill Registered Member

    Joined:
    Nov 18, 2006
    Posts:
    4
    just a quick question...

    i have version 6.0.0.303..... i have auto update on to receive updates(obviously) what would be the difference between my up-to-date version compared to downloading 6.0.1.411o_O

    cheers guys..
     
  15. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You won't have the latest developments for the PDM and other modules, but you will receive vulnerability fixes, driver updates etc. I would recommend you to install 6.0.1.411 though, uninstall 299-303 first with a reboot.
     
  16. 12gaugebill

    12gaugebill Registered Member

    Joined:
    Nov 18, 2006
    Posts:
    4
    cheers for the reply..

    ive downloaded the update and will install now..thanks for the help.
     
Thread Status:
Not open for further replies.