kis6 and msnmsgr riskware

Every so often kis6 pops up a warning about msn messenger which I have running.

msnmsgr.exe detected new variant of riskware (loader)

and in the logs this shows

detected: riskware Invader (loader) Running process: C:\WINNT\system32\TaskSwitch.exe
detected: riskware Invader (loader) Running process: C:\WINNT\CTHELPER.EXE
detected: riskware Invader (loader) Running process: C:\Program Files\MSN Messenger\msnmsgr.exe

if these are all innocent I am ok to set them as trusted?

thanks.

 

It's just a false psitive made by PDM module of KAV6. Report to Kaspersky Labs team as the KAV6 is still in beta test phase.

 

And next time add it to exclusions in the alert.

 

ok thanks

 

hello.. i just joined the forum.

i had the same riskware loader warning pop up the other day. i emailed kaspersky lab. i was sent back an email telling me this has the same function as RISKWARE INVADERS. they went on to say if i dont use messenger to disable it..heres the info i received Dear Sir/Madam

This application msmsgs.exe -has the same function as riskware Invader.
If you don't use Messenger - you can disable this service - rigth click
on "My computer" - Manage - Services and applications - Services.
Disable Messenger and set the StartUp Type - Manual.

hope this helps anyone

 

i also had problems with it popping up, (proactive defense)

i would get it also when clicking favourites in IE.

 

gday,

the thing is kav6 has detected it but when i scan the computer it doesnt say anything is infected..i emailed kaspersky lab and told them this..thats when they basically said to disable messenger.

 

That's not a bad idea,disabling Messenger service.
I did that previously and have not missed the service at all.

 

The reason it wasn't detected when you subsequently scanned is because it is a detection made with the proactive defense (behavior based detection) in Kaspersky 6.0, you can add it to the trustedzone in Kav/Kis or do as support suggested.

 

a couple features like the proactive portion always bothers me. I'm a game player not an AV expert so I'm never sure what to do when I get that popup and I don't always run to the forum to get an an answer so when I had this happen over the weekend with a new game I installed since I just stopped the popups. their are several exe in the game that continued to cause popups. WHat's the point of a AV that makes you guess if it's a problem or not I got it to decide for me.And WHile DOn & others at the forum are always helpful when I do go, this needs work...

 

Actually it's the user that needs .................ehmm a bit work , in your case maybe you should simply consider uninstalling this module, it's an option, not something you have to use if it is very annoying and you get more frustrated than protected! You will not see much improvement if what you're looking for is something that will give you a 100% "This is malware X or Y", thats not the point of the PDM (although it will also give detections almost like that too).....it's to discover more malware than heuristics will do based on behavior which sometimes also legit programs will exhibit, so a bit of user interpretation (for lack of a better word) is required, but when you get the hang of it, it's not that difficult.

It's easily removed by simply running the uninstaller and choosing Modify this will make it possible to uninstall any component you wish to remove witout having to actually uninstall the whole program only to reinstall it again.

 

the user in this case does need work, you can ask my wife ;-) ...I'll check that out the game in question always throws Kis6 a curve (sorry baseball game) as it always see the updates or patches as a problem or defines it as a variant of some malware. Would this also be part of the proactive defense?, or do I need a manual for this ;-) , thanks

PS have seen alot of problems as their most recent update caused more problems than it fixed so have a few 'too many' fixes...it had been quiet up till now...

 

What is the most recent update to you? 6.0.1.411 has been released today:http://www.kaspersky.com/productupdates, if you haven't then uninstall what version you have now, reboot and install 411.......use basic mode when you can select this during the install.

 

just a quick question...

i have version 6.0.0.303..... i have auto update on to receive updates(obviously) what would be the difference between my up-to-date version compared to downloading 6.0.1.411

cheers guys..

 

You won't have the latest developments for the PDM and other modules, but you will receive vulnerability fixes, driver updates etc. I would recommend you to install 6.0.1.411 though, uninstall 299-303 first with a reboot.

 

cheers for the reply..

ive downloaded the update and will install now..thanks for the help.