Riskware

Discussion in 'other anti-virus software' started by LIW, Mar 24, 2005.

Thread Status:
Not open for further replies.
  1. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    hello
    recently i purchased kav5.0 pro after i trialed kav5 personal. upon installing i updated it and did a full system scan...and it found my mirc.exe to be a riskware. when i was using kav5 personal trial, it didnt detect anything wrong with it. i used it recommended action...'skip'
    to my surprise i couldnt use my mirc anymore. tried uninstalling and installing mirc again didnt help. the only solution is to quit kav5 pro and on my mirc then enable my kav5 pro. anyone can help? what is riskware? is it dangerous? i downloaded my mirc from download.com and its a trial version.
    any help is appreciated...tks
    pardon my poor english
     
  2. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Well IRC is the biggest source for worms and other nasty things... I'm not sure why Kaspersky makes it non-functional anyway...
    Try to install a alternative IRC client like xchat or whatever, and see if Kaspersky responds the same at it :)
     
  3. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
  4. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    my goodness...thats real fast replies from u ppl...tks stylewarz and tahoma
    i've already added mirc.exe to trusted riskware.
    tks for your fast replies
     
  5. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    after adding it to trusted riskware...still doesnt quite help...
    currently i disable that detection
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    'Not a virus Riskware' is not malware, but it is considered a 'risk' because malware could, in certain circumstances use it to your detriment. KAV is merely pointing this fact out to you, so you know what is on your machine, with a recommendation that you 'skip' rather than delete it.

    This only comes about when you use the extended data bases. In 'Personal' you have to download these especially whereas with 'Pro' you just have to tick the Detect Riskware box (done by default I believe). If you untick this box in Pro your problem will be solved!

    There is another box 'Detect Hack Tools' which will give a lot of FPs and is useful for analysis only.

    I have no problems with using the extended data bases though. I do have one prog flagged, but I put this into the exclude Trusted Riskware list.

    It is not an FP by the way, it is merely 'riskware'.
     
  7. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    tks topperID
    i've just disabled Detect Riskware....
    so does that means i am vulnerable to other threats too? (if i unchecked that box)
     
  8. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    if u turn off the riscware thing it wont scan for riskware at all i think. it seems the exclude from riskware thing isnt working properly. what i do is to completely exclude mirc.exe for any type of scan
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    If you by other threats mean, viruses, worms & trojans, then no, you're still protected by 115987 signatures, 24 March 2005 at 21:56 (GMT +0300), more than most AV's even with the standardbases. From Extra Database Options page:
    You're just a little unlucky, i have used the extendedbases for a year without a problem. :)
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    You are quite safely protected against normal malware such as viruses, worms and trojans. The extended databases are only protecting you against certain additional threats of a lower level - such as adware, diallers and general spyware (together with riskware).

    I have only recently started using the extended bases, and although it does give a bit of extra coverage, it is not essential. Programs like A2 and Ewido will probably offer a better protection in this field in any case.

    Edit - darn it, you beat me to it Don! ;)
     
  11. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    tks for ur replies tamoha, don and topperID
    i am running teatimer (spybot) and ewido so i guess i wont be using extended database....
    sad only mirc and qchat got infected (though qchat can still be used - LAN)
     
  12. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Just to complicate matters a little, AVK 2005 - which does not have the extended data bases of KAV, but does use the KAV engine - also identifies mirc.exe as riskware:

    'virus was found in file "not-a-virus:RiskWare.mIRC.6.01 (KAV engine)"'

    Making mirc an exception sorts this out for the AVK monitor
     
  13. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    i tried scanning without the extended database and it doesnt show mirc.exe as a riskware....
    maybe avk2005 has other kav databases? (i am just guessing...totally new to antivirus)
     
  14. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Yes, AVK 2005 uses a combination of KAV/BitDefender engines with data bases to match, but not the extended data bases of KAV. That's why I made my post as it seemed people were saying the riskware identification came from the extended data bases of KAV, but I get the same identification from the KAV engine without the extended data bases. I am just muddying the water a little :D
     
  15. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Howard, may i ask how many signatures the Kav engine in AVK has. :)
     
  16. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I dont think there's a way to find that out....
     
  17. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Is there no way to see it in the program (can't remember myself, it's a couple months since i tried AVK2005).
     
  18. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I wish I could tell you, but I'm afraid I don't know and I suspect Firecat is right as there doesn't appear to be a way to find out. I did some rummaging about and AVK 2005 does have riskware.avc which Kaspersky lists [ http://www.kaspersky.co.uk/extraavupdates?chapter=146235718 ] as part of its extended database option, but not Adware.avc or Pornware.avc (AVK 2005 has obscene.avc but I wouldn't know if this is comparable with Pornware.avc)

    Not sure if this is information or me just making noise :D
     
  19. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Obscene.avc is an updated version of PornWare.avc

    I remember that in eScan the PornWare.avc was replaced by obscene.avc without any loss in detections.

    So AVK includes PornWare database too.

    Regards,
    Firecat
     
  20. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Ah, so that's why you detect mirc, you have at least part of the extendedbases present.

    Thank you for that bit of information/noise, Howard. ;) :D
     
  21. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    if i have riskware disabled will it still be able to find spyware and other malaware or i have to enable it to do soo_O
     
  22. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    If you want it to detect any of these:
    Then yes, you will have to enable it. :)
     
  23. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Ooh, this is good news about AVK 2005. If I have understood correctly, it includes 2/3 of the extended databases - Riskware.avc and Obscene.avc
     
  24. Patrician

    Patrician Guest

    Same with AVK 2004. mIRC is considered "risky ware".
     
Thread Status:
Not open for further replies.