Trojan Hunter Finds Kaspersky's Installation Of Trojan On My Computer

Yesterday, I installed the trial version of TrojanHunter and ran it. It found my trial version of Kaspersky Internet Security 7 and WinRAR and HP printer softwares had installed trojans on my computer. It can either delete immediately or delete at reboot the trojans from WinRAR and HP, but it cannot do either to the trojans from Kaspersky. I remove the Trojan Hunter today and re-download, re-install a fresh copy. But I cannot find that Kaspersky trojan anymore, though TrojanHunter couldn't do any harm to it yesterday.

Are the commercial security software vendors installing trojans for their convenience on customers computer?

The Trojan Hunter log file of yesterday is as below---

TrojanHunter Scan Report - Saved 2008-01-15 22:15

Found trojan file: C:\Compression and Decompression\WinRAR\Default.SFX (Generic.RarDrop.B)
Found trojan file: C:\Compression and Decompression\WinRAR\Zip.SFX (Generic.RarDrop.B)
Found trojan file: C:\Compression and Decompression\wrar351.exe/Default.SFX (Generic.RarDrop.B)
Found trojan file: C:\Compression and Decompression\wrar351.exe/Zip.SFX (Generic.RarDrop.B)
Found trojan file: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000221.bak (Generic.RarDrop.B)
Found trojan file: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000223.bak (Generic.RarDrop.B)
Found trojan file: C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpocpd01.exe (TrojanClicker.Small.223)
Error: Error while pre-processing C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21F.tmp\mscorlib.dll: Access violation at address 004DA45F in module 'TrojanHunter.exe'. Read of address 0689600C
Error: Error while pre-processing C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21F.tmp\mscorlib.dll: Access violation at address 004DA45F in module 'TrojanHunter.exe'. Read of address 0689600C
Quarantined file C:\Compression and Decompression\WinRAR\Default.SFX
Quarantined file C:\Compression and Decompression\WinRAR\Zip.SFX
Quarantined file C:\Compression and Decompression\wrar351.exe
Unable to quarantine file C:\Compression and Decompression\wrar351.exe: Scheduling file to be quarantined when computer is restarted
Unable to quarantine file C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000221.bak: Scheduling file to be quarantined when computer is restarted
Failed to add quarantine-on-reboot entry for C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000221.bak
Unable to quarantine file C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000223.bak: Scheduling file to be quarantined when computer is restarted
Failed to add quarantine-on-reboot entry for C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000223.bak
Quarantined file C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpocpd01.exe


Dellhell

 

Hi,

Did you update your Trojan Hunter before you let it do a scan?

Here is the FAQ for updating:
http://www.misec.net/forum/board/FAQ/1142067076

If I remember me well, the FP on WinRAR was fixed in the beginning of October 2007:
http://www.misec.net/forum/board/TrojanHunter/1191206814

 

Did you unquarantine the files below? They are false positives.

Quarantined file C:\Compression and Decompression\WinRAR\Default.SFX
Quarantined file C:\Compression and Decompression\WinRAR\Zip.SFX
Quarantined file C:\Compression and Decompression\wrar351.exe
Quarantined file C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpocpd01.exe

FanJ is correct. You need to manually update the rulesets for the Trial Version.

 

Thank you for your reply. Appreciate.

I ran TrojanHunter right after I installed it for the first time. And I have deleted all the positives ):

I will check to see if I can update it. Thank you again.

dellhell