Hi,
I finally decided to test KIS 8.
Security analyzer says security is at risk :)
The only report I've managed to find was located in "C:\ProgramData\Kaspersky Lab\AVP8\Data\AVZ\" and is attached hereto.
Thanks.
Printable View
Hi,
I finally decided to test KIS 8.
Security analyzer says security is at risk :)
The only report I've managed to find was located in "C:\ProgramData\Kaspersky Lab\AVP8\Data\AVZ\" and is attached hereto.
Thanks.
Ah, I get it now. Your tool took Punto Switcher for a nasty one :)
Punto switcher is based on typical keyboard/mouse events , so it is normal for this " danger" sign in the log.
But it could be infected too ;)
Execute the following script in AVPtool
(how: [url]http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm[/url])
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\system32\DRIVERS\nwlnkflt.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\ipinip.sys','');
QuarantineFile('C:\Windows\system32\drivers\blbdrive.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\TVICHW32.SYS','');
QuarantineFile('F:\Temp\rrmon.sys','');
QuarantineFile('C:\Windows\System32\Drivers\mondrv.sys','');
QuarantineFile('D:\Programs\Spb Wallet\SpbWalletToolbar.dll','');
BC_ImportAll;
BC_Activate;
RebootWindows(true);
end.
[/code]
Upload quarantine ( it should be in avz sub -folder, remember to zip it with password [b]virus[/b] )
Send us using this page: [url]http://virusinfo.info/upload_virus_eng.php?tid=17796[/url].
Wait.
I DO know what SpbWallet, rrmon are.
TVICHW32.SYS is from EnTech Taiwan. I always had it after installing all essential software. Must come with RivaTuner?
Instead of moving these to quarantine, can I just send them all to you?
[size="1"][color="#666686"][B][I]Добавлено через 4 минуты[/I][/B][/color][/size]
NwlnkFwdIPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
This one is absent. It's installed together with Vista but is unavailable. I thouight it was "normal" for Microsoft :)
[size="1"][color="#666686"][B][I]Добавлено через 58 секунд[/I][/B][/color][/size]
Same applies for this one:
IpInIpIP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
"quarantine" in avz script language is [b]copy [/b] only ;)
Nothing will be removed or deleted.
blbdrive is Miscosoft's.
[size="1"][color="#666686"][B][I]Добавлено через 10 минут[/I][/B][/color][/size]
OK, here is the report. For some reason, NOT all the files have been included... Why?
See attachment.
I will not :) I did told you how to send us requested files.Read again my post number 3.
Uploaded again.
F:\Temp\rrmon.sys- wasn't in archive. F- is your usb-flash ?
About files that you did send us, i think they are clean. You can wait an answer from virlab. I'll let you know about their answer.
As I said earlier: "OK, here is the report. For some reason, NOT all the files have been included... Why?"
"F:" is a partition on my hard drive. I have F:\Temp set as the system Temp folder.
By the way, please make sure the devs fix this lame one: [url]http://forum.kaspersky.com/index.php?showtopic=60132&view=findpost&p=548885[/url]
[size="1"][color="#666686"][B][I]Добавлено через 5 минут[/I][/B][/color][/size]
With regard to rrmon.sys: [url]http://forum.oszone.net/printthread-98494.html[/url] :)
It's the driver installed by Registrar Registry Manager (former Resplendent Registrar).
I think , maby because different system rights permissions. Did you make something special to disk F ? Maby some encryption ?
I will ask take a look this post to the creator of avz, avptool .
I did receive an answer from one of the kis developers,
He is aware of this bug " Security analyzer says security is at risk" even when in the system hasn't any security risk at all, thank you for your concern. The all sub-system of the Security analyzer will be rebuild in the future. Still, you must understand, it is a pre-beta ;)
P.s. about files that did you send us, they are clean according to viruslab too ;)