Hi,
I finally decided to test KIS 8.
Security analyzer says security is at risk
The only report I've managed to find was located in "C:\ProgramData\Kaspersky Lab\AVP8\Data\AVZ\" and is attached hereto.
Thanks.
Hi,
I finally decided to test KIS 8.
Security analyzer says security is at risk
The only report I've managed to find was located in "C:\ProgramData\Kaspersky Lab\AVP8\Data\AVZ\" and is attached hereto.
Thanks.
Ah, I get it now. Your tool took Punto Switcher for a nasty one
Punto switcher is based on typical keyboard/mouse events , so it is normal for this " danger" sign in the log.
But it could be infected too
Execute the following script in AVPtool
(how: http://avptool.virusinfo.info/en/AVP...curescript.htm)
Upload quarantine ( it should be in avz sub -folder, remember to zip it with password virus )Код:begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\Windows\system32\DRIVERS\nwlnkflt.sys',''); QuarantineFile('C:\Windows\system32\DRIVERS\ipinip.sys',''); QuarantineFile('C:\Windows\system32\drivers\blbdrive.sys',''); QuarantineFile('C:\Windows\system32\DRIVERS\TVICHW32.SYS',''); QuarantineFile('F:\Temp\rrmon.sys',''); QuarantineFile('C:\Windows\System32\Drivers\mondrv.sys',''); QuarantineFile('D:\Programs\Spb Wallet\SpbWalletToolbar.dll',''); BC_ImportAll; BC_Activate; RebootWindows(true); end.
Send us using this page: http://virusinfo.info/upload_virus_eng.php?tid=17796.
Последний раз редактировалось drongo; 09.02.2008 в 17:27.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Wait.
I DO know what SpbWallet, rrmon are.
TVICHW32.SYS is from EnTech Taiwan. I always had it after installing all essential software. Must come with RivaTuner?
Instead of moving these to quarantine, can I just send them all to you?
Добавлено через 4 минуты
NwlnkFwdIPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
This one is absent. It's installed together with Vista but is unavailable. I thouight it was "normal" for Microsoft
Добавлено через 58 секунд
Same applies for this one:
IpInIpIP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
Последний раз редактировалось Dmitry_N; 09.02.2008 в 18:05. Причина: Добавлено
"quarantine" in avz script language is copy only
Nothing will be removed or deleted.
Последний раз редактировалось drongo; 09.02.2008 в 18:19.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
blbdrive is Miscosoft's.
Добавлено через 10 минут
OK, here is the report. For some reason, NOT all the files have been included... Why?
Последний раз редактировалось Dmitry_N; 09.02.2008 в 18:20. Причина: Добавлено
See attachment.
Последний раз редактировалось drongo; 09.02.2008 в 18:34.
I will not I did told you how to send us requested files.Read again my post number 3.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Uploaded again.
F:\Temp\rrmon.sys- wasn't in archive. F- is your usb-flash ?
About files that you did send us, i think they are clean. You can wait an answer from virlab. I'll let you know about their answer.
Последний раз редактировалось drongo; 09.02.2008 в 23:47.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
As I said earlier: "OK, here is the report. For some reason, NOT all the files have been included... Why?"
"F:" is a partition on my hard drive. I have F:\Temp set as the system Temp folder.
By the way, please make sure the devs fix this lame one: http://forum.kaspersky.com/index.php...dpost&p=548885
Добавлено через 5 минут
With regard to rrmon.sys: http://forum.oszone.net/printthread-98494.html
It's the driver installed by Registrar Registry Manager (former Resplendent Registrar).
Последний раз редактировалось Dmitry_N; 09.02.2008 в 23:59. Причина: Добавлено
I think , maby because different system rights permissions. Did you make something special to disk F ? Maby some encryption ?
I will ask take a look this post to the creator of avz, avptool .
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
I did receive an answer from one of the kis developers,
He is aware of this bug " Security analyzer says security is at risk" even when in the system hasn't any security risk at all, thank you for your concern. The all sub-system of the Security analyzer will be rebuild in the future. Still, you must understand, it is a pre-beta
P.s. about files that did you send us, they are clean according to viruslab too
Последний раз редактировалось drongo; 11.02.2008 в 12:38.
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D