False positive in KAV2

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

False positive in KAV2

Postby Nev » Dec 29 05 10:29 am

Hi all,

'Season's greetings' to all!

Just did some local scanning and derived a range of 'infected' hits on my own server ;-((

Now the files are all KAV msi's dating back years in:

Infected |not-a-virus:NetTool.Win32.PsKill |C:\WINNT\Installer\227640.msi
Infected |not-a-virus:NetTool.Win32.PsKill |C:\WINNT\Installer\4d0ad.msi
Infected |not-a-virus:NetTool.Win32.PsKill |C:\WINNT\Installer\67fb4.msi

&

Infected |not-a-virus:NetTool.Win32.PsKill |C:\Program Files\Common Files\Wise Installation Wizard\WIS077607BC3693481A930FC0A3265571FB_1_0_0.MSI
Infected |not-a-virus:NetTool.Win32.PsKill |C:\Program Files\Common Files\Wise Installation Wizard\WISF27D61AE1A6A41EAB9CA14F95FD4AECB_2_0.MSI

Which must be false positives as:

Infected |not-a-virus:NetTool.Win32.PsKill |S:\Utils\TOOLS\AA-Qbik.com\KAV2.msi


Now the installer has this text which I presume 'triggers' the response:

-----------------------------------------------------------------------------------------

Password: PsKill requires Windows NT or Windows 2000.

http://www.sysinternals.com

Copyright (C) 2000 Mark Russinovich

PsKill v1.03 - local and remote process killer

-----------------------------------------------------------------------------------------

"Am I right or am I right?"
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Postby Pascal » Jan 05 06 1:11 pm

Yup, sounds about right. I get a similar result when scanning my local system. Since KAV2 we've moved to including the extended databases as well, which identifies a variety of additional "threats", including spyware and malware.

These are all based on the signatures within the databases, so the KAV engine will pick them up and report them. If you are not interested in them you can change the list of update servers as per the KAV homepage (Kasperksy.com) to only use the standard database.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby Nev » Jan 05 06 10:03 pm

Hi Pascal,

Better to be sure that sorry, a great result in perimeter security!
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 15 guests

cron