False positive in KAV2

[Nev]

Hi all,

'Season's greetings' to all!

Just did some local scanning and derived a range of 'infected' hits on my own server ;-((

Now the files are all KAV msi's dating back years in:

Infected |not-a-virus:NetTool.Win32.PsKill |C:\WINNT\Installer\227640.msi
Infected |not-a-virus:NetTool.Win32.PsKill |C:\WINNT\Installer\4d0ad.msi
Infected |not-a-virus:NetTool.Win32.PsKill |C:\WINNT\Installer\67fb4.msi

&

Infected |not-a-virus:NetTool.Win32.PsKill |C:\Program Files\Common Files\Wise Installation Wizard\WIS077607BC3693481A930FC0A3265571FB_1_0_0.MSI
Infected |not-a-virus:NetTool.Win32.PsKill |C:\Program Files\Common Files\Wise Installation Wizard\WISF27D61AE1A6A41EAB9CA14F95FD4AECB_2_0.MSI

Which must be false positives as:

Infected |not-a-virus:NetTool.Win32.PsKill |S:\Utils\TOOLS\AA-Qbik.com\KAV2.msi


Now the installer has this text which I presume 'triggers' the response:

-----------------------------------------------------------------------------------------

Password: PsKill requires Windows NT or Windows 2000.

http://www.sysinternals.com

Copyright (C) 2000 Mark Russinovich

PsKill v1.03 - local and remote process killer

-----------------------------------------------------------------------------------------

"Am I right or am I right?"

[Pascal]

Yup, sounds about right. I get a similar result when scanning my local system. Since KAV2 we've moved to including the extended databases as well, which identifies a variety of additional "threats", including spyware and malware.

These are all based on the signatures within the databases, so the KAV engine will pick them up and report them. If you are not interested in them you can change the list of update servers as per the KAV homepage (Kasperksy.com) to only use the standard database.

[Nev]

Hi Pascal,

Better to be sure that sorry, a great result in perimeter security!