Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Found Problem In Svkp.sys


  • Please log in to reply
5 replies to this topic

#1 sharkygb

sharkygb

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 04 December 2007 - 01:10 PM

The other day my AVG found a virus named potentially harmful program RemoteAdmin.AVE in my WINNT\system32\SVKP.sys. I did like normal and removed it from my vault. Every day after turning on the computer and running AVG it finds this same virus. I looked into your forums and found where one other was told to check to see if it is a false reading or not. So I used the virusscan.jotti.org site. After running there scan in the WINNT\system32\SVKP.sys file, the following was found. Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) AVG Antivirus Found RemoteAdmin.AVE What do I need to do now to remove this problem?
Thanks sharkygb :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 PM

Posted 04 December 2007 - 03:29 PM

Can you post the full results of jotti's virus scan?

The presence of SVKP.SYS does not necessarily mean that this trojan is installed. SVKP.SYS is part of SVK Protector, which this trojan is packed with. SVK Protector is used in innocent programs as well.

vil.nai.com

SVK Protector is used for system protection/anti-piracy capabilities and installs the SVKP.SYS driver on your computer. If you have not installed SVK Protector and cannot account for this file, then I would suspect it may be malware related, especially since SVKP.sys can be a Trojan/Rootkit componet of a Hacker Defender variant.

If you have installed SVK Protector then its probably a "False Positive". Certain embedded files that are part of legitimate programs may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

rdsok, Moderator at the AVG forum has instructions for suspected FP's.

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive , turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.

forum.grisoft
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 sharkygb

sharkygb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 04 December 2007 - 04:03 PM

This is what virusscan.jotti showed:
File: SVKP.sys
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: f05028b163b92c302a74409d683ac9b0
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 04 Dec 2007 20:57:49 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found RemoteAdmin.AVE
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 PM

Posted 04 December 2007 - 05:21 PM

AVG is the only vendor detecting this file as malware. Follow their instructions and submit the file.

Are you using or have you ever used SVK Protector?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 sharkygb

sharkygb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 December 2007 - 11:27 AM

Not really sure if I am or not. When AVG flashed it, that is the first time I have heard of it.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 PM

Posted 06 December 2007 - 02:38 PM

Check in Add/Remove Programs or for a folder in C:\Program Files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users