Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Hunter Finds Kaspersky's Installation Of Trojan On My Computer


  • Please log in to reply
5 replies to this topic

#1 dellhell

dellhell

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 16 January 2008 - 10:57 PM

Yesterday, I installed the trial version of TrojanHunter and ran it. It found my trial version of Kaspersky Internet Security 7 and WinRAR and HP printer softwares had installed trojans on my computer. It can either delete immediately or delete at reboot the trojans from WinRAR and HP, but it cannot do either to the trojans from Kaspersky. I remove the Trojan Hunter today and re-download, re-install a fresh copy. But I cannot find that Kaspersky trojan anymore, though TrojanHunter couldn't do any harm to it yesterday.

Are the commercial security software vendors installing trojans for their convenience on customers computer?

The Trojan Hunter log file of yesterday is as below---

TrojanHunter Scan Report - Saved 2008-01-15 22:15

Found trojan file: C:\Compression and Decompression\WinRAR\Default.SFX (Generic.RarDrop.B)
Found trojan file: C:\Compression and Decompression\WinRAR\Zip.SFX (Generic.RarDrop.B)
Found trojan file: C:\Compression and Decompression\wrar351.exe/Default.SFX (Generic.RarDrop.B)
Found trojan file: C:\Compression and Decompression\wrar351.exe/Zip.SFX (Generic.RarDrop.B)
Found trojan file: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000221.bak (Generic.RarDrop.B)
Found trojan file: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000223.bak (Generic.RarDrop.B)
Found trojan file: C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpocpd01.exe (TrojanClicker.Small.223)
Error: Error while pre-processing C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21F.tmp\mscorlib.dll: Access violation at address 004DA45F in module 'TrojanHunter.exe'. Read of address 0689600C
Error: Error while pre-processing C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21F.tmp\mscorlib.dll: Access violation at address 004DA45F in module 'TrojanHunter.exe'. Read of address 0689600C
Quarantined file C:\Compression and Decompression\WinRAR\Default.SFX
Quarantined file C:\Compression and Decompression\WinRAR\Zip.SFX
Quarantined file C:\Compression and Decompression\wrar351.exe
Unable to quarantine file C:\Compression and Decompression\wrar351.exe: Scheduling file to be quarantined when computer is restarted
Unable to quarantine file C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000221.bak: Scheduling file to be quarantined when computer is restarted
Failed to add quarantine-on-reboot entry for C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000221.bak
Unable to quarantine file C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000223.bak: Scheduling file to be quarantined when computer is restarted
Failed to add quarantine-on-reboot entry for C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\f94.8AF5C3DA01C857F1.history\00000223.bak
Quarantined file C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpocpd01.exe


Dellhell

BC AdBot (Login to Remove)

 


m

#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:02:43 AM

Posted 17 January 2008 - 03:28 AM

Those files are backups made by Kaspersky (goodness knows why any program makes a backup of a virus). Check your virus chest or whatever in Kaspersky to see if you can delete it.

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:43 AM

Posted 17 January 2008 - 08:01 AM

Those files are backups made by Kaspersky (goodness knows why any program makes a backup of a virus).

:thumbsup: i think its because it may a critical part of a system so you'd be able to restore it. But if that had happened, i'd uninstall that program anyway or find some sort of replacement.
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#4 Teenage.Zombiee

Teenage.Zombiee

  • Members
  • 831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Sydney, Australia.
  • Local time:01:43 AM

Posted 19 January 2008 - 12:10 AM

Spybot does this too. So do a few other programs.

Annabackwards is correct by the way :thumbsup:

Teenage.Zombiee is back ! :halloween:


#5 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:43 AM

Posted 19 January 2008 - 02:04 AM

Of course, there are some programs which should make back ups, for example, HijackThis :flowers:

PS thanks for backing me up, Teenage.Zombiee :thumbsup:

Edited by annabackwards, 19 January 2008 - 02:04 AM.

Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#6 dellhell

dellhell
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 23 January 2008 - 02:33 PM

Thank you for your reply. Appreciate.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users