Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky false positives or infections?


  • Please log in to reply
3 replies to this topic

#1 Kefka

Kefka

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 18 November 2008 - 02:23 AM

A couple of weeks ago, one of my thumb drives was infected by the Taquito worm on another PC - I plugged the drive into my home PC before I realised what had happened, and AVG popped up shortly after to tell me about it. Following various advice, I ran a few things including ComboFix and Flash Disinfector... After some fiddling, my HijackThis and RSIT logs seemed to be pretty clean, and an AVG scan turned up fine.

I thought I was clear and left it at that, but after helping a relative with their own virus problem, I decided to run the Kaspersky online scan on my own PC just to be sure... 5 and a half hours later (Half Life 2 really seems to slow it down - must be the large archive files...), it found 4 threats in 5 objects.

Here are the details of them - apologies for the formatting:
Tuesday, November 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 17, 2008 22:51:02
Records in database: 1390362
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

File name Threat name Threats count
C:\Documents and Settings\Kefka\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-48778c41 Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\Kefka\Desktop\Installs\RSIT.exe Infected: Trojan.Win32.Autoit.gs 1
C:\Documents and Settings\Kefka\Local Settings\Application Data\Identities\{79EE2B79-3D38-4E6F-B891-9AD7FF234311}\Microsoft\Outlook Express\Deleted Items.dbx Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1


Now that I look at it, most of those don't look too serious... Heck, most of them are what I would consider false positives / legitimate instances...
I have ComboFix, RSIT, Flash Disinfector, HijackThis and ATF-Cleaner available from my previous fix attempt... Should probably grab mbam, but will wait until advised by someone here to do anything else.

Computer is running XP SP2, and not showing any obvious signs of virus activity - everything is running as normal.
Anyhow, advice on how to proceed with the things that Kaspersky found would be much appreciated :thumbsup:

Thanks,
Kefka

BC AdBot (Login to Remove)

 


#2 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 19 November 2008 - 03:15 AM

Hi Kefka,

Running MalwareBytes would be a good idea, and it would also be good to download and install Spybot S&D if you don't have it. Update them both and run them and have them fix anything they find. Then be sure to use the Immunize feature of Spybot. Do not allow it to install TeaTimer and if it does, be sure it is disabled when you run any scans, as it will prevent changes.

For insructions for which settings to use for MalwareBytes, please see post two of this thread: http://www.bleepingcomputer.com/forums/t/180567/win32trojanagent-help-please/

Zllio

#3 Kefka

Kefka
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 21 November 2008 - 07:46 AM

I'm sure I set this thread to email notification... I thought nobody had replied!

Anyhow. Scans with Mbam and Spybot came up clean, bar two tracking cookies.
Have immunised.

Thanks! :thumbsup:

#4 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 22 November 2008 - 08:53 AM

Hi Kefka,

You're welcome. I recommend now going on and doing some online scans to see more closely what it was that Kaspersky found. Please do these scans:

Bit Defender <-- use Internet Explorer

Trend Micro HouseCall click on "Click here for free scan"

Panda Active Scan 2.0

After you finish those, please do the following:

Then install and run McAfee Avert Stinger

Any information you get from these scans, please post it back here.
Thanks.

Zllio

Edited by Zllio, 22 November 2008 - 08:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users