Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Flag? Kaspersky HEUR:Exploit.Script.Generic


  • Please log in to reply
5 replies to this topic

#1 sadicus

sadicus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 20 May 2014 - 10:38 AM

Greetings,

 

Win 7 x64

 

Please help me determine if Kaspesky is sowing a "False Flag" in order for me to buy their AV.
Here are the steps taken so far. (Scans are run while internet is disconnected.)

Kaspersky Security Scan
kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203_dot_exe

1st Quick scan = No malware detected

1) Full scan = 3 infected files

  1. HEUR:Exploit.Script.Generic
    74df5d81-76a33bbf  
    C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1
  2. HEUR:Exploit.Script.Generic
    2a94c7a8-7b3ab632  
    C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40
  3. HEUR:Exploit.Java.CVE-2013-0431.gen
    5b252d7c-3c28eb13  
    C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60

Folder options: Show hidden and system files = ON
Manualy Searching the (above) file locations, none of the supposed infected files are showing or can be found on the hard drive.

Cleared Java cache

2) 2nd Quick scan = No malware detected

 

 













 

Attached Files


Edited by hamluis, 20 May 2014 - 03:38 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:24 PM

Posted 20 May 2014 - 11:05 AM

Did you initiate the scan?

 

Kaspersky has not been known to try to scam potential clients, so I don't believe this is what is happening here.

 

If you did initiate the scan, what prompted you to use it?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 sadicus

sadicus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 20 May 2014 - 11:13 AM

Several weeks ago I went to the Kaspersky site, downloaded their free AV scan, and initiated the "Quick Scan"

 "Kaspersky has not been known to try to scam potential clients," I agree, but I'm not understanding why one scan shows a threat, the other does not, and searching the HD also does not show the infected files. Now I don't know if there are infected files or not.



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:24 PM

Posted 20 May 2014 - 11:36 AM

Let's see if we can find any malware or other infections.

Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

 
 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:24 PM

Posted 20 May 2014 - 11:36 AM

This is indeed a threat, though it has more to do with a vulnerability in an old version of Java rather than anything "too" serious. It is not something that should be too hard to fix. The reason Kaspersky only identified the threat once is because that time you ran a Full Scan, whereas the other two times you only ran a Quick Scan. As this is not a serious threat (and due to various other factors), Kaspersky only shows these when you run a Full Scan.

 

First of all, lets update your Java to the latest version:

 

To update Java
 
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  •  
    ==========
     
    Now, lets run a scan with Malwarebytes Anti-Malware, just to be sure there are no infections.
     

    PMYCj.gif Please download Malwarebytes Anti-Malware from Malwarebytes.org.
    Alternate link: Download Mirror
     
    (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
     
    Double Click mbam-setup.exe to install the application.
     
    (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
     
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
  • If Malwarebytes fails to download please use the following link:
     


    #6 sadicus

    sadicus
    • Topic Starter

    • Members
    • 3 posts
    • OFFLINE
    •  
    • Local time:05:24 PM

    Posted 20 May 2014 - 11:46 AM

    ...ok, thanks for the info. Since there is alot of downtime, I will do this tonight and post results tomorrow.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users