Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tdsskiller shows heciserver.exe and ctaudsvc.exe as suspicious, unsigned


  • Please log in to reply
8 replies to this topic

#1 keyes528

keyes528

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 16 November 2014 - 11:55 AM

Hi, I ran a scan with tdsskiller. It found two threats. Heciserver.exe (intel ® capability licensing service interface.) And ctaudsvc.exe (ctaudsvcservice)

I have both an intel cpu and creative soundcard. The only heciserver and ctaudsvc executables that exist on my system are in the right directory.

Can I ignore this? I have ran another scan after rebooting, and it says no threats detected, however in the logs it says both files are


"Unsignedfile.multi.generic (1) detect skipped due to ksn trusted"

BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 16 November 2014 - 12:05 PM

Yes. Neither are threats, and can be ignored. 

 

KSN = Kaspersky Security Network


Posted Image

#3 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 16 November 2014 - 12:06 PM

Yes. Neither are threats, and can be ignored. 
 
KSN = Kaspersky Security Network

okay thanks. Is there a reason why sometimes the scan detects it as a threat and sometimes it decides it is trusted by ksn? Is it sometimes failing to contact the ksn network so it just tags it as suspicious?

#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 16 November 2014 - 12:10 PM

TDSSKiller isn't detecting the files as a threat. The files are being flagged as suspicious because they're unsigned, not because the programme thinks they're a threat. It is not uncommon for software producers to leave some of their files unsigned. 


Posted Image

#5 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 16 November 2014 - 12:15 PM

TDSSKiller isn't detecting the files as a threat. The files are being flagged as suspicious because they're unsigned, not because the programme thinks they're a threat. It is not uncommon for software producers to leave some of their files unsigned.

what I am saying is that if I run the scan, and when it comes to the part with heciserver or ctaudsvc, it stops, and either continues or flags it as suspicious.


How come sometimes it either ends with saying the files are suspicious, or it just continues and says its trusted by ksn in the log?

#6 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 16 November 2014 - 12:31 PM

It also now seems to detect ctaelicensing.exe. After running another scan, it then skipped detection and said it also was ksn trusted.

Edited by keyes528, 16 November 2014 - 12:31 PM.


#7 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 16 November 2014 - 12:41 PM

I'm not familiar with the inner workings of TDSSKiller, so cannot answer that question I'm afraid. 

 

But based on what you've said, you do not have anything to be concerned about. 

Flagging unsigned legitimate files as suspicious, or skipping due to the file being KSN trusted are both common occurrences. Why this may change from one to the other is a question better suited for the Kaspersky Support forum. 


Edited by LiquidTension, 16 November 2014 - 12:45 PM.

Posted Image

#8 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 16 November 2014 - 05:23 PM

I'm not familiar with the inner workings of TDSSKiller, so cannot answer that question I'm afraid. 
 
But based on what you've said, you do not have anything to be concerned about. 
Flagging unsigned legitimate files as suspicious, or skipping due to the file being KSN trusted are both common occurrences. Why this may change from one to the other is a question better suited for the Kaspersky Support forum.

well I guess it must be a bug as it does it on another machine with intel files. But to conclude, this is a safe result and nothing malicious?

#9 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 16 November 2014 - 09:43 PM

From what you've described, yes. 

 

If you'd like to attach your TDSSKiller logs (located at C:\), you're more than welcome. 

Please do not copy/paste as the logs are very logs. 


Edited by LiquidTension, 16 November 2014 - 09:44 PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users