Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gen:Variant.Kazy.733500


  • Please log in to reply
5 replies to this topic

#1 DomaxDK

DomaxDK

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 September 2015 - 04:51 PM

Hi There

 

My F-Secure Antivirus found this virus "Gen:Variant.Kazy.733500" in

C:\Users\myuser\AppData\Local\Temp\2\2jez29kg.dll and nothing more. (it happend shortly after I updated flash player.)

 

It poped up on another PC a few hours later also in temp but with another dll name, but here I dident update flashplayer.

 

I suspect Iam infected, but I see no activity and have tried scans with

Bitdefender

eset

trendmicro

kaspersky

malwarebytes

 

Its driving me crazy that I only have this lead, I cannot even find any information on kazy.733500

 

What should I do?

 

Regards Martin



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:34 AM

Posted 24 September 2015 - 06:19 PM

That is a generic name for a rogue/ fake security program System Tool...it is likely a false positive simply because of the programs you

have scanned with and only F-Secure thinks it is malware related.

 

Did you see a notice/ popup telling you to update Flash or did you go to the Adobe site to get the update? If it was a popup then there could be malware involved.

 

Did F-Secure quarantine or delete the file?


Edited by buddy215, 24 September 2015 - 06:26 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 DomaxDK

DomaxDK
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 25 September 2015 - 01:20 AM

Hi Buddy215

 

Thanks for your time.

No adobe flash was a planed update that was pushed out to the PC, but the package were delivered by an external company, the DLL was quarantined and I upload it to virus total were bitdefender engines saw it as Kazy.733500

The others were clean.

 

I have also thought on false positive, but the random name 2jez29kg.dll seems suspect? or do normal programs also use ramdom names?

 

Regards Martin



#4 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:34 AM

Posted 25 September 2015 - 06:25 AM

9/21/2015 – Updated debugger and standalone versions of Flash player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 15-23. The latest versions are 19.0.0.185 (Win and Mac) or the extended support version 18.0.0.241  Seems whoever or whatever uploaded the update was more than a month late. Not good.

 

Do you have a program that scans for updates or is this a business computer that relies on a management company for maintenance?

 

Is the other computer using F-Secure? Does it have the latest Flash installed? You can check at Flash Player Help.

Are both computers using the same router...either wired or wifi? 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 DomaxDK

DomaxDK
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 25 September 2015 - 05:36 PM

What do you mean by "Seems whoever or whatever uploaded the update was more than a month late"

 

Both computers are using f-secure and flash were only updated on the first PC, and the other PC were not used that day.

They are on the same wired network.

 

I found this on f-secure site, but f-secure database was updated...but it gives some hope its false alarm.

Latest False Positive Notices
  • Gen:variant.kazy.728313 (Updated 21 September 2015): This detection was unintentionally triggered by randomly named DLL files saved to the temp folder. This issue was resolved with the 2015-09-14_04 database update released at 1636hrs UTC on 14th September 2015.


#6 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:34 AM

Posted 25 September 2015 - 07:36 PM

Hey, I was still on my first cup of coffee when I wrote that. I must of been thinking this is October or August was the 9th month. Have a good laugh on me... :bubbles:

 

Yep, it was a false positive. Looks like they have some more 'resolving' to do. :whistle:


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users