Solve : Kaspersky Notifications?

1.	Solve : Kaspersky Notifications?
Answer» I just got Kaspersky Antivirus 2010 trial for 30 days and after a scan it says: (suspicious files) - x:/programs/bblean/BLACKBOX.exe 'PDM.Invader (loader)' - x:/programs/kerio/firewall/KPF4GUI.exe - x:/programs/mirc/mirc6.16/mirc.exe Should I get rid of these injection-prone apps (PDM.Invader (loader)) or are they false positives? I mean, I downloaded bblean from their original website (google for bblean) and Kaspersky says it's riskware.. I don't get it. Then also some others are marked as not-a-virus:xyz(loader).. Any ideas? Treval I know the answers to all of that as I use Kaspersky Internet Security 2010 myself, but not allowed to tell you here on this 'lol' of a so-called help forum because it's in the viruses and spyware section (and I'm not a specialist) I bet they will just get you running ComboFix for all your life problems instead! Here's a clue - 'PDM.Invader (loader)' is a behavioral detection from Proactive Defense. Kaspersky reporting riskware isn't a virus, but a possible security risk/hole. It's a potentially dangerous application, even if it's a legitimate one. Quote I know the answers to all of that as I use Kaspersky Internet Security 2010 myself, but not allowed to tell you here on this 'lol' of a so-called help forum because it's in the viruses and spyware section (and I'm not a specialist) You can post your suggestions in this forum. It's the other one that is off-limits. Just don't ask the OP to download and run tools for scanning.Well you know what, I will remove all riskware. Even if it's ware I used for years. I don't want to be exploitable. lol Or at least I want to minimalize that chance.Well in that case, previous versions of Java was also labeled riskware by Kaspersky, so was older versions of Microsoft Word, etc, even installer packages from the offical game DVD of Crysis, etc. Why? Because there is a known exploit/hole in them. Solution: Sometimes it's just a matter of getting the latest version of that software and updating it (if that issue has been patched in a newer version). If you want to be 100% safe and don't use that software, then remove the risk. It's just pointing it out for you. AppSight Black Boxes RECORD application execution at multiple, synchronized levels, based on a dynamic, user-defined recording profile. 'blackbox.exe' is able to record inputs, monitor applications. Therefore the technical security rating is 84% dangerous so it is reported by Kaspersky to check. Some malware camouflage themselves as 'blackbox.exe', particularly if they are located in c:\windows or c:\windows\system32 folder. You file 'KPF4GUI.exe' is a component is part of Kerio Personal Firewall. Since it's not part of Kaspersky, and is controling a major part of your network, it is pointed out. You don't want something affecting the net you didn't know about. Mirc a riskware due to the way it runs P2P and because it can be scripted to perform malicious activities. If it is a riskware or says "not-a-virus:...", then its alright and you dont need to send it to the lab... just upgrade it, remove it or add it to exclusions. Kaspersky is pretty heavy on the feature and if used correctly can really improve your overall security in all areas (prevention over risk) Quote Mirc a riskware due to the way it runs P2P and because it can be scripted to perform malicious activities. mIRC doesn't run P2P... it's IRC, which interfaces with a server. It does however include DCC and other relatively benign P2P features. Of course you need to accept a DCC send before you can transfer and run it, so it's a user risk really. And the scripts are more or less to help make it easier for the person using the client; not to users on the other END. Quote x:/programs/mirc/mirc6.16/mirc.exe This is "riskware" probably because it's an outdated version- current version is 6.35 (or was it 6.36?). This older version is quite old and has a number of known bugs... such as the ability for anybody to send a specific string to you and cause it to crash. (I'm sure there are other more major issues that actually let them take control of you in IRC or something) Quote I bet they will just get you running ComboFix for all your life problems instead! yes, your method of googling each of them and pasting the text from one of the hits is far more effective. Quote from: BC_Programmer on March 18, 2010, 12:03:08 AM yes, your method of googling each of them and pasting the text from one of the hits is far more effective. What do you guys have to say about these? Unwanted apps Probing access Treval Quote from: Treval on March 21, 2010, 02:12:54 AM Unwanted apps Looks more like "warnings"- did you put pskill there? did you install Daemon tools? If so you're fine. Quote from: Treval on March 21, 2010, 02:12:54 AM Probing access Don't really know what's going on here; I've never used bblean shell but I would imagine whatever it's doing is simply part of how it works. I don't think (I'm not 100% sure on this) that Protected password storage means it's TRYING to, say, hack your passwords or anything, it probably stores some sort of data there (such as it's own passwords) or something.Yeah, I use google, so what of it? I say something i know first, then check with google to ensure it's correct and sometimes use their definition because it's easier to understand than mine (my English isn't the best). Advance Google 'Black HACKERS' Edition, can find anything and everything, so why not use it? If other people have faced the same issues in the past and re-solved it in three steps, why re-troubleshoot it all over again wasting time. PsKill.exe - You don't even have to install a client on the target computer to use PsKill to terminate a remote process. It can be a hackers tool, for example disabling the person's anti-virus before an attack, etc. Kaspersky is very anti-hacker tool, but will just warn and ask you. Dameon Tools comes bundled with ad-ware in the installer, it's optional to install, but Kaspersky will noticify you about it. Probing access - Any application that trys to access passwords on your computer will alert Kaspersky first unless Trusted. This is like 'Microsoft MSN' access on startup, etc. It's basically snooping a protected area of the REGISTRY. Lots of application might do this, you need to either trust them or block.I had to download PSkill when I had my Operating Systems course in college. lol Thanks for the details.Pskill is quite helpful and good, but only if in the right hands. Got some power to it.

Answer»

I just got Kaspersky Antivirus 2010 trial for 30 days and after a scan it says:

(suspicious files)
- x:/programs/bblean/BLACKBOX.exe 'PDM.Invader (loader)'
- x:/programs/kerio/firewall/KPF4GUI.exe
- x:/programs/mirc/mirc6.16/mirc.exe

Should I get rid of these injection-prone apps (PDM.Invader (loader)) or are they false positives?
I mean, I downloaded bblean from their original website (google for bblean) and Kaspersky says it's riskware.. I don't get it.
Then also some others are marked as not-a-virus:xyz(loader)..

Any ideas?

Treval
I know the answers to all of that as I use Kaspersky Internet Security 2010 myself, but not allowed to tell you here on this 'lol' of a so-called help forum because it's in the viruses and spyware section (and I'm not a specialist)

I bet they will just get you running ComboFix for all your life problems instead!

Here's a clue - 'PDM.Invader (loader)' is a behavioral detection from Proactive Defense.

Kaspersky reporting riskware isn't a virus, but a possible security risk/hole. It's a potentially dangerous application, even if it's a legitimate one.

Quote

I know the answers to all of that as I use Kaspersky Internet Security 2010 myself, but not allowed to tell you here on this 'lol' of a so-called help forum because it's in the viruses and spyware section (and I'm not a specialist)

You can post your suggestions in this forum. It's the other one that is off-limits. Just don't ask the OP to download and run tools for scanning.Well you know what, I will remove all riskware.
Even if it's ware I used for years.
I don't want to be exploitable. lol
Or at least I want to minimalize that chance.Well in that case, previous versions of Java was also labeled riskware by Kaspersky, so was older versions of Microsoft Word, etc, even installer packages from the offical game DVD of Crysis, etc. Why? Because there is a known exploit/hole in them.

Solution: Sometimes it's just a matter of getting the latest version of that software and updating it (if that issue has been patched in a newer version). If you want to be 100% safe and don't use that software, then remove the risk. It's just pointing it out for you.

AppSight Black Boxes RECORD application execution at multiple, synchronized levels, based on a dynamic, user-defined recording profile. 'blackbox.exe' is able to record inputs, monitor applications. Therefore the technical security rating is 84% dangerous so it is reported by Kaspersky to check. Some malware camouflage themselves as 'blackbox.exe', particularly if they are located in c:\windows or c:\windows\system32 folder.

You file 'KPF4GUI.exe' is a component is part of Kerio Personal Firewall. Since it's not part of Kaspersky, and is controling a major part of your network, it is pointed out. You don't want something affecting the net you didn't know about.

Mirc a riskware due to the way it runs P2P and because it can be scripted to perform malicious activities.

If it is a riskware or says "not-a-virus:...", then its alright and you dont need to send it to the lab... just upgrade it, remove it or add it to exclusions.

Kaspersky is pretty heavy on the feature and if used correctly can really improve your overall security in all areas (prevention over risk)
Quote

Mirc a riskware due to the way it runs P2P and because it can be scripted to perform malicious activities.

mIRC doesn't run P2P... it's IRC, which interfaces with a server. It does however include DCC and other relatively benign P2P features. Of course you need to accept a DCC send before you can transfer and run it, so it's a user risk really. And the scripts are more or less to help make it easier for the person using the client; not to users on the other END.

Quote

x:/programs/mirc/mirc6.16/mirc.exe

This is "riskware" probably because it's an outdated version- current version is 6.35 (or was it 6.36?). This older version is quite old and has a number of known bugs... such as the ability for anybody to send a specific string to you and cause it to crash. (I'm sure there are other more major issues that actually let them take control of you in IRC or something)

Quote

I bet they will just get you running ComboFix for all your life problems instead!

yes, your method of googling each of them and pasting the text from one of the hits is far more effective.
Quote from: BC_Programmer on March 18, 2010, 12:03:08 AM

yes, your method of googling each of them and pasting the text from one of the hits is far more effective.

What do you guys have to say about these?

Unwanted apps

Probing access

Treval
Quote from: Treval on March 21, 2010, 02:12:54 AM

Unwanted apps

Looks more like "warnings"- did you put pskill there? did you install Daemon tools? If so you're fine.

Quote from: Treval on March 21, 2010, 02:12:54 AM

Probing access

Don't really know what's going on here; I've never used bblean shell but I would imagine whatever it's doing is simply part of how it works. I don't think (I'm not 100% sure on this) that Protected password storage means it's TRYING to, say, hack your passwords or anything, it probably stores some sort of data there (such as it's own passwords) or something.Yeah, I use google, so what of it? I say something i know first, then check with google to ensure it's correct and sometimes use their definition because it's easier to understand than mine (my English isn't the best). Advance Google 'Black HACKERS' Edition, can find anything and everything, so why not use it? If other people have faced the same issues in the past and re-solved it in three steps, why re-troubleshoot it all over again wasting time.

PsKill.exe - You don't even have to install a client on the target computer to use PsKill to terminate a remote process. It can be a hackers tool, for example disabling the person's anti-virus before an attack, etc. Kaspersky is very anti-hacker tool, but will just warn and ask you.

Dameon Tools comes bundled with ad-ware in the installer, it's optional to install, but Kaspersky will noticify you about it.

Probing access - Any application that trys to access passwords on your computer will alert Kaspersky first unless Trusted. This is like 'Microsoft MSN' access on startup, etc. It's basically snooping a protected area of the REGISTRY. Lots of application might do this, you need to either trust them or block.I had to download PSkill when I had my Operating Systems course in college. lol
Thanks for the details.Pskill is quite helpful and good, but only if in the right hands. Got some power to it.

Solve : Kaspersky Notifications?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment