IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> daod.exe Riskware, KIS 09 has quarantined a process found in C:\Windows
BINNYCAN
post 14.09.2010 20:22
Post #1


Newbie
*

Group: Members
Posts: 6
Joined: 14.09.2010




Hello,

I am using KIS 2009. Noticed an item in quarantine today found on 08/11/2010. Listed in qaurantine as follows:
riskware Trojan.generic: type=running process, path= D:\BIN\ Name=DAOD.EXE

When I open containing folder it shows located in C:\\Windows. Has anyone else heard of this riskware DAOD.EXE? I am not able to find any information on it. The application is 14kb in size.

Would appreciate input on how to remove it safely. As stated, it is currently in quarantine, but I would rather get it off my machine asap.

Also, why would KIS place it in quarantine vs. deleting it automatically?

Thanks
Go to the top of the page
 
+Quote Post
dh27564
post 14.09.2010 20:25
Post #2


Posting guru
*************

Group: Members
Posts: 4711
Joined: 6.06.2009
From: KCLE




Right-click the entry and you can send it to the lab for analysis.

It can't harm your PC in quarantine and will be rescanned as updates are received (to check for false positives). In any event, Kaspersky will delete it automatically from Quarantine in 30 days.

If you feel you must delete it, right-click and choose Delete.


--------------------
D. Henderson
Cleveland, Ohio USA
Go to the top of the page
 
+Quote Post
Akash Jain
post 14.09.2010 20:28
Post #3


Advanced Member I
***

Group: Members
Posts: 107
Joined: 12.11.2008
From: India




DAOD.EXE is highly suspected to contain malware.KIS 2009 is old build thats why it suspected the file instead of deleting it. You should use the latest build of KIS 2011.

Delete the browser cache, update antivirus definitions and run a full system scan.

I highly recommend you to use KIS 2011.

This post has been edited by Akash Jain: 14.09.2010 20:30
Go to the top of the page
 
+Quote Post
BINNYCAN
post 14.09.2010 21:02
Post #4


Newbie
*

Group: Members
Posts: 6
Joined: 14.09.2010




Thanks for feedback. I'm using Windows XP. I've tried KIS 2010 before, and had problems with very slow boot up. That's why I reverted back to 09.

Any known issues with XP running KIS 2011? Can I install KIS 2011 right over top of 2009 or do you recommend uninstall and reboot first?
Go to the top of the page
 
+Quote Post
Akash Jain
post 14.09.2010 21:15
Post #5


Advanced Member I
***

Group: Members
Posts: 107
Joined: 12.11.2008
From: India




See the guide http://forum.kaspersky.com/index.php?showtopic=67812 . Note that the latest builds solves many known bugs in earlier builds of 2010 & 2009 series. SO you should upgrade.
Go to the top of the page
 
+Quote Post
Swemole
post 19.11.2010 17:27
Post #6


Newbie
*

Group: Members
Posts: 1
Joined: 19.11.2010




QUOTE(BINNYCAN @ 14.09.2010 17:22) *
When I open containing folder it shows located in C:\\Windows. Has anyone else heard of this riskware DAOD.EXE? I am not able to find any information on it. The application is 14kb in size.


Short answer:

I have a DAOD.EXE on my computer. It might not be the same one that you encountered since mine is 49152 bytes in size. But just like yours it is placed in C:\Windows\.

I am fairly sure my version of the file is part of the AMD OverDrive system, which is for overclocking computer motherboards that has AMD chipsets. But I still don't like it since it installed itself without asking me.

Long answer:

Today when I booted my computer my firewall said "DAOD.EXE wants to run, allow it?". (The firewall I use also keeps track of all executable files on my computer and when a new program wants to run it asks me for permission.)

I investigated the file and here's what I found out:
* My firewall has access to an online database over known executables, which lists whether a program is considered safe, unsafe or unknown. In this case it had been seen all over the world but the firewall company had not yet investigated it, so it was listed as "unknown".
* I updated to the latest version of my anti-virus software and rescanned the file, I got no alarm. (Which of course doesn't mean the file is okay, just that it is unknown.)
* My version of DAOD.EXE has the MD5 checksum 7FC46514B7EEBB1BDB30C2ECF245A5D6.
* When right-clicking the file and checking its properties it has no manufacturer name and no product description etc.
* The only thing I did yesterday was installing a new computer. So I checked that computer and it also had the DAOD.EXE file.
* I have not yet connected the new computer to the Internet, nor to my local network. So I checked the install DVDs for that computer. I found the DAOD.EXE file on the DVD with drivers and software for the ASUS M4A88T-M motherboard. On that DVD it is in the directory with files for AMD OverDrive (AOD).
* Yesterday I inserted that DVD into my old computer, and started the install menu of that DVD. (I have set my computer to not autostart DVDs, so I have to manually start the install menus on install disks.) The fishy part is that I then never clicked on anything in that menu, that is I never willingly installed anything from that driver DVD onto my old computer. In spite of that the DAOD.EXE got installed on my computer and now it sometimes wants to run when I boot my computer. And that's on a computer which might not even have the right chipset for it to work.

So, if you are overclocking a computer with AMD chipset you might need DAOD.EXE, in all other cases I think you should remove it.

.../Greetings from freezing Gothenburg, Sweden.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 21.12.2014 21:56