IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Regedit.exe infection, All my Regedit.exe got infected
Aitam
post 30.06.2007 00:02
Post #1


Newbie
*

Group: Members
Posts: 8
Joined: 29.06.2007




That would be a lesson to me, never to shut down Kaspersky!
I have no idea how, but all Regedit.exe on my computer got infected with Trojan.Win32.Pakes.x3 , that is, on following locations:

C:\WINDOWS
C:\WINDOWS\system32\dllcache
D:\XP_SP2\I386

The last being a copy of windows I keep if it ever wants to install some extra drivers of something...

I don't know what this trojan do, but it did make my regedit.exe grow from 134,144 bytes to 146,432 bytes.
Go to the top of the page
 
+Quote Post
Lucian Bara
post 30.06.2007 00:04
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
it's a false alarm, don't worry, the 146,432 bytes regedit is clean and has a md5 hash of 783AFC80383C176B22DBF8333343992D for the english version

The false alarm will be rectified in the next updates.

This post has been edited by Lucian Bara: 30.06.2007 00:05
Go to the top of the page
 
+Quote Post
Aitam
post 30.06.2007 00:17
Post #3


Newbie
*

Group: Members
Posts: 8
Joined: 29.06.2007




That is odd... Why then on my non-SP2 CD it is smaller? Was it updated?
Anycase, good thing the larger version is still on Kaspersky's Backup...

QUOTE(Lucian Bara @ 29.06.2007 22:04)
hello
it's a false alarm, don't worry, the 146,432 bytes regedit is clean and has a md5 hash of 783AFC80383C176B22DBF8333343992D for the english version

The false alarm will be rectified in the next updates.
[right][snapback]385234[/snapback][/right]

Go to the top of the page
 
+Quote Post
Lucian Bara
post 30.06.2007 00:19
Post #4


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




because with sp2 the regedit file was updated of course.
Go to the top of the page
 
+Quote Post
G4nj4
post 30.06.2007 02:54
Post #5


Member
**

Group: Members
Posts: 22
Joined: 4.05.2007




I got rid of my regedit cause of this false alarm and I also told kaspersky to delete the backup.Doh shoulda came here first.
Where can I get another one for XP home with SP2?
Google?
Go to the top of the page
 
+Quote Post
Aitam
post 30.06.2007 03:34
Post #6


Newbie
*

Group: Members
Posts: 8
Joined: 29.06.2007




I sent it to you as privet message... Just remember to update Kaspersky again so wouldn't recognize it as threat again. Hope you'll get it! smile.gif

QUOTE(G4nj4 @ 30.06.2007 00:54)
I got rid of my regedit cause of this false alarm and I also told kaspersky to delete the backup.Doh shoulda came here first.
Where can I get another one for XP home with SP2?
Google?
[right][snapback]385322[/snapback][/right]

Go to the top of the page
 
+Quote Post
joel.gibby
post 5.07.2007 21:32
Post #7


Advanced Member I
***

Group: Members
Posts: 53
Joined: 5.06.2007




So is there a chance Kaspersky will restore my auto-deleted regedit.exe on my 3 computers it deleted it from?

It's sort of a critical utility...

Maybe I should turn off delete on infection, or delete on failed disinfection? The default I think was disinfect, delete if fail. What happens when there is a false positive of ntoskrnl.exe? I would hate to be in those shoes if that were ever to happen. Maybe a little more testing before pushing out those updates guys...

Not that it probably matters, but it's important to me:

I'm one of the only people in my org that believes in Kaspersky - we switched form McAfee this summer amidst much animosity to change and the possible issues that could come from it. This has not helped me in my efforts to show my team that Kaspersky was the right choice. Just my .02

This post has been edited by joel.gibby: 5.07.2007 21:35
Go to the top of the page
 
+Quote Post
Lucian Bara
post 5.07.2007 21:37
Post #8


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
restore it from the backup: http://forum.kaspersky.com/index.php?showt...ndpost&p=385267
i can assure you that critical files are in a test set for FPs
Go to the top of the page
 
+Quote Post
Baz^^
post 5.07.2007 22:39
Post #9


Wrestling Champion
**************

Group: Gold beta testers
Posts: 8799
Joined: 10.03.2007




QUOTE(joel.gibby @ 5.07.2007 18:32)
I'm one of the only people in my org that believes in Kaspersky - we switched form McAfee this summer amidst much animosity to change and the possible issues that could come from it. This has not helped me in my efforts to show my team that Kaspersky was the right choice. Just my .02
[right][snapback]389481[/snapback][/right]



Count yourself lucky: http://news.zdnet.com/2100-1009_22-6186271.html


FP's happen- it is unavoidable, and Kaspersky has one of the lowest FP rates around.


--------------------
Kind Regards,

Baz
Go to the top of the page
 
+Quote Post
gunshot1
post 15.07.2007 15:32
Post #10


Newbie
*

Group: Members
Posts: 1
Joined: 15.07.2007




QUOTE(Aitam @ 29.06.2007 16:34)
I sent it to you as privet message... Just remember to update Kaspersky again so wouldn't recognize it as threat again. Hope you'll get it! smile.gif
[right][snapback]385331[/snapback][/right]



Can you send me the same file (regedit.exe for Windows XP Home Edition SP2). The exact same thing happened to me. I also deleted a few other files due to the same virus flags. Geez! Also could someone tell the file location to save the file? Thanks! wink.gif
Go to the top of the page
 
+Quote Post
Lucian Bara
post 15.07.2007 15:45
Post #11


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
you can get it from the xp sp2 cd by using sfc /scannow in start->Run to make a scan to restore it.
Go to the top of the page
 
+Quote Post
Don Pelotas
post 15.07.2007 16:17
Post #12


Global Moderator
****************

Group: Global moderators

Posts: 28867
Joined: 7.04.2005




QUOTE(gunshot1 @ 15.07.2007 13:32)
Can you send me the same file (regedit.exe for Windows XP Home Edition SP2).  The exact same thing happened to me.  I also deleted a few other files due to the same virus flags.  Geez!  Also could someone tell the file location to save the file?  Thanks! wink.gif
[right][snapback]397661[/snapback][/right]

Did you also delete it from backup in Kaspersky?


--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 24.09.2014 00:23