 Regedit.exe infection, All my Regedit.exe got infected |
  |
 30.06.2007 00:02
Post
#1
|
|
|
Newbie  Group: Members Posts: 8 Joined: 29.06.2007  |
That would be a lesson to me, never to shut down Kaspersky!
I have no idea how, but all Regedit.exe on my computer got infected with Trojan.Win32.Pakes.x3 , that is, on following locations: C:\WINDOWS C:\WINDOWS\system32\dllcache D:\XP_SP2\I386 The last being a copy of windows I keep if it ever wants to install some extra drivers of something... I don't know what this trojan do, but it did make my regedit.exe grow from 134,144 bytes to 146,432 bytes. |
 |
 
|
|
30.06.2007 00:04
Post
#2
|
|
 Are You Kidding? Group: Moderators Posts: 56933 Joined: 28.01.2006 From: Timisoara, Romania |
hello
it's a false alarm, don't worry, the 146,432 bytes regedit is clean and has a md5 hash of 783AFC80383C176B22DBF8333343992D for the english version The false alarm will be rectified in the next updates. This post has been edited by Lucian Bara: 30.06.2007 00:05 |
|
|
|
|
30.06.2007 00:17
Post
#3
|
|
|
Newbie Group: Members Posts: 8 Joined: 29.06.2007 |
That is odd... Why then on my non-SP2 CD it is smaller? Was it updated?
Anycase, good thing the larger version is still on Kaspersky's Backup... QUOTE(Lucian Bara @ 29.06.2007 22:04) hello it's a false alarm, don't worry, the 146,432 bytes regedit is clean and has a md5 hash of 783AFC80383C176B22DBF8333343992D for the english version The false alarm will be rectified in the next updates. [right][snapback]385234[/snapback][/right] |
|
|
|
|
30.06.2007 00:19
Post
#4
|
|
|
Are You Kidding? Group: Moderators Posts: 56933 Joined: 28.01.2006 From: Timisoara, Romania |
because with sp2 the regedit file was updated of course.
|
|
|
|
|
30.06.2007 02:54
Post
#5
|
|
|
Member Group: Members Posts: 22 Joined: 4.05.2007 |
I got rid of my regedit cause of this false alarm and I also told kaspersky to delete the backup.Doh shoulda came here first.
Where can I get another one for XP home with SP2? Google? |
|
|
|
|
30.06.2007 03:34
Post
#6
|
|
|
Newbie Group: Members Posts: 8 Joined: 29.06.2007 |
I sent it to you as privet message... Just remember to update Kaspersky again so wouldn't recognize it as threat again. Hope you'll get it!
 QUOTE(G4nj4 @ 30.06.2007 00:54) I got rid of my regedit cause of this false alarm and I also told kaspersky to delete the backup.Doh shoulda came here first. Where can I get another one for XP home with SP2? Google? [right][snapback]385322[/snapback][/right] |
|
|
|
|
5.07.2007 21:32
Post
#7
|
|
|
Advanced Member I Group: Members Posts: 53 Joined: 5.06.2007 |
So is there a chance Kaspersky will restore my auto-deleted regedit.exe on my 3 computers it deleted it from?
It's sort of a critical utility... Maybe I should turn off delete on infection, or delete on failed disinfection? The default I think was disinfect, delete if fail. What happens when there is a false positive of ntoskrnl.exe? I would hate to be in those shoes if that were ever to happen. Maybe a little more testing before pushing out those updates guys... Not that it probably matters, but it's important to me: I'm one of the only people in my org that believes in Kaspersky - we switched form McAfee this summer amidst much animosity to change and the possible issues that could come from it. This has not helped me in my efforts to show my team that Kaspersky was the right choice. Just my .02 This post has been edited by joel.gibby: 5.07.2007 21:35 |
|
|
|
|
5.07.2007 21:37
Post
#8
|
|
|
Are You Kidding? Group: Moderators Posts: 56933 Joined: 28.01.2006 From: Timisoara, Romania |
hello
restore it from the backup: http://forum.kaspersky.com/index.php?showt...ndpost&p=385267 i can assure you that critical files are in a test set for FPs |
|
|
|
|
5.07.2007 22:39
Post
#9
|
|
|
Wrestling Champion Group: Moderators Posts: 8793 Joined: 10.03.2007 |
QUOTE(joel.gibby @ 5.07.2007 18:32) I'm one of the only people in my org that believes in Kaspersky - we switched form McAfee this summer amidst much animosity to change and the possible issues that could come from it. This has not helped me in my efforts to show my team that Kaspersky was the right choice. Just my .02 [right][snapback]389481[/snapback][/right] Count yourself lucky: http://news.zdnet.com/2100-1009_22-6186271.html FP's happen- it is unavoidable, and Kaspersky has one of the lowest FP rates around. -------------------- Kind Regards,
Baz (volunteer moderator/beta testing lead -- I don't work for Kaspersky) |
|
|
|
 15.07.2007 15:32
Post
#10
|
|
|
Newbie Group: Members Posts: 1 Joined: 15.07.2007 |
QUOTE(Aitam @ 29.06.2007 16:34) I sent it to you as privet message... Just remember to update Kaspersky again so wouldn't recognize it as threat again. Hope you'll get it! [right][snapback]385331[/snapback][/right] Can you send me the same file (regedit.exe for Windows XP Home Edition SP2). The exact same thing happened to me. I also deleted a few other files due to the same virus flags. Geez! Also could someone tell the file location to save the file? Thanks! 
|
|
|
|
|
15.07.2007 15:45
Post
#11
|
|
|
Are You Kidding? Group: Moderators Posts: 56933 Joined: 28.01.2006 From: Timisoara, Romania |
hello
you can get it from the xp sp2 cd by using sfc /scannow in start->Run to make a scan to restore it. |
|
|
|
|
15.07.2007 16:17
Post
#12
|
|
 Global Moderator Group: Global moderators Posts: 28560 Joined: 7.04.2005 |
QUOTE(gunshot1 @ 15.07.2007 13:32) Can you send me the same file (regedit.exe for Windows XP Home Edition SP2). The exact same thing happened to me. I also deleted a few other files due to the same virus flags. Geez! Also could someone tell the file location to save the file? Thanks! [right][snapback]397661[/snapback][/right] Did you also delete it from backup in Kaspersky? -------------------- |
|
|
|
|
| Lo-Fi Version | Time is now: 25.05.2013 06:58 |