Hello all,

We're recently getting hit with a few different trojans:

• Backdoor.Win32.Small.gwj
• Trojan.Downloader.Win32.Agent.utd
• Worm.Win32.AutoRun.mug

and others. I'm concerned though because systems keep getting re-infected with the same stuff (mostly Backdoor.Win32.Small.gwj) over and over. I ran an on-demand scan on one of these systems and of course it detected threats, and said they were neutralized. I then checked the system's network traffic and it was communicating with IRC commands over port 6009 and 1863 (MSN-Messenger). I ran MalwareBytes and it found lots more infected files and registry entries. I'm also concerned because I took a sample infected file (win32dll.exe) and used the Kaspersky only scanner - it detected a virus, but scanning locally said "No threats detected". I am worried that maybe my definitions are screwed up. Is there any way to clear out and re-download all the updates for my products?

The other thing is most of my systems report "Not all components updated" because it says aphish.ppl does not exist in the update source. It's in the admin kit update folder though. Maybe redownloading updates will fix this?

If I rename the folder with all the downloaded updates, will the adminkit re-create the folder the next time updates are run? Will previously downloaded updates get re-populated?

Please help!

Hello,

If your threats definition were screwed up, then your antivirus should not run and show an error message about the protection status.
If the infected file was detected by the virus scanner and not by your antivirus software, it could means that you don't have the latest virus definition.

About the "Not all components updated" message, you should check the global update task of your Administration first and see if it is correctly configured, see : http://support.kaspersky.com/faq/?qid=208279414
I advise you to check the option "Download updates for all Kaspersky Lab applications installed in the network. " to be sure to get correct updates.

As a last solution you can purge the content of the klshare\update folder and then run the global update task to download all threats definition but it will take some times.

If your computers are being infected again and again with the same virus, that's mostly because Kaspersky Anti-Virus does not detect all parts of the threat which is then able to recreate itself.
When you found suspicious file don't hesitate to send them to newvirus@kaspersky.com in a password protected archive.