I am using KIS 2009 on my Laptop form past 4 months.
Recently i am getting visuses or malware showing up on my system like the one which creates all the folder name.exe
KIS 2009 is deleting these folder.exe files every time I start my system ( WIN XP ), and my quarentine data base is getting bulkier each time.
Now my question is
How to permanently delete these folder.exe ( created by regserv.exe) and remove huge quarentine data base ( which aroud 5 GB now )
please help.
thanks
Full Version: My Quarentine data base in building....
Open Kaspersky and click Quarantine - Save.
Save that file to your desktop and attach it to your next post.
Send some of the quarantined files to Kaspersky's viruslab - http://forum.kaspersky.com/index.php?showtopic=13881
Attach an AVZ log of your computer to your next post. Instructions shown here.
Save that file to your desktop and attach it to your next post.
Send some of the quarantined files to Kaspersky's viruslab - http://forum.kaspersky.com/index.php?showtopic=13881
Attach an AVZ log of your computer to your next post. Instructions shown here.
Thanks,
here comes the sysinfo.zip
Now my AVP8 directory in \ALLUSERS\....\Kaspersky\AVP8 is having 6 Gb of databse belonging to kaspersky databases and quarantine databases how to reduce or delete this please help.
here comes the sysinfo.zip
Now my AVP8 directory in \ALLUSERS\....\Kaspersky\AVP8 is having 6 Gb of databse belonging to kaspersky databases and quarantine databases how to reduce or delete this please help.
Please attach the other requested information.
Have you submitted some of the files to the lab?
Execute the following script in AVZ...
Have you submitted some of the files to the lab?
Execute the following script in AVZ...
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('i:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\autorun.inf');
DeleteFile('i:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile(''I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
DeleteFile(''c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
end.
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('i:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\autorun.inf');
DeleteFile('i:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile(''I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
DeleteFile(''c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
end.
QUOTE(dawgg @ 6.11.2009 16:19) 
Please attach the other requested information.
Have you submitted some of the files to the lab?
Execute the following script in AVZ...
Have you submitted some of the files to the lab?
Execute the following script in AVZ...
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('i:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\autorun.inf');
DeleteFile('i:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile(''I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
DeleteFile(''c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
end.
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('i:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\autorun.inf');
DeleteFile('i:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile(''I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
DeleteFile(''c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
end.
I am using KIS 2009, when i open it, I am not finding Quarantine - Save option, please advice and also how to run the above script, i am new bee in programming.
thanks
Sorry, forgot to mention instructions for running the script are here.
Click Detected at the bottom-right of your Kaspersky. If there is anything there, post a screenshot of it.
Then select "quarantined" on the top-left and post a screenshot of that. - (I am trying to see what is detected, where its located etc).
Right click some of the quarantined items and click Send to send it to Kaspersky.
Click Detected at the bottom-right of your Kaspersky. If there is anything there, post a screenshot of it.
Then select "quarantined" on the top-left and post a screenshot of that. - (I am trying to see what is detected, where its located etc).
Right click some of the quarantined items and click Send to send it to Kaspersky.
QUOTE(dawgg @ 6.11.2009 16:52)
Sorry, forgot to mention instructions for running the script are here.
Click Detected at the bottom-right of your Kaspersky. If there is anything there, post a screenshot of it.
Then select "quarantined" on the top-left and post a screenshot of that. - (I am trying to see what is detected, where its located etc).
Right click some of the quarantined items and click Send to send it to Kaspersky.
Click Detected at the bottom-right of your Kaspersky. If there is anything there, post a screenshot of it.
Then select "quarantined" on the top-left and post a screenshot of that. - (I am trying to see what is detected, where its located etc).
Right click some of the quarantined items and click Send to send it to Kaspersky.
Thanks once again,
I had sent one quarantine object to the K. LAB
Here comes the screen shot of the "Detected" tab
as it is clear there are some malware and viruses detected, when i run "Neutralize all" command, KIS will delete those objects and it will add it up to data and Qb directory in it folder, which will in turn increases the size of the database in Kis Directory,
this is happening quite while some time, and now the KIS Lab folder in /allusers/.../application data/k...Lab/ is now nearly 6GB and my windows xp is started showing low disk space.
So how to remove the 6gb unwanted virus or quarantine info present in KisLab directory. Please help.
QUOTE(dawgg @ 6.11.2009 16:52)
Sorry, forgot to mention instructions for running the script are here.
Click Detected at the bottom-right of your Kaspersky. If there is anything there, post a screenshot of it.
Then select "quarantined" on the top-left and post a screenshot of that. - (I am trying to see what is detected, where its located etc).
Right click some of the quarantined items and click Send to send it to Kaspersky.
Click Detected at the bottom-right of your Kaspersky. If there is anything there, post a screenshot of it.
Then select "quarantined" on the top-left and post a screenshot of that. - (I am trying to see what is detected, where its located etc).
Right click some of the quarantined items and click Send to send it to Kaspersky.
Thanks once again,
I had sent one quarantine object to the K. LAB
Here comes the screen shot of the "Detected" tab
as it is clear there are some malware and viruses detected, when i run "Neutralize all" command, KIS will delete those objects and it will add it up to data and Qb directory in it folder, which will in turn increases the size of the database in Kis Directory,
this is happening quite while some time, and now the KIS Lab folder in /allusers/.../application data/k...Lab/ is now nearly 6GB and my windows xp is started showing low disk space.
So how to remove the 6gb unwanted virus or quarantine info present in KisLab directory. Please help.
QUOTE(rnjsx100 @ 7.11.2009 12:09)
Thanks once again,
I had sent one quarantine object to the K. LAB
Here comes the screen shot of the "Detected" tab
as it is clear there are some malware and viruses detected, when i run "Neutralize all" command, KIS will delete those objects and it will add it up to data and Qb directory in it folder, which will in turn increases the size of the database in Kis Directory,
this is happening quite while some time, and now the KIS Lab folder in /allusers/.../application data/k...Lab/ is now nearly 6GB and my windows xp is started showing low disk space.
So how to remove the 6gb unwanted virus or quarantine info present in KisLab directory. Please help.
I had sent one quarantine object to the K. LAB
Here comes the screen shot of the "Detected" tab
as it is clear there are some malware and viruses detected, when i run "Neutralize all" command, KIS will delete those objects and it will add it up to data and Qb directory in it folder, which will in turn increases the size of the database in Kis Directory,
this is happening quite while some time, and now the KIS Lab folder in /allusers/.../application data/k...Lab/ is now nearly 6GB and my windows xp is started showing low disk space.
So how to remove the 6gb unwanted virus or quarantine info present in KisLab directory. Please help.
Just one more thing,
When i run the script this is what I got.
In the screenshot of Active Threats, select Quarantine in the dropdown list and post a screenshot of that.
Then select Backups in the dropdown list and also post a screenshot of that.
Apologies, run the following script:
Attach a Combofix log, please review and follow these instructions carefully.
Before Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.
Download Combofix from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then select Backups in the dropdown list and also post a screenshot of that.
Apologies, run the following script:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('i:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\autorun.inf');
DeleteFile('i:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
DeleteFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
end.
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('i:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\autorun.inf');
DeleteFile('i:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile('I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
DeleteFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe');
end.
Attach a Combofix log, please review and follow these instructions carefully.
Before Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.
Download Combofix from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.