Help - Search - Members
Full Version: not-a-virus:downloader.nsis.agent.aq?
Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus for Windows
D_Nay
Hopefully someone can assist here.

I have been using KIS 2013 with everything set to deep/most intensive scan settings and I have never had anything pop up to tell me I have a threat. My latest Full Scan this week found nothing. The following day I discovered KIS 2014 was available, so downloaded it and installed it. I made no changes to the scan settings leaving them on recommended and as I normally do after a new version of KIS ran a Full Scan, as expected this came back with no threats.

I then delved into the menus of KIS 2014 and found the option, which in my view should be enabled from the very beginning, to "Detect other software that can be used by criminals to damage your computer or personal data. For example, keyloggers or programs for remote control". (I would suspect there are many non-techie users that would assume this type of feature is functional from the moment they use the program rather than having to manually enable it). With this option now enabled I have found on returning to my computer that an idle scan was running and under the heading "Threats"in the main KIS window "other" was showing. Clicking on this gave me the location of the file (C:\$recycle.bin\.....) and name, as well as the type: not-a-virus:downloader.nsis.agent.aq "legal software that can be used by criminals for damaging your computer or personal data". There was also an option to click on this definition to go to viruslist.com/securelist.com, which I did only to be presented with a blank page telling me it did not exist. I have googled this definition and nothing comes up, it also does not exist on viruslist.com/securelist.com, they only have definitions starting with not-a-virus:downloader.win32.

My questions are:-

1). Why does KIS pick this up in the 2014 version, but never in 2013 when the scan settings were set to their most thorough/onerous? (Makes you wonder how effective KIS 2013 was).

2). KIS 2014 has settings set so that upon detection it automatically chooses what to do, which I would have hoped would remove/quaratine the potential threat, instead it did nothing and in the logs said "The infected object (file) was skipped by the user", I certainly did not skip anything as it was detected during an Idle scan so I was not at the computer. Do I take it that KIS did not get a response from me in time so decided to skip?

3). Why give a virus/malware defintion that does not exist on their viruslist/securelist website for reference? The kaspersky website info for not-a-virus (generic) is not all that helpful either. It states "Extended antivirus database has the signatures of potential Malware, that is not dangerous by itself, but can interfere with your work on the computer or it can be used by a hacker to get some personal information from your computer. All the programs of the kind when detected by any component of Kaspersky Anti-Virus have a prefix not-a-virus in their names." What does this mean, not dangerous by itself, surely if it could allow for the theft of personal data it is dangerous? My understanding of this was that items labeled not-a-virus and a definition in the report of "legal software that can be used by criminals for damaging your computer or personal data" meant that the file was legit but could be used by criminals/hackers because of a vulnerability in it so you should run a vulnerability scan and fix the problems found? This does not appear to be the case, so what does this definition really mean?

4). Most importantly is this anything to be concerned about? I have clicked on the option to eliminate the items, then selected "delete" and both items now sit in quarantine (see attachment, which also includes full file names/paths). Since then I have done two Full Scans both came back as no threats, I have also custom scanned the location the file was in twice and it has come back no threats. Considering this and the fact that KIS currently shows "Threats" as none on the main page, I am not infected, or was this even a false positive?

5). The original location for the file(s) when I clicked the option to 'open original file location' was 'my documents', which considering I only use this for word, excel or .pdf documents not .exe files seemed odd, would that be a glitch in KIS considering the file was in C:\$recycle.bin\S-1-5-.........etc......... (a protected system folder - which even if I try to open manually I get "access denied", so I trust Kaspersky tried the same, was denied access and reverted to my documents)?

Apologies for the length of the queries, if someone could take the time to answer each of the points above I would be grateful.

I am about to remove KIS 2014 completely and re-install, as I keep getting the following message "An error processing data has occurred. Data is unavailable" when trying to "manage applications" under application control. This will lose all of the info I have on the above, so I wanted to get it all cleared up before re-installing.

Many Thanks in advance.
richbuff
Welcome. It was Not A Virus. smile.gif

Several questions: Logs can help with those. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the first Important topic. There, you will find instructions for logs.

Please see the small print that is located at the bottom of this message.
D_Nay
QUOTE(richbuff @ 22.09.2013 00:56) *
Welcome. It was Not A Virus. smile.gif

Several questions: Logs can help with those. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the first Important topic. There, you will find instructions for logs.

Please see the small print that is located at the bottom of this message.


Dear richbuff,

Thanks for the prompt response confirming it's not a virus biggrin.gif . I trust this means there is nothing to worry about, my computer is okay/safe, Kaspersky did it's job, albeit with some manual intervention and my scans are coming back "no threats"? Therefore I can delete the files in quarantine then re-install KIS 2014 to hopefully resolve the applications management issue? You have answered my main concern, so assuming the answer is yes to the above I'm happy, my other queries were curiosities that if they could be easily answered it would be nice, as it would give me a better understanding of the KIS setup and use of definitions (which still baffles me), so......

As it is/was not a virus, is it/was it malware that may have already done something? or is it a legal program as the Kaspersky report said that "COULD" have been used, but wasn't, so never posed a threat unless somehow the vulnerability in the program was exploited. What is the actual definition/meaning of "not-a-virus:downloader.agent.aq" and why does Kaspersky give it this name, but then have no information on it?

Thanks once again.
D_Nay
To update:

Everything seemed fine, however, I return to my computer and KIS has been running an idle scan again and it says it has found a threat!. Yet in the main KIS window it says "Threats: none", whereas last time it came up with "Threats: other". I click to find the threat detected and there is nothing in the report, only a load of "Object file (packed)" entries, not a single entry stating threat detected so I cannot deal with it.

This is just annoying, so out of frustration I ran kavremover, to do a fresh install. Unfortunately in my haste I forgot to delete the files shown in the previous attachment from my quarantine. So, by removing KIS 2014 did it also delete the quarantined files. I believe this to be the case, but can someone confirm this please?

Upon re-installing KIS 2014 and all settings as they were before un-installing, my first 'Full Scan' was faster than the last time and again came back with "no threats" biggrin.gif . In addition the application control/manage application option now works, I no longer get the error processing data message. Whilst I appreciate in this forum it recommends removing a previous version the Kaspersky website states to "install" over a previous version under the migration policy, which is probably what most people would have looked at first. From the looks of things the install of KIS 2014 over a previous version (KIS 2013) was not completely successful and from this experience prone to glitches in reporting. I now have KIS 2014 running as a fresh install and showing no threats across the board: Full scan, vulnerability scan and two partial idle scans, both of which when previously left to run for a similar length of time came back with threats.

It is still not perfect. I get the problem when you click on the Kaspersky tray icon for the first time where you get the splash screen with "launching application" for quite some time, hopefully the patch that is talked about elsewhere on this forum will rectify this when it arrives. I also have it showing in the reports window that a rootkit scan has never run, but I have one listed under detailed reports giving "completed - no threats" and it took 5 mins. There is now another rootkit scan running as I type this, which is at about about 50% in Kaspersky task manager and shows 29 minutes left to go???

If someone can confirm the query above RE: Quarantine, as well as advise exactly what "not-a-virus:downloader.agent.aq" signifies, i.e. if you were to ever see this reported again what is the concern? I would be very grateful.

I trust my computer is safe, was never infected and I was subject to a poor install of KIS 2014? Yes/No?

Thanks in advance to anyone willing to take the time to answer my queries.

edit: bold portions = Off.
richbuff
Less bold, more logs, please.
QUOTE
Several questions: Logs can help with those. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the first Important topic. There, you will find instructions for logs.


Several questions: Logs can help with those. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the first Important topic. There, you will find instructions for logs.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.