Hopefully someone can assist here.
I have been using KIS 2013 with everything set to deep/most intensive scan settings and I have never had anything pop up to tell me I have a threat. My latest Full Scan this week found nothing. The following day I discovered KIS 2014 was available, so downloaded it and installed it. I made no changes to the scan settings leaving them on recommended and as I normally do after a new version of KIS ran a Full Scan, as expected this came back with no threats.
I then delved into the menus of KIS 2014 and found the option, which in my view should be enabled from the very beginning, to "Detect other software that can be used by criminals to damage your computer or personal data. For example, keyloggers or programs for remote control". (I would suspect there are many non-techie users that would assume this type of feature is functional from the moment they use the program rather than having to manually enable it). With this option now enabled I have found on returning to my computer that an idle scan was running and under the heading "Threats"in the main KIS window "other" was showing. Clicking on this gave me the location of the file (C:\$recycle.bin\.....) and name, as well as the type: not-a-virus:downloader.nsis.agent.aq "legal software that can be used by criminals for damaging your computer or personal data". There was also an option to click on this definition to go to viruslist.com/securelist.com, which I did only to be presented with a blank page telling me it did not exist. I have googled this definition and nothing comes up, it also does not exist on viruslist.com/securelist.com, they only have definitions starting with not-a-virus:downloader.win32.
My questions are:-
1). Why does KIS pick this up in the 2014 version, but never in 2013 when the scan settings were set to their most thorough/onerous? (Makes you wonder how effective KIS 2013 was).
2). KIS 2014 has settings set so that upon detection it automatically chooses what to do, which I would have hoped would remove/quaratine the potential threat, instead it did nothing and in the logs said "The infected object (file) was skipped by the user", I certainly did not skip anything as it was detected during an Idle scan so I was not at the computer. Do I take it that KIS did not get a response from me in time so decided to skip?
3). Why give a virus/malware defintion that does not exist on their viruslist/securelist website for reference? The kaspersky website info for not-a-virus (generic) is not all that helpful either. It states "Extended antivirus database has the signatures of potential Malware, that is not dangerous by itself, but can interfere with your work on the computer or it can be used by a hacker to get some personal information from your computer. All the programs of the kind when detected by any component of Kaspersky Anti-Virus have a prefix not-a-virus in their names." What does this mean, not dangerous by itself, surely if it could allow for the theft of personal data it is dangerous? My understanding of this was that items labeled not-a-virus and a definition in the report of "legal software that can be used by criminals for damaging your computer or personal data" meant that the file was legit but could be used by criminals/hackers because of a vulnerability in it so you should run a vulnerability scan and fix the problems found? This does not appear to be the case, so what does this definition really mean?
4). Most importantly is this anything to be concerned about? I have clicked on the option to eliminate the items, then selected "delete" and both items now sit in quarantine (see attachment, which also includes full file names/paths). Since then I have done two Full Scans both came back as no threats, I have also custom scanned the location the file was in twice and it has come back no threats. Considering this and the fact that KIS currently shows "Threats" as none on the main page, I am not infected, or was this even a false positive?
5). The original location for the file(s) when I clicked the option to 'open original file location' was 'my documents', which considering I only use this for word, excel or .pdf documents not .exe files seemed odd, would that be a glitch in KIS considering the file was in C:\$recycle.bin\S-1-5-.........etc......... (a protected system folder - which even if I try to open manually I get "access denied", so I trust Kaspersky tried the same, was denied access and reverted to my documents)?
Apologies for the length of the queries, if someone could take the time to answer each of the points above I would be grateful.
I am about to remove KIS 2014 completely and re-install, as I keep getting the following message "An error processing data has occurred. Data is unavailable" when trying to "manage applications" under application control. This will lose all of the info I have on the above, so I wanted to get it all cleared up before re-installing.
Many Thanks in advance.