I'm running the '30 day trial' of Kaspersky Internet Security (7.0.0.125)

An alert was shown today, with these details:

"Status" detected: riskware Hidden data sending

"Object" Running process: C:\Program Files\Internet Explorer\iexplore.exe

After doing a few searches, there appears to be occassions when KIS (kaspersky antivirus) gives a 'false positive / alert' for iexplore.exe

What action should I take?

Any help appreciated.

Thanks

I'm running the '30 day trial' of Kaspersky Internet Security (7.0.0.125)

I noticed this (Detected Tab):

"Status" detected: riskware Hidden data sending

"Object" Running process: C:\Program Files\Internet Explorer\iexplore.exe

After doing a few searches, there appears to be occassions when KIS (kaspersky antivirus) gives a 'false positive / alert' for iexplore.exe

What action should I take?

The above was noticed on the KIS default (homepage) window, in the "Protection Section" when I noticed the numbers.... 12074 / 1

Also, in the REPORT tab section

Reports Tab

firewall
anti-spam
privacy control
proactive defense
File anti-virus
Mail anti-virus
web anti-virus

ALL disabled 28/12/2007 at 13:34:12

I only noticed this whilst lookin at the ABOVE problem with iexplore, needless to say I enabled ALL protection at 15:06:15

The 'KIS protection' had been disabled, by itself or by a virus???

Any help appreciated.

I have attached a couple of screenshots

NO WARNINGS APPEARED

Click to view attachmentClick to view attachment

Thanks

Hi there,
IMHO this is not a false positive....something is trying to send out encrypted data via Internet Explorer...try to run a rootkit scan on your system once you have configured it at the highest security level.
Bye
M.

I have done a 'rootkit scan' (set at the highest security) complted in 2 hours 25 mins: no threats detected

any other suggestions or advice appreciated?

Thanks

well, i can only add that some trustworthy applications, for some reasons, try to send out (to their servers?) data....maybe you're in this condition....it would be helpful to have a getsysteminfo report from your system...
Bye
M.

Hello,

Do you have any toolbar or any plugins installed on your browser Internet Explorer ?

Do you have any applications installed on this computer which can be launched through a link in a web page ? It includes Bitorrent, Emule, ...

As M. said, a getsysteminfo report will help.

Damien

Yes, I have google toolbar

I dont think I have any applications that are launched from link on a webpage.

I have done a 'getsysteminfo' report, do I need to post that here?

regards

Colin

I have removed the google toolbar, KIS still shows same alert:

"Status" detected: riskware Hidden data sending

"Object" Running process: C:\Program Files\Internet Explorer\iexplore.exe

Do I need to upload and display 'getsysteminfo' file?

regards

Colin

Upload your report on this web site : http://www.getsysteminfo.com and post URL here.

Also when KIS alerts you, more details can be found on the alert popup such as where iexplore program wants to send hidden datas if you can find them it can help.

Damien

After running the 'getsysteminfo' tool, (following the instructions on this page http://support.kaspersky.com/kis6/all?qid=193238548

"How to create a report file using GetSysteminfo utility"

I now have this:

detected: riskware Invader
Running process: C:\Documents and Settings\Colin Thompson\Local Settings\Temp\wz9bef\GetSystemInfo.exe


regards

Colin

This tool has to collect datas such as running processes, loaded drivers, and so on. This behaviour is consider by KAV as a riskware, but you can ignore these alerts and add this program to the trusted zone, as it is a safe application developped by Kaspersky Lab.

Thanks for the info:

I restarted my pc after running the getsysteminfo.exe application, the 'Computer Protection Status' now shos running / detected as 5413 / 2

both of these alerts are indicated on the detected tab (the original iexplore.exe and the 'getsysteminfo' alert)

I thought that after a restart, the getsysteminfo alert would have expired?

any advice

thanks

Hello,

No, alerts are still displayed even if threats have been treated. You can clear all events using the "Actions" button.

Happy new year 2008

Hello~
This is malware about "Backdoors" and "Keylogger".
First you can use "TCPView" software and then kill all "iexplore.exe" process
Then into %windir%\system32 folder,search be modified file in recent days.
You can find out the suspicious or not belong to WINDOWS OS file,please send to newvirus@kaspersky.com
"Start" -> "Run" -> input "regedit"
Search in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Services,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet002\Services
You can find out suspicious or not belong to WINDOWS OS key and the name same to the file,then kill the key.