hi Kaspersky administration

No doubt the kaspersky is one of the best security systems around the world today, i found a hassle while using this software (KIS ver 7.0.1.321).

Last week my computer was badly infected by a worm ( donot remember the name now) and it replicate in window xp service pack 2 original files, to my wonder KIS does not stop it from entering there which it suppose to do , although the virus comes from direct use of infected usb drive.

Secondly, while cleaning the Kis asked me for every file either delete or disinfect and many files which were system-based, it gives me delete only option, in my case explorer.exe, and now when i delete the system explorer file, which it asked to be removed after reboot, my system crashes and does not boot in normal mode adding hardship to my problems,

Firstly, it took lot of time to identify the virus infected files, almost in every folder on my 40 GB harddisk

Secondly, deleting system files, making my windows xp crashed


Thirdly, time consuming to reinstall/ repaid windows and lost time and data as well.



While discussing with my friend, who is computer administrator as well, he recommended me an other antivirus, 'symantic corporate version', and suggested that it has the capability to disinfect the system infected files like explorer or ie explorer or sys dlls and donot DELETE the files, none others antivirus company is able to disinfect the files, mostly delete them making window unstable and useless and a person is forced to reinstall and repair its whole system while the antivirus sit in the tray.

Thanking you for reviewing this post, i hope i make myself clear about the recent problem i encountered and suggest a feature in antivirus to disinfect critical system files and donot delete them, either there should not be any delete option in notification or reboot repair.

Have fun

hello
send the explorer.exe file (if it's the one in c:\windows) to the lab (newvirus@kaspersky.com) and ask them to add a disinfection routine for it. There's also the problem if it is disinfectable. some amlware may replace system files all together if they aren't critical.

thanks brother for the quick reply, but as i have mentioned earlier Kis deleted the explorer file on reboot and the system crashes, i have to reinstall the whole windows from scratch, i am giving it as a suggestion to save my others brothers from badluck like mine a week ago.

Further, i also want to know that any other person have got the same problem or i am unique.

that's an unlikely scenario, windows can run just fine without explorer.exe, it just doesn't display any icons on your desktop or a task bar (you can still run programs through the task manager however). so you probably deleted more then just explorer.exe (the real one is in c:\windows btw)

It would be a cool, if they can add a backup function like this software.
I know alot of people wouldn't be able to use it or understand its use, but will help if you install this software on other peoples computer and they are infected or those 3 items get infected at least there was a backup at the time of installing Kaspersky.

that's what system restore does. A full backup is something that this software isn't designed to do and alot of people won't use it= bloatware. also all files deleted by kav during a malware scan are restorable from backup.

In my scenerio, i was unable to boot even in safe mode, the window was keep on restarting at login screen and does not allow to see the desktop or do anything!!

Anyhow, it the kaspersky was able to understand the critical window application files, like explorer or ie explorer, svchost.exe, rundll32.exe etc and donot allow to delete them or quarantine them, in case they got infected but the only option should be either disinfect/ skip, that would be helpful for lot of the product users.

CY

sometimes they are not disinfectable, or kaspersky can't disinfect them because it has no disinfection algorithm for it. btw, i hope you didn't quarantine the programs based on invader type notifications.

Recently I've got "not-a-virus:Downloader.Win32.SwiftCleaner.b" notification from KIS by scanning OpenOffice installer. I sent the suspected file (a small .exe) to Kaspersky Lab by e-mail, but I did not receive any reply by now, but AFAIK that is false positive.

When I tested the above mentioned OO installer, when test was finished the file disappeared from the original place. Of course it is possible to look into "Detected" and apply "Restore", but tis is not very intuitive to normal user. In KIS version 6 and 7 we have more detailed dialog box and it is enough to choose option Prompt for action when the scan is complete to get the possibility to decide about a threat after scanning is finished.

When I manually set:
- Scan / On detection / Do not prompt / Disinfect , (and: delete if disinfection fails <-- option unchecked)
the suspicoius file was not deleted.

I suggest the following options should be by default enabled in automatic mode:
- Protection / Select action automatically / Do not delete suspicious objects
- Scan / On detection / Select action automatically: Disinfect and not delete if disinfection fails

Moreover:
- Options / Threats and exclusions / Settings / Other programs should be selected by default.
That means all the options in this dialog box should be checked.

There are several posts in this Forum about an infection where the first post in answer reads "did you set the option...". That means some infections would be impossible if the option has been set, but it was not set by default in non-interactive mode, which is designed for most users.

and what about trojans, worms, backdoors, adware and the rest of the junk that can not be disinfected because they are NOT disinfecatable... which is the malware one will encounter on the net, file infector viruses are less common.


legally its' not possible since a lot of those applications are valid (mirc etc) so the user has to choose by himself, also those would be removed because they are not suspicious, suspicious items are heuristics, proactive defense etc.