Kaspersky Lab Forum > IE7 uninstallation causes "suspicious action"

Full Version: IE7 uninstallation causes "suspicious action"

Kaspersky Lab Forum > English User Forum > Protection for Small and Medium Businesses

Andrew McHale

20.08.2008 13:52

Hi all.

a user on our network decided to uninstall IE7 after it was deployed to his PC this morning by WSUS.

Since then I am getting hundreds of messages from KAV about suspicious actions from this users PC to do with IE7. Here is the complete error:

Event Detection of possibly infected object happened on computer DAN_DRURY in the domain MYDOMAIN at Wed Aug 20 11:36:13 2008 Process C:\windows\ie7\spuninst\spuninst.exe (PID: 1136): suspicious action. Attempt to list of modules executed during system startup (key \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}, value C:\windows\ie7\reg0019, data ).

The uninstallation seems to have been successful so why do I keep getting these messages? Is it just a false positive? If so how do I go about ignoring it because I've probably had over 1000 messages regarding this today!!!

Many thanks

Andrew

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.