Jump to content

mastermind007

Members
  • Content Count

    9
  • Joined

  • Last visited

About mastermind007

  • Rank
    Candidate
  1. Hello For my own program debugging needs, I rely on a software utility named CurrPorts that provides a complete GUI view of all ports opened on a machine. Usually, entire path of executable is also shown. For past two weeks, I have been noticing that CurrPorts consistently reports a process that has no PID and is showing word "Unknown" in its name. Needless to say, the path of executable is missing and Process ID is either 0 or blank. The Remote IP address that this Unknown process is accessing keep shifting all the time. If another PC connects on the same wireless network, the Unknown process attempts to open a port on that new computer, so it is definitely monitoring the network very closely. Running the avz utility (sent by Kaspesky support) provided revealed that Microsoft functions with names such as NtCreateProcess and NtCreateProcessEx were hooked and intercepted. Few functions such as NtTraceEvent NtRequestPort had their instructions substituted with jmp <somehexaddress> Even after breaking the hooks, the unknown process continues to execute and continues to open and close the ports. Only difference is that I can see name of more remote machines more often than before. P:S: Default Task Manager (Ctrl-Alt-Delete) does not show this Unknown process but more powerful task managers usually show it.
  2. If you add this kind of feature, kindly do not make it compulsory. Only time I would need a full scan a USB is when I have used it on some other computer.
  3. Hello Re-bumping the question again!! I want to be able to add the above file as exception on my machine as I want to continue using it. If Kaspersky cannot allow that, I will rather uninstall kaspersky and look for any other antivirus rather than put up with this headache. No anti-virus company should be able to unilaterally define any other decent software as Virus or malware with complete disregard to individual customer's preferences.
  4. Kindly educate me on how to tell Kaspersky to make exception to this file on my machine. I have added entire folder into exclusion but still this file was flagged. I am not arguing with the whatever-rationale-Kapper-has behind flagging it but lot of my scripting code depends on this. Today I've added it as trusted application and was able to run the file without disabling kasper.
  5. Whizard I have attached the zip file that contains the executable. I have been using this application 2002 or 2003 and it would be interesting to see if original was infected or the copy I was recently running (and got caught by kaspersky) was compromised. wipe.zip
  6. Thank you Whizard for quick reply. Your answer offers some sense of relief but I am still battling with the terminology used. What is verdict exclusion. Where is TrustedZone settings? In short, I understand what you are saying but need some hint on how to navigate through the software. Also, I am unable to find where my wipe.exe is. It is not in quarantine and not hidden anywhere. It has simply vanished from the PC!
  7. I went through the Detailed Report and found following notation. 11.07.2016 20.43.44;Malicious program deleted;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:44 11.07.2016 20.43.43;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:43 11.07.2016 20.43.34;Malicious program deleted;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:34 11.07.2016 20.43.34;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:34 11.07.2016 20.43.20;Malicious program deleted;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:20 11.07.2016 20.42.31;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:42:31
  8. Hello I installed Kaspersky for the first time in my life three days ago I have one utility application that does secure deletion of files from Command line window which I have been using for many many years and have included it in 100s of my batch files. After I installed Kaspersky and ran a scan, Kaspersky reported my utility application as "potential malware", I went into settings and added the utility application name with full path into its exclusion list By the time, I did this step Kaspersky had deleted the file and I simply asked it to be restored which was done. But the problem did not just end there!!!! and therefore provide me a reason to place this post. I am sending this post currently to report that Kaspersky has once again deleted the utility application and this time it is not even showing up on restore list. Even after it was added to exclusion, Kaspersky does not allow the utility application to run properly. Every time I execute it, Kaspersky interferes and process-kills the utility application. Finally, I had to disable Kaspersky to let the utility application run to completion. Similar problem was also encountered for another remote administration software Ammy Admin except that it was never deleted from its location. but the only way to run the Ammy Admin is to disable the Antivirus (which kind of defeats the purpose of having anti virus) edit: original topic title: Extremely Urgent
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.