Jump to content

norwegian

Members
  • Content Count

    3,789
  • Joined

  • Last visited

About norwegian

  • Rank
    Forum is my faith
  1. Thanks for the feedback richbuff, appreciate your thoughts. I will be uninstalling KIS though, and going back to 2012, I won't go into it other than the response of a lot of my system is slow due to this version. Just uninstalling IE10, (in which the team used to be right on top of with keeping up with Microsoft product) is not worth the troubleshooting for me. There's too much that needs to be looked at for me. I just asked if they were interested in the dumps.
  2. Hello, I've just tried 2013 and found it crash on reboot, dumps created in the Kaspersky folder. I know this old box needs updating and the motherboard is getting old, but if you think it worth uploading the dumps for this error, let me know. Error as follows after 1 day installed: Log Name: Application Source: Microsoft-Windows-User Profiles Service Date: 26/04/2013 2:13:21 AM Event ID: 1530 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: my main box Description: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4006028695-2158132983-4052039910-1001: Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\Root Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\Disallowed Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\trust Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\My Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\CA Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" /> <EventID>1530</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2013-04-25T18:13:21.301400000Z" /> <EventRecordID>6133</EventRecordID> <Correlation /> <Execution ProcessID="488" ThreadID="1256" /> <Channel>Application</Channel> <Computer>SkyRock-home-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData Name="EVENT_HIVE_LEAK"> <Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-4006028695-2158132983-4052039910-1001: Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001 Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\Root Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Policies\Microsoft\SystemCertificates Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\Disallowed Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\trust Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\My Process 1388 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-4006028695-2158132983-4052039910-1001\Software\Microsoft\SystemCertificates\CA </Data> </EventData> </Event>
  3. Hello richbuff, hope this finds you well? As for detection, it is neither signed nor known to the KSN, but it is placed into the "trusted zone". I'm just surprised it wasn't put into the "low restricted". I understand it is a simulator and old, just curious why the heuristics didn't even flinch, surely something like these would give a questionable alert and look at the "low restricted"? I can not see any signed .exe info either, guess the heuristics are that finely tuned, I'm just surprised that's all. As I've mentioned elsewhere, I know KIS can be adjusted to alert to this, that I have no problem with. But for default settings there is nothing and it is a loaded as a trusted application. This is Baz's reply in 2008 - http://forum.kaspersky.com/index.php?showtopic=87798 Filealyser doesn't show any company referencing either? No biggie.
  4. Hello all, Any idea why a couple of old trojan test tools are added to the trusted zone with a default install of KIS? TrojanSimulator.exe TSServ.exe Just curious. Oops: KIS 2012 12.0.0.374 (j)
  5. Hello All, Does anyone know where the log of a refused cert is kept? I have reports to log non-critical events on. I refused a cert I did not know and would like to see the info - due to it not normally a cert for the particular site. Do we have this enabled in the logs? Web A/V logs shows nothing of the event. Thanks
  6. Thanks. I have found this detection has been noted now with a freshly installed beta using the standard update servers. It will be emailled to the labs.
  7. Can the good members clear up something for me. Dawgg repied to a post of mine regarding detections that maybe the team can explain thier methodology. Link t my post - http://forum.kaspersky.com/index.php?showt...t&p=1524065 First, I understand via the standard update servers this would be worth sending to the labs as a false positive. But, as I was set to the test servers, the databases are different? This alert was only via the/ap folder and I have never seen at any other time this detection. "Out of date databases" is a regular occurrence with test folders, we have all seen these posts from curious testers. HIPS may not be involved, it was a comment on the time frame of the updates, maybe I need to work my comments differently. Is there a policy with updates on a test server v's those on the standard servers?
  8. It seems the updated hips, or something since the last update has found an infection.....false positive maybe? Detected (2) 10/11/2010 8:31:36 PM Detected Trojan program Backdoor.Win32.Poison.cacn C:\Windows\INSTALLER\9ea04.msi High 10/11/2010 8:31:36 PM Detected Trojan program Backdoor.Win32.Poison.cacn C:\Windows\INSTALLER\9ea04.msi//Data1.cab//ff_samplerate.dll High Does anyone else see this in Win 7 Ultimate x64? Oops, this is part of Win7codecs file, I have Shark007 codec package installed as well, seems it deleted an item yesterday. 9/11/2010 7:08:01 AM Deleted Trojan program Backdoor.Win32.Poison.cacn C:\Program Files (x86)\Win7codecs\filters\ff_samplerate.dll High Note: Why does "move to quarantine" just provide a popup to open a file? Why can't it move the detections as it suggests? Or prompt to say 'nothing needs to be quarantined, already processed' or some such alert? Guess I need to test more.
  9. After cleaning all NDIS entries in registry to remove the device manager items, a fresh install of KIS produced the following: An entry in Device Manger, an extension of 1 of the LAN's as a K ndis item though. On enabling this item, the entry disappeared. system 1 nvidia nforce ethernet driver 67.8.9.0 The expansion drive had not been plugged in.
  10. No sorry Whizard, If there was, they were cleaned, it was chance that I came upon these errors in the device manager. Nothing is laying around that I can see, I will look more though to see what I can dig out of the event logs to see if anything was recorded. Edit: Repair, and even uninstall completely and these 2 items are still showing. I can not uninstall nor disable these 2. Kaspersky Anti-Virus NDIS Miniport #2 Kaspersky Anti-Virus NDIS Miniport #5 I'll look more, however nothing shows in the event logs, other than an IPSEC issue with the service manager (this has been a regular error for a long time and not something recent) and the disk errors have gone since removing the external drive they referenced. There has been a lot of memory testing, and it seems the sticks are in need of replacement, so I've not ruled out other issues yet. Also noted though, a program Windows CleanUp is deleting some temp files in one of the Kaspersky caches for updates, which I've not seen from other cleaners: I've not ruled out adding rules for Kaspersky's folders and whether it also may be involved, I'll just have to test and see what happens, although most trouble started with the external USB Seagate 1000GB expansion driveI would wager.
  11. This is the first time I've seen this occur, see image. Anyone have an idea on what is happening? Event viewer has shown Explorer.exe crashes, errors with an expansion drive with page file, an unknown application faulting which seems to be related to the explorer crashes. There is 1 mentioned with stisvc and DCOM, but it doesn't seem to be related in time to the other issues, and also an IPSEC sevice terminated with an unknown authentication. Side note: My internal USB card reader is having troubles at similar times. edit: small, fast png sted huge, slow, almost unopenable bmp.
  12. Okay, I have to bow out then. Thought for a second I might be able to join in.
  13. According to this page it is? http://deviceatlas.com/devices/Motorola/RA...V6/entry/207253
  14. I thought it was all about the new flash phones. I seem to have my business phone running symbian (Can't use it) I also have an old Motorola RAZR v6 in the cupboard. However I can power it up, but it wont have a phone line. Is this worth looking at for testing? Sorry for my moment of vague, I've not really studied phones too much, they just call people for me. Internet and the like is my computer room. LOL (Maybe this needs moving to the "off-topic talks")
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.