Jump to content
Sign in to follow this  
KP_trial

Trouble with KLDump.exe

Recommended Posts

Hi !

 

Newbie here (at least as far as Kaspersky Pure or any Kaspersky product is concerned anyways) ... running a 30 day trial version of Kaspersky Pure ("KP").

 

Using Win7Pro/64 with SP1. Trying to run the KLDump.exe from a command window (started with admin privilege) gets me several warnings from KP, all of which I allow. When finally KLDump.exe seems to want to execute it throws back an error message (see below). How do I get around this ?

 

 

KLDump.exe -f KAV_dump.txt

Cannot register plugin driver "Logger". Execution stopped.

 

TIA,

:)

Share this post


Link to post
hello

did kaspersky instruct you to run it? try to disable UAC completely.

also, where did you get it from: http://support.kaspersky.com/faq/?qid=193238654 here?

No they did not instruct me to run it; but I am trying to trace some outbound attacks which are not otherwise found or blocked on the local Win7 PC (they appear in the logs of a proxy server sitting between the Win7 system and the internet).

 

I have not tried to disable UAC, and I don't think it will help. Most likely the "logger.sys" file is either missing, blocked or not properly installed by the KLDump facility. This may be due to the Win7/Pro/64 version I am using. ( I have now searched the C: drive for the "Logger.sys" file. It is not present. Thus ... it can't be registered. Due to the potential nature of the file I am wary of finding/downloading it separately, except in conjunction with KLDump. )

 

I got KLDump.zip from a different (older) forum link, but just downloaded the link you suggested. That version of the exe and the one I downloaded yesterday are identical ("fc /b").

 

Thanks for trying to help ...

 

Any other ideas ? :unsure:

Share this post


Link to post

*UPDATE* ... I just had the idea of using the email address mention in the "KLDump.exe: an utility for creation of network attack dump files" link to contat Kaspersky direct for help with this ... lets see what happens. :)

Share this post


Link to post
the logging driver is klick.sys, it's inside the exe and should be installed when you run it. try running it from the command prompt without parameters, what's the output?

See attached.

Also ... in the meantime I have tried turning off UAC ... no improvement ... and I turned it back on (how inconvenient to have to reboot! ... twice :b_lol1: )

post-379895-1318696442_thumb.jpg

Share this post


Link to post
This is what I get on Win 7 x64.

Also you can not execute a driver, and it's not in located next to the exe

Thanks. ( Only reason I tried to "execute" klick was some ambiguity in your instructions :unsure: )

 

So ... can you do an md5 on your "kldump.exe" ? and post it ?

 

What other reasons possibly disabling the installation of "klick.sys" ?

Share this post


Link to post
Thanks. ( Only reason I tried to "execute" klick was some ambiguity in your instructions :unsure: )

 

So ... can you do an md5 on your "kldump.exe" ? and post it ?

 

What other reasons possibly disabling the installation of "klick.sys" ?

**MORE INFO**

 

I just found a "klick.dat" in C:\Windows\system32\drivers dated 10/13/2011 (which might be the first time I tried KLDump). What's your md5 for THAT file ? If I have a matching md5 ... I could just rename it "klick.sys" ???

 

post-379895-1318697843_thumb.jpg

Share this post


Link to post

Additional Info ... I did a "dir /od" of the System32\Drivers folder. It shows another file dated same time as "klick.dat" which seems weird to me. Also, there is a "tcpip.sys" driver as recent as June of this year. That may simply be a WinUpdate causing it, but I am curious and would like to compare to your Win7/64 system. Please post a list "dir /od" similar to mine.

 

The "hitmanpro35.sys" is expected as I tried that yesterday. But what is "klin.dat" ? Should that one be "klin.sys" also ? And what is "klif.sys" ?

 

TIA,

:)

post-379895-1318698433_thumb.jpg

Share this post


Link to post

More info. See attached screen shots.

 

The first one is the one KP throws up and which I answer with "Allow". However, notice the folder it mentions and the file name for the driver. It's "Logger.sys" (not "klick.sys"). And it's not the standard DRIVERS folder.

 

Now something interesting happens. I used a JPG file and renamed it "Logger.sys" and placed it in the mentioned SysWow64\drivers folder. I then re-executed the "KLDump.exe" ... and after its error message, guess what ?! The "Logger.sys" has been deleted !

 

Does that help to further debug this mystery ?????

 

(Naturally the JPG file is a test dummy ... I did not want to risk using "klick.dat" renamed to "klick.sys".) (oh, and BTW, I had Windows Defender disabled during this test, but UAC still active.)

 

:)

 

post-379895-1318726531_thumb.jpg

post-379895-1318726553_thumb.jpg

post-379895-1318726560_thumb.jpg

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.