Jump to content
Sign in to follow this  
Arrow5

KIS 2010 .lnk detected Trojan object Multi-Channel Sound Manager

Recommended Posts

Hello,

 

Win XP Home, SP3, using KIS 2010 (9.0.0.736).

(moving up to KIS 12 shortly as I'm aware running out of time on KIS2010)

 

Upon doing full scan today, alerted to KIS detection & deletion of Trojan program Exploit.Win32.CVE-2010-2568.gen

On a program I don't even use or know what it is. Multi-Channel Sound Manager.

 

KIS deleted it and I also noticed the program is now gone from the start menu when I checked back at the end of the scan.

There were 18 detections of it throughout the computer, and KIS deleted them.

 

I checked a bit on search engine what this program is, and it's fine by me that it's gone from the computer. But is it needed? I don't do gaming, or videos, and from what I was reading it probably came with the computer?

 

I've attached screen shot of the detected threats (And viewing ALL). I had to narrow the fields down for you to view.

 

Thanks as always for all the help here!

Didn't know if it was false positive, but Kis Deleted the entire thing it looks. All Green in console, no active threats.

 

 

 

 

 

 

 

post-132080-1329682392_thumb.png

Share this post


Link to post

Kaspersky deleted the start menu link. It looks like a false positive.

 

Please disconnect from the internet, then disable File anti-virus, then restore from quarantine and then add to exclusions and then re-enable File antivirus and then send full details to the Lab, instructions are located in the third important topic located near the top of the Virus section of this forum. And here: http://forum.kaspersky.com/index.php?showtopic=13881

Share this post


Link to post

Thank you Richbuff,

 

I noticed, though, that someone else on February 17 posted about the same exact trojan affecting their audio files shortcut. They too were advised to send it to the lab.

 

They appear in my log as disinfected, not as quarantined.

Would it be ok to just leave them deleted? I don't use this program as far as I know.

 

Regarding your link to send it to the lab

: I just read it thank you, but the instructions didn't mention how I restore them and add them to exclusions. How do I do that?

 

Thank you!

 

 

Share this post


Link to post

Richbuff - You've mentioned to "right click entry in quarantine." One entry or all of them in the event log?

They are listed as "disinfected" , they don't say quarantined. Is Quarantine & disinfected one & the same?

 

 

 

 

 

 

Share this post


Link to post

Locate "Quarantine(d)"

 

You can drop down from All to Quarantined, or find Quarantined on the main Kaspersky window.

 

Your Kaspersky product is two versions old, so I don't remember the exact click to get to Quarantined. Look for it, find it, then Restore the quarantined items that are related to this issue.

 

After you send the stuff to the Lab, Please clean install version 2012. Clean install instructions, links and tips are located in the second and third Important topics. After you clean install version 2012, do a databases update > reboot.

 

 

Share this post


Link to post

Screenshot dropdown of disinfected is where they reside in log.

So how do I restore from disinfected ?

 

 

post-132080-1329704247_thumb.png

Share this post


Link to post

Also, in addition to the post above,

 

Ran a scan 19 Feb 2012 on my NetBook and it reported the same problem. It said only way to fix was to delete the file. Ran the scan again 20 Feb 2012 and (as expected) same file was in the Restore folder. Again, the only way to fix it was to delete it. The file is think was part of the Intel/Realtek ? sound driver. Can't tell if it has affected the computer yet or how to get it back.

edit: Also,...

Edited by richbuff

Share this post


Link to post

Arrow5: Please scroll up two posts.

Brian: Please post the full, complete detection details. Post screenshot of Reports > Detailed Report > Detected threats.

Right click the Detected bar, and select Path. Right click the Detected bar again and select File.

Then post the screenshot with columns widened to show full detected and name and object and path/location details.

 

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

 

Reports > Detailed Report > lower left > Save button > please attach the saved text.

Share this post


Link to post

I also got this problem with Exploit.Win32.CVE-2010-2568...it was found,surprisingly in the Add/Remove Programs link I had in the quicklunch bar...that's weird!! :) currently running KIS 9...any ideas when this problem would be solved?

post-13371-1329830436_thumb.jpg

Edited by RBF

Share this post


Link to post
.any ideas when this problem would be solved?
Shortly after someone restores it from quarantine or Backup, and sends it to the Lab?

 

Arrow5: Please scroll up two four posts.

 

Brian: Please post the full, complete detection details. Post screenshot of Reports > Detailed Report > Detected threats.

Right click the Detected bar, and select Path. Right click the Detected bar again and select File.

Then post the screenshot with columns widened to show full detected and name and object and path/location details.

 

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

 

 

Reports > Detailed Report > lower left > Save button > please attach the saved text.

Edited by richbuff

Share this post


Link to post

When doing a full system scan I received the same warning with some of the same files being deleted. As I have never had a virus or trojan before, do I need to be concerned or is this a false positive as indicated above, and if so, what exactly is a false positive. Sorry for the dumb questions, but I truly am a rookie with this stuff.post-401411-1329866520_thumb.jpg

Share this post


Link to post

Thanks Richbuff - appreciate the info.

At the moment they are still in event log as deleted status in Detected disinfected section (KIS2010) where they've been since I last wrote.

Will do as suggested shortly. Thank you again.

 

 

 

 

Share this post


Link to post

what's interesting is that it "infects" shortcuts :D (*.lnk) ... i'll try to send that report soon,or earlier this morning..hope it gets fixed,even though i had a number of false-positives in the past...good night!!

Share this post


Link to post

well,this it the latest report...i've tried to make a shortcut for everything that was in control panel and this is what came up...weird and interesting at the same time

detailed_report_22.02.txt

Share this post


Link to post

well,i've sent my files to the lab...it was a false detection as we thought,so no worries...they said it will be fixed in some of the next updates...till now,no change,but maybe later...have a nice day everyone!!

Share this post


Link to post

Well that's great to hear, thank you, RBF!

I haven't had the chance as of yet, and see you've already heard back from Lab on them.

 

I assume that I can just right click to restore from the Detected/Deleted section of my log and all should be fine?

 

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.