Jump to content
Andrey Korochkin

Kaspersky Virus Removal Tool 2015 beta testing

Recommended Posts

Hello!

New version of Kaspersky Virus Removal Tool 2015 is available for testing!

 

Version:

Kaspersky Virus Removal Tool 2015, build 15.0.19.0 (upd 16.01.2015)

 

Tool is available:

Here

 

Supported OSes:

 

MS Windows XP, Vista, 7, 8 all editions, all SPs, all hot fixes

MS Windows Server 2003 (SP2+), 2008 (SP2+), 2008 R2 (SP1+) Standard и Enterprise Edition, all hot fixes

MS Windows Server 2012, 2012 R2 Standard и Datacenter Edition, all SPs, all hot fixes

MS Small Business Server 2008 Standard и Premium Edition, all SPs, all hot fixes

MS Small Business Server 2011, all SPs, all hot fixes

MS Essential Business Server 2008 Standard и Premium Edition, all SPs, all hot fixes

 

 

Before testing:

Enable system memory dump:

 

 

XP: http://support.kaspersky.com/general/dumps/6200

Vista: http://support.kaspersky.com/general/dumps/2142

Win7: http://support.kaspersky.com/general/dumps/7989

Win8+: http://support.kaspersky.com/general/dumps/10659

 

 

Test file:

Test Eicar is available here http://www.eicar.org/download/eicar.com

 

Attention to:

 

Tool hangs during scan

Tool or any application crashes during scan

OS failure (BSOD)

 

 

Test plan:

 

1. Manual mode:

 

Run the utility on any operating system from the list above (can be run from external drives and cd-rom) - the language is selected automatically

Agree with License Agreement (otherwise, the utility will not run)

Agree or disagree with KSN agreement

Copy eicar.com in the startup folder or any other folder from the list of the scan area in the utility (eg C: \ test)

Start scanning. Please note that the default scan scope does not include all possible folders. By default, there are included the so-called Startup objects (eg, files placed in C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup) , system memory and boot sectors

If detect occures, select the recommended action in the Alert or agree with the procedure of Advanced disinfection, if both the alert appears. (note that after the procedure of Advanced disinfection, the OS will be automatically rebooted for completing operation without additional notifications)

After treatment, check that the test sample was removed from the test folder

Pay attention to the functional "quarantine" – original version of any file than was changed can be extracted from the quarantine.

 

2. Automatic mode

 

You can start tool from CMD using these parameters:

 

-silent – scan in auto mode (default scope). In traces: Scan started Mode: Auto; AD disallowed;

-silent –adinsilent – scan in auto mode with automatical Advanced disinfection (if it is needed) – OS will be rebooted. In traces: Scan started Mode: Auto; AD allowed;

-freboot – reboot OS and start utility in advanced mode (for advanced mechanisms of scanning)

-d - path to KVRT data directory (by default it is %SystemDrive%:\KVRT_DATA)

 

Scan scope in automatic mode is default one

 

3. Сompatibility:

Try to perform start and scan on machine where other KL's products or anti-virus solutions third manufacturers are installed

 

4. Run KVRT from external devices:

Try to start and use KVRT located on external or(and) flash drives or(and) optical media

 

5. Test with real malware

Optionally you can test detects with real malware (put it, for example, to C:\test)

 

As the report:

Please collect traces, dumps, system information and steps to reproduce

 

If “it works!” - write too. Thanks for any information!

Share this post


Link to post

Windows 7 Enterprise x86 - VMWare system

AVPTools 15.0.11.1

It works well on my system, successfully disinfects the threats in the Startup folders

I will test again on the real machine, and then will report about the result

:)

Regards

Edited by Ngọc VN

Share this post


Link to post

W8.1 Ent. x86 + KES10 10.2.10294SP1 beta (not connected to KSC10SP1).

 

Tested Steps:

 

* 1: Tried with KES10SP1, but had to disable protection on it, because It picked up the samples & EICAR test file and quarantined them. Tried to Restore some samples from Quarantine and worked ok...

 

* 3: KES10SP1 beta.

 

* 4: KVRT 2015beta was run from a pendrive.

 

* 5: I added to C:\Test some real malware, that were detected (adding that folder to the scope).

 

This scan did not deleted eicar.com in StartUp folder, just finished KVRT showing 1 threat not processed... I selected: All to Quarantine. AD was not inicitated... so strange. I ran again the analysis and this time it picked it and Ad was initiated.

 

I see no Settings to tweak level security...

 

post-5997-1412351758_thumb.png post-5997-1412351765_thumb.png post-5997-1412351774_thumb.png

 

post-5997-1412351809_thumb.png post-5997-1412351828_thumb.png post-5997-1412351835_thumb.png

 

Regards.

Edited by harlan4096

Share this post


Link to post

I've deleted folder C:\test and KVRT 2015 15.0.11.1 cannot restore file that was placed in that folder. It should offer dialog where to save file.

post-258618-1412445464_thumb.png

Edited by Sass Drake

Share this post


Link to post

PC Test (see signature) + KVRT 2015 15.0.12.0 + KIS2015 MR2 15.0.2.205 (Protection Paused).

 

KVRT 2015 15.0.12.0 ran from external pendrive.

 

post-5997-1414484793_thumb.png post-5997-1414484801_thumb.png

 

post-5997-1414484812_thumb.png post-5997-1414484820_thumb.png

 

Added: after 4 hours or so of full scan in the final phase to delete/cure the system, the program crashed...

 

post-5997-1414501551_thumb.png

 

Dumps: ftp://harlan4096@data8.kaspersky-labs.com/KVRT_Data.rar

 

Regards.

Edited by harlan4096

Share this post


Link to post

Testing System 1(see signature) + KVRT 2015 15.0.40.0 + KIS2015 MR2 15.0.2.274 (Protection Paused).

 

It was working fine until almost at the end of the Cure scanning (after rebooting my system from AD):

 

post-5997-1416581131_thumb.png post-5997-1416581145_thumb.png

 

post-5997-1416581167_thumb.png post-5997-1416581174_thumb.png

 

post-5997-1416581202_thumb.png

 

Then the program crashed again:

 

post-5997-1416581393_thumb.png post-5997-1416581399_thumb.png

 

Dumps & logs: https://dl.dropboxusercontent.com/u/2244637....0.14.0_Data.7z

 

Regards.

Edited by harlan4096

Share this post


Link to post

In the end, this time the new build was able to finish the Scan without a crash...

 

post-5997-1417433159_thumb.png post-5997-1417433166_thumb.png post-5997-1417433183_thumb.png

 

But there are some questions here:

 

1.- It didn't delete the 2 level compressed of test EICAR sample placed in Desktop and in System Start folder:

 

post-5997-1417433191_thumb.png post-5997-1417433297_thumb.png

 

2.- When the full system scan finished (after Cure process), it did show me this final window to process the threats (only 9 treats):

 

post-5997-1417433176_thumb.png

 

But if We see in the final Report:

 

post-5997-1417433306_thumb.png

 

post-5997-1417433314_thumb.png

 

How can We explain that???? :blink: The number of "theoretical threats" are quite different... and They weren't shown to delete/cure/skip neither were deleted, and They are not in Quarantine... so during the Scan there were some many detections and in the final window to take decisions about threats are shown only a few... false positives? or?

 

Regards.

Edited by harlan4096

Share this post


Link to post
New version is available here.

 

Changes: bugfix + some improvements

No bugs or crashes on Windows XP SP3 with installed KIS 15. KVRT was started on already infected system - no problems with installation and operation of the tool. The threats was successfully deleted in AD mode. Additional threats (not active) was successfully neutralized in the scan process after computer restart.

Share this post


Link to post
How can We explain that???? :blink: The number of "theoretical threats" are quite different... and They weren't shown to delete/cure/skip neither were deleted, and They are not in Quarantine... so during the Scan there were some many detections and in the final window to take decisions about threats are shown only a few... false positives? or?

 

It's bug. Will be fixed in upcoming build.

 

Share this post


Link to post

New build avaliable. Version 15.0.16.0.

 

It's release candidate, traces disabled by default. For tracing please run tool with "-trace" command line parameter.

Share this post


Link to post

New build avaliable. Version 15.0.18.0.

 

It's release candidate, traces disabled by default. For tracing please run tool with "-trace" command line parameter.

Share this post


Link to post

W8.1 Pro x64 + KIS2015mr2 .361 RC (Protection temporally disabled).

The scanning and cure process were faster than previous builds! no problems so far! all EICAR Test files were removed even the compressed files in Start Folder! great work! :bravo:

post-5997-1419589877_thumb.png

post-5997-1419589882_thumb.png

post-5997-1419589889_thumb.png

post-5997-1419589895_thumb.png

Edited by harlan4096

Share this post


Link to post
The scanning and cure process were faster than previous builds! no problems so far! all EICAR Test files were removed even the compressed files in Start Folder! great work! :bravo:

Thx. :rolleyes:

Share this post


Link to post

Kaspersky Virus Removal Tool 2015, build 15.0.19.0 + System Test (see signature).

 

In general scanning was fast, as in previous build...

 

post-5997-1421668538_thumb.png post-5997-1421668543_thumb.png post-5997-1421668549_thumb.png post-5997-1421668555_thumb.png

 

But I'm very disappointed with this build because it didn't detected/cure/delete 2 level compressed EICAR sample eicarcom2.zip from 3 places: from my Desktop, from C:\test and from Windows Start folder:

 

post-5997-1421668564_thumb.png post-5997-1421668571_thumb.png

 

Previous build did it!

Edited by harlan4096

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.