Jump to content
mastermind007

utils\wipe.exe detected as PDM:Trojan.Win32.Generic

Recommended Posts

Hello

 

I installed Kaspersky for the first time in my life three days ago

 

I have one utility application that does secure deletion of files from Command line window which I have been using for many many years and have included it in 100s of my batch files.

 

After I installed Kaspersky and ran a scan, Kaspersky reported my utility application as "potential malware", I went into settings and added the utility application name with full path into its exclusion list

 

By the time, I did this step Kaspersky had deleted the file and I simply asked it to be restored which was done.

 

But the problem did not just end there!!!! and therefore provide me a reason to place this post.

 

I am sending this post currently to report that Kaspersky has once again deleted the utility application and this time it is not even showing up on restore list.

 

Even after it was added to exclusion, Kaspersky does not allow the utility application to run properly. Every time I execute it, Kaspersky interferes and

process-kills the utility application. Finally, I had to disable Kaspersky to let the utility application run to completion.

 

Similar problem was also encountered for another remote administration software Ammy Admin except that it was never deleted from its location. but the only

way to run the Ammy Admin is to disable the Antivirus (which kind of defeats the purpose of having anti virus)

 

edit: original topic title: Extremely Urgent

Edited by richbuff
provide utile topic title.

Share this post


Link to post

I went through the Detailed Report and found following notation.

 

11.07.2016 20.43.44;Malicious program deleted;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:44

11.07.2016 20.43.43;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:43

11.07.2016 20.43.34;Malicious program deleted;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:34

11.07.2016 20.43.34;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:34

11.07.2016 20.43.20;Malicious program deleted;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:20

11.07.2016 20.42.31;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:42:31

 

Share this post


Link to post

This verdict is due to the nature of the application behaving like a typical malware.

 

>>11.07.2016 20.43.43;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:43

You can configure a "Verdict" exclusion by folder and file in TrustedZone settings. And specify verbatim "PDM:Trojan.Win32.Generic" when you set it.

 

>>Ammy Admin except that it was never deleted from its location

Add it to Trusted Zone and exclude it from Application Activity Monitor / might be also called Proactive Defense.

If its a Virus detection please send a sample to the KL Virus Lab via https://newvirus.kaspersky.com

Edited by Whizard

Share this post


Link to post
This verdict is due to the nature of the application behaving like a typical malware.

 

>>11.07.2016 20.43.43;Malicious program detected;PDM:Trojan.Win32.Generic;C:\utils\wipe.exe;c:\utils\wipe.exe;07/11/2016 20:43:43

You can configure a "Verdict" exclusion by folder and file in TrustedZone settings. And specify verbatim "PDM:Trojan.Win32.Generic" when you set it.

 

>>Ammy Admin except that it was never deleted from its location

Add it to Trusted Zone and exclude it from Application Activity Monitor / might be also called Proactive Defense.

If its a Virus detection please send a sample to the KL Virus Lab via https://newvirus.kaspersky.com

 

Thank you Whizard for quick reply.

 

Your answer offers some sense of relief but I am still battling with the terminology used.

 

What is verdict exclusion. Where is TrustedZone settings? In short, I understand what you are saying but need some hint on how to navigate through the software.

Also, I am unable to find where my wipe.exe is. It is not in quarantine and not hidden anywhere. It has simply vanished from the PC!

Share this post


Link to post

I believe a PDM:Trojan.Win32.Generic verdict is classified as a Red Alert. Unfortunately, its not possible to exclude those.

Please send a sample of this software executable to https://newvirus.kaspersky.com for an analysis and say that PDM also flags it.

Share this post


Link to post
I believe a PDM:Trojan.Win32.Generic verdict is classified as a Red Alert. Unfortunately, its not possible to exclude those.

Please send a sample of this software executable to https://newvirus.kaspersky.com for an analysis and say that PDM also flags it.

 

Whizard

 

I have attached the zip file that contains the executable. I have been using this application 2002 or 2003 and it would be interesting to see if original was infected or the copy I was recently running (and got caught by kaspersky) was compromised.

 

wipe.zip

Share this post


Link to post

This is an educated guess only but since the detection is behavioral vs signatures (PDM:Trojan.Win32.Generic), the file is probably clean itself. The issue here is that you are not able to add red alerts to exclusion by design. I have sent the file to VirusLab for an analysis, as only they can mute this detection unfortunately. Now, this is not a bug if the program is behaving in a strange manner it will be flagged. This is done by design, because sometimes its not possible to cover all possible malware threats with rapid signature releases. Therefore, KIS/KAV rely on multi-layer approach technologies to keep the users safe.

Edited by Whizard

Share this post


Link to post

Its a behavioral detection NOT a virus. The program behaves in an abnormal way which triggers a Proactive Defense module.

KL Virus Lab is only one who can fix that.

Share this post


Link to post
Its a behavioral detection NOT a virus. The program behaves in an abnormal way which triggers a Proactive Defense module.

KL Virus Lab is only one who can fix that.

It's correct. Thanks for the clarification.

 

 

Share this post


Link to post
KLAN-4672643403 for this submission.

 

 

Kindly educate me on how to tell Kaspersky to make exception to this file on my machine. I have added entire folder into exclusion but still this file was flagged.

 

I am not arguing with the whatever-rationale-Kapper-has behind flagging it but lot of my scripting code depends on this.

 

Today I've added it as trusted application and was able to run the file without disabling kasper.

Share this post


Link to post
Kindly educate me on how to tell Kaspersky to make exception to this file on my machine. I have added entire folder into exclusion but still this file was flagged.

 

I am not arguing with the whatever-rationale-Kapper-has behind flagging it but lot of my scripting code depends on this.

 

Today I've added it as trusted application and was able to run the file without disabling kasper.

 

Hello

 

Re-bumping the question again!!

 

I want to be able to add the above file as exception on my machine as I want to continue using it. If Kaspersky cannot allow that, I will rather uninstall kaspersky and look for any other antivirus rather than put up with this headache.

 

No anti-virus company should be able to unilaterally define any other decent software as Virus or malware with complete disregard to individual customer's preferences.

Share this post


Link to post

Which version of Kaspersky are you using, build number?

You can set an exclusion rule in Settings>additional>threats and exclusions>manage exclusions:

post-28882-1468926569_thumb.png

 

Or configure Kaspersky in interactive mode, Settings>uncheck perform recommended actions automatically so you'll get a prompt where you can exclude the application:

post-28882-1468926799_thumb.png

 

You might want to exclude the .cmd in the same manner just in case.

Edited by 3x0gR13N

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.