Jump to content
RJSandoval

Critical event: Probably infected object detected [In progress]

Recommended Posts

Event Probably infected object detected happened on computer xxxxxxxxx in the domain xxxxxxxx on xxxxxxx, xxxxxxxxx xxxxxxxxx, 2016 11:20:48 AM (GMT-08:00)

Result: Detected: not-a-virus:WebToolbar.Win32.Asparnet.gen

User: xxxxxxxxxxxx (Initiator)

Object: C:\users\xxxxxxxxxx\downloads\OffercastInstaller_AVR_U-0113-01-P_ (1).exe/#

 

I had received this message after retrieving a download, I see this may be a IE tool bar installer.

Could be be an object embedded in a previous download? I do not even see this file in the folder.

 

 

Share this post


Link to post

Good Morning - We use Kaspersky AV on our Internet proxy's

This morning when one of our users was prompted for a java update, he clicked on the link and we were then notified the following from the Kaspersky

 

2016-09-27 13:11:11+00:00UTC

ProxyAV (Version 3.5.2.2(150513)) - http://www.BlueCoat.com/

Antivirus Vendor: Kaspersky Labs

Scan Engine Version: 8.1.8.79

Pattern File Version: 160927.074400.7877407 (Timestamp: 2016.09.27 07:44:00)

Server: 23.77.189.152

Protocol: ICAP

Virus/PUS: "not-a-virus:WebToolbar.Win32.Asparnet.gen" found!

URL: hxxps://javadl-esd-secure.oracle.com/update/1.8.0/sp-1.8.0_101-b13/java_sp.dll

 

The server IP comes back to e5486.g.akamaiedge.net out of Cambridge Massachusetts.

 

The download was blocked but I think the concern is we have malware on our workstations or the SAN where the java update is located is infected....

 

Share this post


Link to post

Hi,

 

If you do have any concerns you have any malicious object you have to run full scan task to find any known malware if any exist.

Moreover, any file is scanned if system accesses it.

 

Thank you!

Share this post


Link to post
Hi,

 

If you do have any concerns you have any malicious object you have to run full scan task to find any known malware if any exist.

Moreover, any file is scanned if system accesses it.

 

Thank you!

 

 

Nikolay - is this a false positive or indeed malicious threat detected?

Share this post


Link to post

Did you have any success with this? We are having the same issue with Kaspersky Windows application reporting that it detects "not-a-virus:WebToolbar.Win32.Asparnet.gen" on about 5-6 workstation after Java was updated? Any ideas?

 

Thanks

Share this post


Link to post
Hi,

 

Could you please provide us a screenshot of a popup?

 

BR

 

The original error was Kaspersky detecting the virus and removing it. Now we're getting disinfection impossible. This is same across all machines that installed java.

post-407837-1475657481_thumb.png

post-407837-1475657550_thumb.png

Share this post


Link to post
Is it possible to access this file manually?

 

Thank you!

 

 

The malware is quarantined by Kaspersky and longer exist in the location specified. I've attached a screen shot of a a computer that is reporting the disinfection impossible message. This is the message of the dis-infection impossible details:

 

Event name Disinfection impossible

Severity: Critical event

Application: Kaspersky Endpoint Security 10 for Windows

Version number: 10.1.0.867

Task name: Protection

Computer: TBH00432

Group: Clients

Time: 05 October 2016 15:00:03

Virtual Server name:

Description: Result: Untreated

Object: Unknown application

 

 

 

post-407837-1475685772_thumb.png

Share this post


Link to post

Thank you for that info!

 

For further investigation please provide us with KES traces while such an untreated object detected.

 

Thank you!

Share this post


Link to post
Thank you for that info!

 

For further investigation please provide us with KES traces while such an untreated object detected.

 

Thank you!

 

I have the trace file, how do you want me to send it to you?

Share this post


Link to post
You can use any filesharing resource to upload your data and provide us with a link.

 

Thank you!

 

Is there a way to transfer it privately. The log file has information to identify the company so i dont want to share publicy. We use office 365 so cant transfer it via onedrive if you have a email address?

 

 

Thanks

Share this post


Link to post

Is there a solution available for the problem that with manual installation of JAVA we Always get : not-a-virus:WebToolbar.Win32.Asparnet.gen ?

Share this post


Link to post
Is there a solution available for the problem that with manual installation of JAVA we Always get : not-a-virus:WebToolbar.Win32.Asparnet.gen ?

 

Hello,

 

please attach a screenshot of KES interface on tab Support.

You can create an incident in CA and attach a suspicious file in an archive with password "infected".

Thank you.

Share this post


Link to post
Is there a solution available for the problem that with manual installation of JAVA we Always get : not-a-virus:WebToolbar.Win32.Asparnet.gen ?

 

THANK YOU - we're getting the issue as well. Also - I can see a file sitting in quarantine under C:\ProgramData\Kaspersky Lab\Kaspersky Security for Windows Server\10.0\Quarantine but there's no GUI for me to clean it out. I've looked in Security Center as well and I don't see a way of purging the Quarantine on Security 10 for Windows Server.

 

 

Share this post


Link to post
THANK YOU - we're getting the issue as well. Also - I can see a file sitting in quarantine under C:\ProgramData\Kaspersky Lab\Kaspersky Security for Windows Server\10.0\Quarantine but there's no GUI for me to clean it out. I've looked in Security Center as well and I don't see a way of purging the Quarantine on Security 10 for Windows Server.

 

Well, I just found out how to install Kaspersky Security Console to remotely administer my servers. Why that's not a part of Kaspersky Security Center....

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.