Jump to content
  • Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
Aitam

Regedit.exe infection

Recommended Posts

Aitam   

That would be a lesson to me, never to shut down Kaspersky!

I have no idea how, but all Regedit.exe on my computer got infected with Trojan.Win32.Pakes.x3 , that is, on following locations:

 

C:\WINDOWS

C:\WINDOWS\system32\dllcache

D:\XP_SP2\I386

 

The last being a copy of windows I keep if it ever wants to install some extra drivers of something...

 

I don't know what this trojan do, but it did make my regedit.exe grow from 134,144 bytes to 146,432 bytes.

Share this post


Link to post
Share on other sites
Aitam   

That is odd... Why then on my non-SP2 CD it is smaller? Was it updated?

Anycase, good thing the larger version is still on Kaspersky's Backup...

 

hello

it's a false alarm, don't worry, the 146,432 bytes regedit is clean and has a md5 hash of 783AFC80383C176B22DBF8333343992D for the english version

 

The false alarm will be rectified in the next updates.

385234[/snapback]

 

Share this post


Link to post
Share on other sites
G4nj4   

I got rid of my regedit cause of this false alarm and I also told kaspersky to delete the backup.Doh shoulda came here first.

Where can I get another one for XP home with SP2?

Google?

Share this post


Link to post
Share on other sites
Aitam   

I sent it to you as privet message... Just remember to update Kaspersky again so wouldn't recognize it as threat again. Hope you'll get it! smile.gif

 

I got rid of my regedit cause of this false alarm and I also told kaspersky to delete the backup.Doh shoulda came here first.

Where can I get another one for XP home with SP2?

Google?

385322[/snapback]

 

Share this post


Link to post
Share on other sites

So is there a chance Kaspersky will restore my auto-deleted regedit.exe on my 3 computers it deleted it from?

 

It's sort of a critical utility...

 

Maybe I should turn off delete on infection, or delete on failed disinfection? The default I think was disinfect, delete if fail. What happens when there is a false positive of ntoskrnl.exe? I would hate to be in those shoes if that were ever to happen. Maybe a little more testing before pushing out those updates guys...

 

Not that it probably matters, but it's important to me:

 

I'm one of the only people in my org that believes in Kaspersky - we switched form McAfee this summer amidst much animosity to change and the possible issues that could come from it. This has not helped me in my efforts to show my team that Kaspersky was the right choice. Just my .02

Edited by joel.gibby

Share this post


Link to post
Share on other sites
Baz^^   
I'm one of the only people in my org that believes in Kaspersky - we switched form McAfee this summer amidst much animosity to change and the possible issues that could come from it. This has not helped me in my efforts to show my team that Kaspersky was the right choice. Just my .02

389481[/snapback]

 

 

Count yourself lucky: http://news.zdnet.com/2100-1009_22-6186271.html

 

 

FP's happen- it is unavoidable, and Kaspersky has one of the lowest FP rates around.

Share this post


Link to post
Share on other sites
gunshot1   
I sent it to you as privet message... Just remember to update Kaspersky again so wouldn't recognize it as threat again. Hope you'll get it! smile.gif

385331[/snapback]

 

 

Can you send me the same file (regedit.exe for Windows XP Home Edition SP2). The exact same thing happened to me. I also deleted a few other files due to the same virus flags. Geez! Also could someone tell the file location to save the file? Thanks! wink.gif

Share this post


Link to post
Share on other sites
Can you send me the same file (regedit.exe for Windows XP Home Edition SP2).  The exact same thing happened to me.  I also deleted a few other files due to the same virus flags.  Geez!  Also could someone tell the file location to save the file?  Thanks! wink.gif

397661[/snapback]

Did you also delete it from backup in Kaspersky?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×