Jump to content
Kaspersky Support Forum

oleg12121212

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Posts posted by oleg12121212

    PDM:Exploit.Win32.Generic.nblk false positive? rvc software

    in Virus and Ransomware related questions

    Posted · Edited by oleg12121212

    RE: Kaspersky Anti-virus Lab replies to your request [VD3] [FILE:2] [LN:EN] [KL-2184162]

     
     
    Kaspersky AntiVirus Lab
    Сегодня, 12:16
    Кому:вам
     
     
    Hello,

    This is a false positive of the PDM module.
    Detection will disappear within 24 hours.

    Best regards, Alexey Safonov, Malware Analyst, Kaspersky Lab
    39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
    https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names
    • Like 2

    PDM:Exploit.Win32.Generic.nblk false positive? rvc software

    in Virus and Ransomware related questions

    Posted

    7 минут назад, Schulte сказал:

    Hello @oleg12121212,

    'PDM...' indicates that the detection is done at runtime.

    KOTIP cannot know if and with which other programs or drivers the program interacts on your computer.
    Therefore only the support can help after receiving the relevant logs:
    https://support.kaspersky.com/us/common/diagnostics/15898

    i will read it how to do it

    and submit as well

    PDM:Exploit.Win32.Generic.nblk false positive? rvc software

    in Virus and Ransomware related questions

    Posted

    5 минут назад, nexon сказал:

    @oleg12121212 when you upload program to virustotal? How is result? 

    https://www.virustotal.com/gui/file/a9adf005997de92964247070271ec2ddfbf8a068b5fcc2466c677183ef234ad2?nocache=1

    2/71 security vendors and no sandboxes flagged this file as malicious 
    Creation Time
2024-03-05 14:10:33 UTC 
First Seen In The Wild
2024-03-05 23:10:34 UTC 
First Submission
2024-03-05 17:40:18 UTC 
Last Submission
2024-04-08 21:48:48 UTC 
Last Analysis
2024-04-08 21:48:55 UTC

     

    PDM:Exploit.Win32.Generic.nblk false positive? rvc software

    in Virus and Ransomware related questions

    Posted 

    Event: Object deleted
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe

     

     

      

    Event: Process terminated
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Terminated
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: C:\MMVCServerSIO18a
Object name: MMVCServerSIO.exe

      

    Event: Malicious object detected
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Reason: Databases
Databases release date: Today, 4/8/2024 6:31:00 PM
    Event: Blocked
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Exploit.Win32.Generic
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Databases release date: Today, 4/8/2024 6:31:00 PM

     

    todays reports

    PDM:Exploit.Win32.Generic.nblk false positive? rvc software

    in Virus and Ransomware related questions

    Posted · Edited by Berny

    1. Windows 10 Pro 19045.4170
    2. Kaspersky total security with official subscription

    3. hello

      im using this software called realtime voice changer

      https : //github.com/w-okada/voice-changer/blob/master/README_en.md

      old version 1.5.3.17b is working alright without any notifications from KTS

      today i tried to install and run latest version which is 1.5.3.18a

      and KTS gives me notification says its trojan 

      Event: Process terminated
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Terminated
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
      Event: Malicious object detected
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Reason: Databases
Databases release date: Today, 4/8/2024 6:31:00 PM

      is it false positive?

      i have downloaded latest version here https : //huggingface.co/wok000/vcclient000/blob/main/MMVCServerSIO_win_onnxgpu-cuda_v.1.5.3.18a.zip

     

     

     

     

    1. UwSbm6B.png
×
×
  • Create New...