Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by Wesly.Zhang

  1. On 7/20/2022 at 9:37 PM, rufford155 said:

    Don't see why KIS doesn't like it - but see my next post.

    MINITOOL 5 .png


    I have checked this installation file about its digital signature.


    Do you uncheck the KL application control settings : trusted digitally signed application? By default, I can not encounter this issue.

    It is not a self-signed digital verification. I change my previous idea. This file is signed by Sectigo.

    As for why Kaspersky does not trust the sectigo certificate authority, this reason requires Kaspersky to confirm the reason.



    • Like 1
  2. 你好!





    Kaspersky 应用程序的名称和版本号(如何查找 Kaspersky 应用程序的名称和版本号)。





  3. Hello,请查看该帖:https://support.kaspersky.com/common/error/installation/14829

    如果你有使用 VMware Workstation, VMware Player, Cisco AnyConnect, NPF (WinPcap) 这类软件,由于系统 NDIS 过滤器注册超限导致卡巴斯基的 NDIS 驱动无法注册,请移除有关程序后重启计算机在安装。

    此外,请运行系统 windows update 来更新,这个更新是用来后台刷新系统根目录可信任数字证书,一些新的数字证书签名的驱动程序的根数字证书需要更新来保证系统允许它们安装。

    • Thanks 1
  4. 1 hour ago, T,X said:

    So, that's maybe the reason why it's not detected as a virus.

    Hello, @T,X

    Programs that change your mbr are not necessarily malicious programs, such as disk programs such as diskgenius. Why do you say it changes the mbr information? The key is to see what happens after changing the mbr information, locking the system and ransome you, because changing the mbr information is used to do this kind of malicious behavior. I believe this program does not have this behavior. I think this program set the boot item for you. not use mbr section.

    Just edit the boot.ini file in driver C root folder.


  5. Hello, @T,X

    Do you really don't know what is "DriveTheLife" in china ? If you want to restore the mbr information to default, Please use this system command which only available in windows 7, but you should backup the disk first and execute this command :

    fdisk /mbr

    Usually this command will not lead to lose disk data, but we are afraid of losing data in case.


    • Like 2
  6. Hello, @request

    请注意这个 Gulpix 类的恶意黑客工具,它会使用未经授权的访问并控制计算机。请问你系统内除了使用卡巴斯基产品外,是否还有其他安全软件在运行?通常一些安全软件会使用相同的技术来控制监控计算机。此时卡巴斯基产品可能会发生误报或者并非误报,具体要了解一些系统环境。

  7. Hello, @Mana


    Task Scheduler(计划任务服务) *---* \Task Scheduler(计划任务服务) *---* C:\ProgramData\data\upx.exe *---*  *---* 启用 *---* Alexander Roshal

    USB3MON *---* \USB3MON *---* C:\ProgramData\Program\iusb3mon.exe *---*  *---* 启用 *---* 文件不存在

    Windows Audio Endpoint Builder(系统音频服务) *---* \Windows Audio Endpoint Builder(系统音频服务) *---* C:\ProgramData\data\upx.exe *---*  *---* 启用 *---* Alexander Roshal

    以上有两个 计划任务 对象可能涉及到你这个问题,一个是你已经提到的 iusb3mon.exe,另一个 upx.exe 相当可疑,其使用不同名称注册计划任务,请将 C:\ProgramData\data\upx.exe 这个文件提交到 opentip.kaspersky.com 平台,无论结果如何,请选择 re-anylse 重新分析,留下你的电子邮箱,说明可能为恶意程序。也可以将这个文件打包加解压密码 infected 发送到 china-support at kaspersky.com 并详细说明你的这个问题可能与这个文件有关。

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.