Jump to content

Wesly.Zhang

Moderators
  • Posts

    1772
  • Joined

  • Last visited

Posts posted by Wesly.Zhang

  1. On 7/20/2022 at 9:37 PM, rufford155 said:

    Don't see why KIS doesn't like it - but see my next post.

    MINITOOL 5 .png

    Hello,

    I have checked this installation file about its digital signature.

    797929102_2022-07-2122-15-44.png.d5ebdc4086ea1b65dacf516083793c63.png

    Do you uncheck the KL application control settings : trusted digitally signed application? By default, I can not encounter this issue.

    It is not a self-signed digital verification. I change my previous idea. This file is signed by Sectigo.

    As for why Kaspersky does not trust the sectigo certificate authority, this reason requires Kaspersky to confirm the reason.

    Regards.

     

    • Like 1
  2. 你好!

    如果您在卡巴斯基技术支持的知识库中或者通过搜索社区论坛后找不到你所遇到的问题的答案或解决方案,您可以创建一个带有你遇到的问题的新主题。

    在卡巴斯基支持论坛中发布新主题之前,请阅读社区规则

    在创建主题时,请务必指定:

    您的操作系统的版本(如何找到您的操作系统的版本)。

    Kaspersky 应用程序的名称和版本号(如何查找 Kaspersky 应用程序的名称和版本号)。

    详细解释您的问题的性质。

    如有必要,附上问题的屏幕截图(如何截取屏幕截图)。

    这将有助于其他人理解你所遇到的问题的原因,更快地发现问题所在并为您提供解决方案。

    谢谢。

  3. Hello,请查看该帖:https://support.kaspersky.com/common/error/installation/14829

    如果你有使用 VMware Workstation, VMware Player, Cisco AnyConnect, NPF (WinPcap) 这类软件,由于系统 NDIS 过滤器注册超限导致卡巴斯基的 NDIS 驱动无法注册,请移除有关程序后重启计算机在安装。

    此外,请运行系统 windows update 来更新,这个更新是用来后台刷新系统根目录可信任数字证书,一些新的数字证书签名的驱动程序的根数字证书需要更新来保证系统允许它们安装。

    • Thanks 1
  4. 1 hour ago, T,X said:

    So, that's maybe the reason why it's not detected as a virus.

    Hello, @T,X

    Programs that change your mbr are not necessarily malicious programs, such as disk programs such as diskgenius. Why do you say it changes the mbr information? The key is to see what happens after changing the mbr information, locking the system and ransome you, because changing the mbr information is used to do this kind of malicious behavior. I believe this program does not have this behavior. I think this program set the boot item for you. not use mbr section.

    Just edit the boot.ini file in driver C root folder.

    Regards.

  5. Hello, @T,X

    Do you really don't know what is "DriveTheLife" in china ? If you want to restore the mbr information to default, Please use this system command which only available in windows 7, but you should backup the disk first and execute this command :

    fdisk /mbr

    Usually this command will not lead to lose disk data, but we are afraid of losing data in case.

    Regards.

    • Like 2
  6. Hello, @request

    请注意这个 Gulpix 类的恶意黑客工具,它会使用未经授权的访问并控制计算机。请问你系统内除了使用卡巴斯基产品外,是否还有其他安全软件在运行?通常一些安全软件会使用相同的技术来控制监控计算机。此时卡巴斯基产品可能会发生误报或者并非误报,具体要了解一些系统环境。

  7. Hello, @Mana

    根据你所提交的报告,初步分析发现。

    Task Scheduler(计划任务服务) *---* \Task Scheduler(计划任务服务) *---* C:\ProgramData\data\upx.exe *---*  *---* 启用 *---* Alexander Roshal

    USB3MON *---* \USB3MON *---* C:\ProgramData\Program\iusb3mon.exe *---*  *---* 启用 *---* 文件不存在

    Windows Audio Endpoint Builder(系统音频服务) *---* \Windows Audio Endpoint Builder(系统音频服务) *---* C:\ProgramData\data\upx.exe *---*  *---* 启用 *---* Alexander Roshal

    以上有两个 计划任务 对象可能涉及到你这个问题,一个是你已经提到的 iusb3mon.exe,另一个 upx.exe 相当可疑,其使用不同名称注册计划任务,请将 C:\ProgramData\data\upx.exe 这个文件提交到 opentip.kaspersky.com 平台,无论结果如何,请选择 re-anylse 重新分析,留下你的电子邮箱,说明可能为恶意程序。也可以将这个文件打包加解压密码 infected 发送到 china-support at kaspersky.com 并详细说明你的这个问题可能与这个文件有关。

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.