Search the Community

样本链接 https://karlcx.lanzoum.com/iZfXF19004je 密码:cbb5 威胁情报门户分析结果 https://opentip.kaspersky.com/1ab497dfed7f15b440728054b0a1a65d48d5d65bea04b67b522c26292ca52f70/results

Hello dear Kaspersky team, I am from D5 Render, which is a 3D visualization renderer program. We got a problem with Kaspersky antivirus, and now we sincerely ask for your help. Many of our users said Kaspersky blocks or deletes our file because it was considered as trojan..Please see file attached. In fact, it is not any trojan, and I put the file into OpenTip, the result is OK as well. So we hope you can help us solve the problem, like solving the false positive, or point out whether the file has problems. Best Regards, Oliver

Несколько лет разными версиями Касперского (в данном случае Standart под Windows 11) BTDEX детектируется по-очереди либо как DangerousObject.Multi.Generic либо как Trojan.Win32.Injuke (реагирует на signum-plotter внутри), т.е. антивирус даже не может определиться, что это. А это криптокошелек монеты Signa с возможностями майнинга на HDD. Не троян и не вирус. Исходники здесь: https://github.com/btdex/btdex/releases/tag/v0.6.7

I'm having problems accessing the website of the French National Library (gallica.bnf.fr) and it's only because of Kaspersky (I can access it from my smartphone or ipad). OS - Windows 10 Pro - 22h2 Kaspersky - Kaspersky Total Security 21.3.10.391 (k)

hi, can you help me? My government has a web application called efaktur, but Kaspersky always blocks me when I want to access the site and download the certificate for the app. Can you help me how to allow this site efaktur.pajak.go.id:8443/pkp/ Because I have to disable Kaspersky first to access this site and this can make my pc infected with virus Thanks

Dear Kaspersky Team, Our website has been mistakenly flagged as a phishing site. We've conducted an exhaustive check and confirmed no presence of malware. We assure you our site doesn't impersonate any other entity. We kindly request an urgent re-evaluation of this status. The false flagging has started to affect our customer trust. Thank you for your prompt attention. Best Regards, Jeremie I

Hello, I hope this message finds you well. I am writing to bring to your attention a false positive detection issue concerning my website. It has come to my attention that your antivirus engine is flagging my website as phishing, despite thoroughly cleaning it and ensuring its security. I want to emphasize that I have taken all necessary measures to remove any traces of malware or malicious code from my website. After detecting the security breach, I completely rebuilt the website from scratch, leaving behind no remnants of the previous compromised version. Additionally, I have performed extensive malware scans using reputable tools and have implemented robust security measures to prevent any future attacks. However, despite these efforts, my website continues to receive a high detection score on VirusTotal and other security scanners. This false positive detection is adversely affecting the reputation and functionality of my website, causing inconvenience to my users and damaging my online presence. I kindly request your immediate attention and assistance in investigating this matter further. I would appreciate it if you could review the security status of my website and correct the false positive detection. Providing me with information about the specific detection and any steps I can take to rectify the situation would be greatly appreciated. VirusTotal Report Description of Steps Taken Deep scan the local computer and hosting and removed all unwanted junk before rebuilding the website. Remove the complete website and Rebuilt from scratch. Now the website doesn't contain a single thing from the old website. Protected my website with future attacks with correct systems. So still our website doesn't have any malicious things, Also we are not providing any free software, our main goal is to help Marketers by providing paid software for those who want to make their work automated. So we have a wide range of software for every type of marketer. I understand that you receive numerous requests, but I am confident that this false positive detection can be resolved with your expertise. Your prompt attention to this matter is crucial, as it directly impacts the reputation and operation of my website. Thank you in advance for your cooperation and understanding. I look forward to your positive response and a swift resolution.

Hi, So apparently despite the fact I'm (gasp) on the internet typing this on my Chromebook Kaspersky fails to update claiming I don't have internet access. I moved closer to the modem... ran still says no internet access. I restarted reran - still says I have no internet access I uninstalled tried to reinstall... and surprise surprise it claims I have no internet access. Well that's odd because I ran a speed test and guess what... I do have internet access. No I haven't reset the modem because I don't have access to it and multiple people use it so I'm NOT going to restart it for something like this. What is going on? Thanks Snhawna

Visual Studio 2019 ile C# çalışması yapıyorum,Çalışmamı bitirip debug yapıp uygulamayı çalıştırdığım zaman kaspersky kafayı yiyor uygulamada trojan var diyerek uygulamayı siliyor, dosya konumundaki herşeyi siliyor kısacası uygulamamamın çalışmasına izin vermiyor. Bunu düzeltmenin yolu nedir yardımcı olabilir misiniz?

Hi guys, We display a lot of images from different third-party web applications. Many of them use IPFS servers like CloudFlare IPFS (https://cf-ipfs.com/ipfs/) for their image hosting. When we display those images now on our system our members get from Kaspersky Total Security a warning for those images and they get blocked or not processed. The interesting thing is that the same image on ipfs.io dont creates any issue or warning. For some reason only IPFS files from Cloudflare cause the warning. Is there anything that we could do? I believe those warnings are false positives and we are talking only about images that are hosted on IPFS. Thank you for some more information in advance

在onekey官网下载钱包，卡巴拦截并显示风险。 地址：https://web.onekey-asset.com/app-monorepo/4.4.0/OneKey-Wallet-4.4.0-win-x64.exe 文件下载后运行，卡巴也会直接删除。 但是onekey钱包是知名的开源加密货币钱包，virustotal上显示其他杀软不报毒，请核对是否为误报。

Hola, que tal? Lo que me crucé hace unos días es que, a la hora de usar Bun (aquí el sitio oficial: Bun — A fast all-in-one JavaScript runtime), que es un motor de Javascript tal como Node, el antivirus lo detecta como un Trojan cuando en realidad no es así (sumado a que Bun está solamente disponible en WSL, Linux o Mac). ¿Hay alguna manera de analizar para ver si realmente es un elemento malicioso o simplemente debo agregar sus binarios a las exclusiones del antivirus? No solamente me pasó con Bun, si no instalando otras librerías y paquetes de Linux desde mi terminal WSL, así que tal vez pueda ser un problema más amplio. Gracias por su atención!

I got the same detection for VHO:Trojan-Spy.MSIL.Convagent.gen but for firefoxhelper.exe. Kaspersky Premium couldn´t fix it. The location is C:\Recovery\Customizations\usmt.ppkg//ICB\0\MachineSpecific\File\C$\Preload\APP\FIREFOX\callback\FirefoxHelper.exe but I didn´t found a recovery in including folder. I couldn´t find any suspicious processes and no active process for firefoxhelper.exe when Iooked into the task manager. Now I´m not sure if it is real trojan or a false positive. Windows 10 Home 10.0.19045 Build.

Olá bom dia. Gostaria de publicar no fórum um problema que estou tendo que a princípio conversei o suporte do Google, mas descobrimos que o problema pode estar no Anti-vírus Kapersky que pode estar interferindo na sincronização do Google Drive, pois este não reconhece o certificados de segurança oriundos do Google. Segue uma porção da conversa por e-mail que tive com suporte do Google: Então eles do suporte puderam reconhecer que o problema não deveria estar nas aplicações do Google. E até mesmo acessar o gmail.com.br tem uma notificação que me informa que o site não é confiavel. Infelizmente para sincronizar os arquivos com o Google Drive preciso desligar e sair da aplicação do Kapersky Total Security 21.3.10.391, pausar a aplicação não funciona. E depois de sincronizados abrir a aplicação novamente, o que eu acho que me deixa desprotegido e tenho arquivos muito importantes de trabalho no meu computador pessoal. Até perdi alguns documentos pois ao fechar o Google Drive sem sincronizar a documentação deletou alguns documentos muito importantes. Informo esse erro aqui no fórum para ajudar o Kapersky a ser um aplicativo melhor, gosto muito do produto e também espero resolver este problema.

Hello, I am new to hack and penetration testing and want to be assured that I am not downloading malicious files. For context, I am running Kali Linux in a VM and want to update Python. upon running the command └─$ sudo apt update && sudo apt upgrade -y I became very aware of numerous files blocked by Kaspersky that appear to be malicious, but in reality very well may just be tools that are used to perform Hack and Penetration Testing. Please reference the screenshot below. I also will paste my report if needed, but seeing as it contains minor personal information (name of PC and my username) I don't want to do that unless absolutely necessary. Thank you in advance for the help! -Ghost

Tengo un pequeño problema al intentar jugar valorant, cuando tengo activo KIS me bloquea el acceso al Cliente de Riot y me indica que es un sitio inseguro, aun cuando desactivo todo o le digo que quiero seguir conectado me bloquea el acceso al Cliente de riot

Instalei o teste do need for speed unbound em meu pc pelo EA APP e o NeedForSpeedUnboundTrial.exe estaria infectado PDM:Trojan.Win32.Generic https://www.virustotal.com/gui/file/a5f69a829d6b348d4bfff2976bdcd90b10305d1bf779a8da37f736a94d2a617a?nocache=1

Internet Security постоянно ругается на утилиту KMSPlus (не является вредоносной - активатор Офиса и Винды). Это раздражает, потому, что активация Офиса время от времени слетает (раз в год где-то) и её приходится восстанавливать, а KIS всё время пытается заблокировать KMS, пару раз даже удалял файл. Также время от времени происходят ложные срабатывания на анти-денуво патчи для игр, как раз убирающие из исполняемого файла вредоносный код "Denuvo".

Hello, I am learning C++ at the moment and I noticed something. Every time I compile my Program with MSVC and the following lines of code, I get a HEUR:Trojan-Spy.Win32.Stealer.gen detection. auto result = (10 <=> 20) > 0; std::cout << result << std::endl;

Hello, I have some PCs (Win 10) where Kaspersky Endpoint Security shows a notification that it is blocking a flash drive when there is nothing plugged in, hereunder the event message when the user clicks on the request access button, what could be the problem and what is the solution apart from disabling the notification.

Hello, Kaspersky is blocking a trojan when I try to access the following website : https : // lignemeuble . com/ And I can't access the website with computers that have Kaspersky installed. I can access the website on computer without Kapsersky, or if I disable Kaspersky. The problem could be replicated on an two different computers. Computer 1 : Windows 11 x64 build 22621 Kaspersky Internet Security version 21.3.10.391 (j) Microsoft Edge Computer 2 : Windows 10 Home x86 build 19044 Kaspersky Anti-Virus version 21.3.10.391 (j) Google Chrome See attached image "Computer 2 with extra info.png", to see the full Kaspersky message. Infected object : HEUR:Trojan-PSW.Script.Generic Is it a false positive ? If yes, can you fix the problem ? Thank you, mat123

Boa noite. fui anexar um txt do word no gmail e meu kaspersky bloqueou o upload dando a seguinte mensagem: Download negado;Google Chrome;chrome.exe;C:\Program Files\Google\Chrome\Application\chrome.exe;C:\Program Files\Google\Chrome\Application;13644;Usuário ativo;Bloqueado;Bloqueado;HEUR:Trojan.MSOffice.Badur.gena;Trojan;Alto;Exatamente;https://mail.google.com/_/upload?authuser=0&dcp=asu-n&upload_id=ADPycdvijMtFh1dQfErMGO84Ibi13FLz8-WN6ZpHSzqiwzEk2kPXOJ2BK-LwZ4jGpTJqXMCjTXPUkG0fwwDEMrnWR5YNtw&upload_protocol=resumable;upload?authuser=0&dcp=asu-n&upload_id=ADPycdvijMtFh1dQfErMGO84Ibi13FLz8-WN6ZpHSzqiwzEk2kPXOJ2BK-LwZ4jGpTJqXMCjTXPUkG0fwwDEMrnWR5YNtw&upload_protocol=resumable;https://mail.google.com/_;Arquivo;Análise especializada como resolver este problema nao sou da área?

Olá Boa tarde! Eu uso um programa local para criação de sites q mexe nos registros e nos arquivos hosts do windows o antivirus está bloqueando esse acesso e não permite q eu use meu programa, como faço pra colocar isso em uma lista de permissões, assim não consigo trabalhar e se continuar vou desinstalar. ele exibe essa tela de erro e não consigo acessar o site local aguardo e desde já agradeço!

Moin! Wir haben ein kleines Konfigurationsproblem: Domänennetzwerk mit Kas SC 13.2, auf den betreffenden WS ist 11.9 Endpoint Security installiert. Wenn diese Benutzer Überweisungen mit Profi Cash tätigen, bekommen diese am Ende einen Codebase Error von ProfiCash, weil Kaspersky den Hosts aus dem Netzwerk für 30 Minuten ausschließt. Ist auch soweit klar. (Die Benutzer starten dann ihren Rechner neu und sind wieder im Netzwerk). Kaspersky meint das wäre ein Verschlüsselungsangriff mit Trojan.multi.genericcryptor.ksws. Das ist aber definitiv eine Falschmeldung. Jetzt haben wir ein Problem, eine Ausnahme dafür für PC 192.168.1.1 (Beispiel) zu setzen. Wir haben im Cryptmodul schon Ausnahmen gesetzt (in der Richtlinie)für (beispiel) o:\shares\bank und \\File-srv\shares\bank\profi\ selbst die Datei .DR$ haben wir in die Ausnahme gesetzt. Das Problem besteht aber weiterhin. Wir haben selbst den Prozess wpc.exe in die Vertrauenswürdige Zone eingetragen, Fehler kommt trotzdem. Wir kommen eigentlich mit Kaspersky gut klar, aber mit Profi Cash ärgert er es jetzt schon länger. Kann uns jemand ein Tipp geben wo genau wir in der Richtlinie das als Ausnahme definieren müssen ?

Наша программа (мы - разработчики) стала детектироваться как вредоносная. Это - всего лишь наш, кастомный, инсталлятор RDBMS FireBird, построенный с помощью генератора инсталляций InnoSetup. Он останавливает обновляет сервер FireBird и устанавливает две демонстрационные базы, и всё. Программе уже много лет, но Касперский а/в стал реагировать на неё только сейчас. Помогите, пожалуйста, уберите срабатывание. Готов предоставить исходники и компоненты. Обращался через ваш сервис, например, вот только что: - https://opentip.kaspersky.com/E06B78EE37363FBE0BECB8C9F76DBD87D62DADA9C48ADDEBAA22DDD6C7BCE230/ - но никакого ответа на почту не получил.