Jump to content

How can I install an application that KIS falsely identifies as malicious? Tajpi.exe detected. [Closed]


Go to solution Solved by Berny,

Recommended Posts

Today, KIS has identified an old application as malicious. It was created in 2016 and was working for a long time without any problems on my computer. Today, KIS has removed the application itself, the application installer, and prohibited the application from being downloaded. How to ignore all of this and install the application back? I have created a support request INC000010472262.
Link to comment
Share on other sites

Hello ABEgorov, Welcome! Please tell us: *Has KIS "quarantined the application? If yes, may we have a screen print please? *name of the application Kaspersky software (KIS) is objecting to? *KIS version? *Operating system, version & build? Also, in Kaspersky application "Reports" are there any events detailing the detection/removal, if yes, please export to a text file & copy one complete entry and paste back here please? Many thanks!
Link to comment
Share on other sites

KIS 19.0.0.1088 (e). Windows 10 x64, 1809 (10.0.17763.503) I tried to restore it from the quarantine and add it to the exclusions. Now quarantine contains only help files... 23.05.2019 19.59.07 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:59 PM 23.05.2019 19.59.07 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:59 PM 23.05.2019 19.44.35 PC Cleaner has finished a scheduled analysis of objects Time: 5/23/2019 7:44 PM 23.05.2019 19.41.55 Search for application updates Search completed, no available updates Important updates available: 0 Recommended updates available: 0 Started: Automatically Status: Completed Time: 5/23/2019 7:41 PM 23.05.2019 19.35.42 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:35 PM 23.05.2019 19.35.42 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:35 PM 23.05.2019 19.30.32 You have signed in to My Kaspersky portal Browser: Google Chrome Device: Desktop Operating system: Windows Login time: 5/23/2019 7:30 PM Time: 5/23/2019 7:30 PM 23.05.2019 19.30.31 Update of databases and application modules Completed. Average download speed:: 1.35 MB/s Status:: Completed. Downloaded and updated:: 1.07 MB Total duration: 4 minutes 36 seconds Time: 5/23/2019 7:30 PM 23.05.2019 19.24.29 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:24 PM 23.05.2019 19.24.29 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:24 PM 23.05.2019 19.23.56 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:23 PM 23.05.2019 19.23.56 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:23 PM 23.05.2019 19.21.55 Rolled back actions of malware PDM:Trojan.Win32.Generic Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\tajpi.lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\malinstali tajpi.lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\helpo.lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\helpo (angla).lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\program files (x86)\tajpi\is-cimud.tmp Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.55 File renamed when rolling back actions of malware c:\program files (x86)\tajpi\is-cimud.tmp Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.21.40 Detected object (file) deleted C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:21 PM Object name: UDS:Trojan-Spy.Win32.Xegumumune 23.05.2019 19.21.40 Detected object (file) moved to Quarantine C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:21 PM Object name: UDS:Trojan-Spy.Win32.Xegumumune 23.05.2019 19.21.14 Removed malware PDM:Trojan.Win32.Generic Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM 23.05.2019 19.20.50 Detected malware PDM:Trojan.Win32.Generic Application name: Tajpi Setup Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:20 PM 23.05.2019 19.20.50 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: C:\Users\abegorov\AppData\Local\Temp\is-O9L34.tmp\tajpi298inst.tmp File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: Trojan-Spy.Win32.Xegumumune.aht Reason: Information 23.05.2019 19.20.49 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: UDS:Trojan-Spy.Win32.Xegumumune 23.05.2019 19.20.48 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: Trojan-Spy.Win32.Xegumumune.aht Reason: Information 23.05.2019 19.20.48 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: Trojan-Spy.Win32.Xegumumune.aht Reason: Information 23.05.2019 19.20.43 Application added to the Trusted group Setup/Uninstall Application: Setup/Uninstall Reason: KSN information Application path: C:\Users\abegorov\AppData\Local\Temp\is-O9L34.tmp\tajpi298inst.tmp Time: 5/23/2019 7:20 PM 23.05.2019 19.20.41 Application added to the Trusted group Setup/Uninstall Application: Setup/Uninstall Reason: KSN information Application path: C:\Users\abegorov\AppData\Local\Temp\is-URD9Q.tmp\tajpi298inst.tmp Time: 5/23/2019 7:20 PM 23.05.2019 19.19.38 Detected object (file) deleted C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:19 PM Object name: Trojan-Spy.Win32.Xegumumune.aht 23.05.2019 19.19.37 Detected object (file) moved to Quarantine C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:19 PM Object name: Trojan-Spy.Win32.Xegumumune.aht 23.05.2019 19.18.11 Selective Scan No threats detected Detected: 0 Deleted: 0 Not disinfected: 0 Release date of databases used for scan: 5/23/2019 12:49 PM Total duration: 0 seconds Completion time: 5/23/2019 7:18 PM 23.05.2019 19.17.43 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:17 PM Object name: Trojan-Spy.Win32.Xegumumune.aht 23.05.2019 19.16.58 Detected object (file) deleted C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:16 PM Object name: Trojan-Spy.Win32.Xegumumune.aht 23.05.2019 19.16.58 Detected object (file) moved to Quarantine C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:16 PM Object name: Trojan-Spy.Win32.Xegumumune.aht 23.05.2019 19.15.18 Selective Scan No threats detected Detected: 0 Deleted: 0 Not disinfected: 0 Release date of databases used for scan: 5/23/2019 12:49 PM Total duration: 0 seconds Completion time: 5/23/2019 7:15 PM 23.05.2019 19.14.30 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:14 PM Object name: Trojan-Spy.Win32.Xegumumune.aht 23.05.2019 19.11.45 Application is allowed to receive audio stream SkypeApp Application: SkypeApp Application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe Time: 5/23/2019 7:11 PM 23.05.2019 19.11.45 Application is allowed to receive audio stream SkypeApp Application: SkypeApp Application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe Time: 5/23/2019 7:11 PM 23.05.2019 19.11.37 Removed malware PDM:Trojan.Win32.Bazon.a Application name: C:\Program Files (x86)\Tajpi\Tajpi.exe Application path: c:\program files (x86)\tajpi\tajpi.exe Time: 5/23/2019 7:11 PM 23.05.2019 19.11.21 Removed malware PDM:Trojan.Win32.Bazon.a Application name: Klavarilo por esperantistoj Application path: HKU\S-1-5-21-2371300580-1008966690-3884442651-1001\Software\Microsoft\Windows\CurrentVersion\Run\Tajpi Time: 5/23/2019 7:11 PM 23.05.2019 19.11.19 Terminated malware PDM:Trojan.Win32.Bazon.a Application name: Klavarilo por esperantistoj Application path: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:11 PM 23.05.2019 19.11.19 Detected malware PDM:Trojan.Win32.Bazon.a Application name: Klavarilo por esperantistoj Application path: c:\program files (x86)\tajpi\tajpi.exe Time: 5/23/2019 7:11 PM 23.05.2019 19.11.18 Application added to the Low Restricted group Klavarilo por esperantistoj Application: Klavarilo por esperantistoj Reason: default Application path: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:11 PM 23.05.2019 19.11.00 Task started Web Anti-Virus Time: 5/23/2019 7:11 PM 23.05.2019 19.11.00 Task started Mail Anti-Virus Time: 5/23/2019 7:11 PM 23.05.2019 19.11.00 Task started IM Anti-Virus Time: 5/23/2019 7:11 PM 23.05.2019 19.11.00 Task started System Watcher Time: 5/23/2019 7:11 PM 23.05.2019 19.11.00 Task started Network Attack Blocker Time: 5/23/2019 7:11 PM 23.05.2019 19.11.00 Task started Anti-Banner Time: 5/23/2019 7:11 PM 23.05.2019 19.10.55 Task started File Anti-Virus Time: 5/23/2019 7:10 PM 23.05.2019 19.10.55 Task started Firewall Time: 5/23/2019 7:10 PM 23.05.2019 19.10.55 Task started Application Control Time: 5/23/2019 7:10 PM
Link to comment
Share on other sites

I added to the exclusions: http_//www_zz9pza.net_tajpi_tajpi298inst.exe I:\Downloads\tajpi298inst.exe C:\Program Files (x86)\Tajpi Are there any easier ways to do this? ------ Moderation Edit : Download link disabled
Link to comment
Share on other sites

  • Solution
Also in addition to FLOOD and only if you trust the application , before installing disable interactive protection > trust > exclude > enable interactive protection. Also , flush quarantine before proceeding.
Link to comment
Share on other sites

Hello ABEgorov, Thanks for posting back the information. The link http_//www_zz9pza.net_tajpi_tajpi298inst.exe is malicious according to the reputation data of Kaspersky VirusDesk. We do not recommend that you follow this link. The Kaspersky report: 23.05.2019 19.11.37 Removed malware PDM:Trojan.Win32.Bazon.a Application name: C:\Program Files (x86)\Tajpi\Tajpi.exe

Trojan.Win32.Bazon.A Description

Trojan.Win32.Bazon.A is a Trojan horse infection that may load on a system and then perform various actions in the background without any indication to the computer user. The actions of Trojan.Win32.Bazon.A may include allowing remote attackers access to the infected system. Through access by use of Trojan.Win32.Bazon.A, remote hackers may be able to steal data stored on the hard drive. Removal of Trojan.Win32.Bazon.A may require use of an updated antispyware program designed to remove Trojan horse infections Software changes all the time, it could be a change in the software that was previously classified as safe no longer meets the criteria to continue with that classification. (imo) I would not be seeking to install or try to override Kaspersky software before I consulted Kaspersky experts. With respect, we suggest you seek the advice from Kaspersky Technical Team, log into your MyKaspersky account - https://my.kaspersky.com/, create an incident report. or https://support.kaspersky.com/b2c - choose your location for Kaspersky Technical Team or LiveChat or email - customerservicesolution@kaspersky.com; newvirus@kaspersky.com Thank you. ------ Moderation Edit : Download link disabled
Link to comment
Share on other sites

I trust this application. It first appeared in KSN two years ago and yesterday KIS did not detect anything. I don't know why this happened today but the manual scan still shows "no threats detected"...
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


×
×
  • Create New...