Jump to content
Kaspersky Support Forum

Is KernelDriversDownload.dll a virus?

Hisyam PI

By Hisyam PI
in Virus and Ransomware related questions

 Share
Go to solution Solved by Berny,

Recommended Posts

Hisyam PI

Hisyam PI

Posted
Posted

Hi,

Recently there is notification from Kaspersky regarding KernelDriversDownload.dll in System32. I upload this file to virustotal and the result is 35/71 flagged as a threat. I had try to disinfect my computer several times but the file keep recreated.

Is this false positive or not?

Screenshot 2023-10-25 184439.png

Screenshot 2023-10-25 184947.png

Screenshot 2023-10-25 185108.png

harlan4096

harlan4096

Posted
Posted

Welcome to Kaspersky Community.

 

That file looks quite suspicious, 35 detections at VT, and not digitally signed by Microsoft 🤔🙄

  • Like 1
Hisyam PI

Hisyam PI

Posted
  • Author
Posted

As additional information, this warning start appearing after I install Safing Portmaster and activating Windows Sandbox. Both are already uninstalled, but, the warning and files still persist.

Hisyam PI

Hisyam PI

Posted
  • Author
Posted (edited)

So, is this an adware? Miner? Should I be concern?

Could I remove it? Because I've tried different ways, but it still persist.

OpenTip Reupload

Edited by Hisyam PI
harlan4096

harlan4096

Posted
Posted

I think you can remove it manually, or with the detection via Your Kaspersky, since that file does not belong to Windows system...

  • Like 1
Hisyam PI

Hisyam PI

Posted
  • Author
Posted

I've tried to remove it, but it keep getting recreated for some reason. Disinfecting with kaspersky also unable to permanently delete, it just keep re-created.

  • Solution
Berny

Berny

Posted
  • Solution
Posted

@Hisyam PI

In the meantime [25/10/2023-18:48] i got this information from Kaspersky Virus Lab :

   
Quote

Hello,

The notifications displayed to the user are informative and correct:
KernelDriversDownload.dll_ - not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen

Kaspersky Lab applications classify the specified objects as legitimate software and do not identify them as malicious.
You can learn more about enabling / disabling display of notifications by clicking the following link:
http://support.kaspersky.com/viruses/general/664#block3

Best regards, Xxxxxxxxxxx Xxxxxxxxxxx, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700


http://www.kaspersky.com
https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

  • Like 1
harlan4096

harlan4096

Posted
Posted

Also, check any recent suspicious app installed in the system, and uninstall it.

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...