Kaspersky detects as Trojan: RoboForm: c:\windows\system32\tasks\Run RoboForm TaskBar Icon

[zivshosh]

Greetings

OS: Windows 10 Pro

AV: Kaspersky Antivirus 2019

I work with Roboform without a problem now in version 8.6.6.6

when I updated to 8.6.6.7 I was informed by KAV that there is a trojan in:

c:\windows\system32\tasks\Run RoboForm TaskBar Icon

this file has no extension but it is an xml file and there is a minor editable difference between this file and the corresponding file of the previous version.

I excluded the file since I saw bo harm in it, but KAV continued to nag.

Please could you tell me what to do?

(I update KAV everyday)

thank you

zivshosh

 

[Flood and Flood's wife]

Hello @zivshosh 
Welcome!
May I ask:

1. Is KAV licensed? 
2. Is Roboform the licensed or free version?
3. I note the installed software is KAV19, have you tested the issue with KAV20?

Using Kaspersky v20 software, I’ve installed Roboform 8.6.6.7 without issue

Please let me know?

Thank you🙏

Flood🐳

[zivshosh]

Thank you FLOOD for a quick answer

of course all programs are licensed but I renewed KAV 2019 just a month ago. I was expecting to be on 2020 version but I stayed on 2019. How do I upgrade to KAV 2020?

Would KAV20 work with the same license I received only a month ago?

BTW, I would have believed you without the attachments

 

[Ziv]

Thanks again FLOOD

Tried to upgrade to KAV2020 but it didn’t help

maybe because Kaspersky tries to push its own Password Manager

rolled back to where I was few days ago.

Maybe next year when my KAV license expires

 

 

[Berny]

@zivshosh Please proceed as follows :

> Download KAV 2020 https://www.kaspersky.com/downloads

> Exit KAV 2019 > uninstall > reboot 

> Install KAV 2020 > update databases > Reboot

 

Your license is valid for K 2020

[Ziv]

I did exactly that and it didn’t help to solve my case

maybe next year when my license expires

 

[Guest #37]

Hi,

KTS 2020 with Roboform 8.6.7.7.

No problem.

Regards

[Guest #37]

Also Kaspersky Virusdesk:

Please open a support ticket in My Kaspersky for review.

Regards

[Flood and Flood's wife]

Hello @zivshosh,

You’re very welcome!

Thank you for believing me, that’s very kind🙏

Some people take in written information, some by hearing, some by images, some a combination of all; I include what I can to cover all bases☺

Thank you for the additional information👌

• Re:  “Would KAV20 work with the same license I received only a month ago?”

Yes.

• Re: “Roboform licensed?”

I noticed the Free version has a trial period which may limit how long I can test for, if further testing is necessary🤔

• Re: “KAV licensed?”

It’s good to know, thank you🙏  The Free version has no Technical Support, if it’s necessary to refer to them I don’t like to waste anyone’s time, knowing in advance helps make sure that doesn’t happen.

• I confirm my previous advice after rechecking Roboform & a selective scan of  c:\windows\system32\tasks\

 

❓ Was Roboform installed before or after KAV? 

• Please let me know what the support team advises? 

Thank you🙏

Flood🐳

[Ziv]

neither of the programs is free. all are bought and legitimate and licensed

I suspect that roboform does the same as Kaspersky password manager so maybe there is a conflict. I didn’t install K password manager but its icon appeared (maybe ready for installation)

I wonder why the upgrade to KAV2020 didn’t help

luckily roboform 8.6.6.6 works fine (everywhere version)

Roboform support team says it’s Kaspersky problem and indeed I got the “trojan” file from a friend who upgraded and compared and found minor differences (location,computer name etc)

but this friend doesn’t work with Kaspersky….

to sum the case I rolled back to where I was few days ago and everything works

thanks again

 

[Berny]

@Caos Same here :  KSCloud 2020 - RF 8.6.7.7

 

[Berny]

@Ziv KPM is actually not conflicting with RF.
 

[Flood and Flood's wife]

Hello @Ziv, 

Welcome!

• Are you reporting the same issue as @zivshosh?
• KAV reporting c:\windows\system32\tasks\Run RoboForm TaskBar Icon as a Trojan is not at all indicitave of a KPM conflict.
• KAV does not come with KPM pre-installed.
• Do you have a separate install of KPM? 
• May I have the KAV Report please: Open KAV, select Reports, select Detailed Reports, select ALL Events, select 24hrs, select Export, save the Report as a .txt file & attach📎 to your reply please?

Thank you🙏

Flood🐳

[Ziv]

this is a very long process

I need a lot of time for that

my KAV now is 20.0.14.1085 and updated to today (it is updated every day)

as for the support issue: rf support says that the xml files does not contain any trojan (it is an editable file and I read it thoroughly and there’s nothing suspicious in it)

kav support is you… recommended moving to kav2020 and I got the same warning

I tried to exclude the file but it didn’t help hence I rolled back

I have the everywhere version of rf so it synchronizes passwords to its server back and forth so maybe kav views it as infiltration of some kind. I know nothing about hacking but it doesn’t look serious. gmail also connects and brings mails from the google server

the problem is not solved but I can work with rf 8.6.6.6

many thanks

 

[Berny]

@Ziv Also , please submit a ticket to K-Lab Technical Support https://center.kaspersky.com

[Flood and Flood's wife]

Hello @Ziv, 

• Please clarify, are @Ziv & @zivshosh the same person?
• I’m not sure what “this is a very long process, I need a lot of time for that”, is referring to🤔  Generating the KAV Report & uploading to the Topic takes less than 5 minutes.
• Please note, the Kaspersky Community is not KAV/Kaspersky Technical Support.

Thank you🙏

Flood🐳

[Berny]

this is a very long process

You can also search in your Detailed Reports which takes only some seconds :
 

 

 

[Flood and Flood's wife]

Hello @Ziv,

Welcome again!

Now that the topic  Solution to Kaspersky & Roboform conflict has been closed.

Thank you for updating us👌 .

1. Just so there’s no misunderstanding, I believe you, with or without data & images, I simply state I cannot replicate the issue.
2. May I have an exported KIS Report please, select ALL Events, select 24hrs, save the Report as a .txt file & attach📎 to your reply please?
3. Have you raised the issue with Kaspersky Technical Support?
4. Just as FYI, I’ve installed Roboform to a different system, using a different account, it’s not default installing to C:\Windows\System32:  RoboTaskBarIcon, RoboTaskBarIcon 🤔 & I don’t have Run Roboform process 
5. Have you uninstalled & reinstalled Roboform?

Please let me know?

Thank you🙏

Flood🐳

[Guest #37]

Hi,

Please send me by private message this file c:\windows\system32\tasks\Run RoboForm TaskBar Icon compressed with Winrar and with password "virus" (without quotes).

Regards

[Ziv]

Than you FLOOD

I don’t know how to address Kaspersky technical support

Yes, I reinstalled KAV 2020

since the problem is solved the isuue is closed and I see no points in sending reports

I do believe that I had a trojan in c:\windows\system32\tasks that KAV detected. in fact two!

Now I’m updated in both KAV & RF and all is quiet in this front

thank you so much for your enormous help but the real turnpoint came from RF forum when someone remarked that the file I complained above is NOT a RF file, so I let KAV “disinfect” it and the problem was solved. BTW the file is still there, it is editable (xml) and its content is innocent enough

Thanks again

[Berny]

I don’t know how to address Kaspersky technical support

Please see my Post above referring to “K-Lab Technical Support” .