Jump to content

Kaspersky error message: "Detected legitimate software that can be used by intruders to damage your computer or personal data."


Go to solution Solved by Igor Kurzin,

Recommended Posts

Posted

Hello

I am using kts on my windows 10 home

image.png.a2aa59f2ad0238a0e0fabe15ad0880ac.png

and kaspersky Kts version 21.3.10.391 (j)

This morning (i.e. now when I am writing this) I got this error message :-

image.thumb.png.aca849076a2f3e213c50d7d90874c91c.png

I have not done anything or clicked anywhere as of yet so this popup is currently on my screen as I type: what should be the proper step for me now ... and kindly help me quickly as the popup is currently open and I haven't selected any of the 3 (delete, skip, add to exclusion) options. Kindly guide me....  as soon as possible

thanks!

Flood and Flood's wife
Posted (edited)

Hello @Veerain

Welcome back!

  • ?The alert is telling you the object *may* be used by criminals, to do harm to the computer, IF it was installed, *without* your knowledge. 
  1. We cannot see the full name of the object, hover (your) mouse over the notification, in the Notification window or, in KTS Reports or KTS Quarantine, does the alert show - post a full screen screen print of the object name - we need to see all of the information
  2. Is it coming from a Brave browser - with TOR?

Please let us know?

Thank you?

Flood?+?

Edited by Flood and Flood's wife
Amended Q. 2
  • Like 1
Posted (edited)

Thankyou so much for the quick reply first of all.....

Here is the full name:

image.png.8bb792c8e20715ae4d900be0770440ca.png

And yes its from brave again.

and in KTS Reports it shows this:

Event: Detected legitimate software that can be used by intruders to damage your computer or personal data
Component: Application Control
Result description: Detected
Type: Legitimate software that can be used by intruders to damage your computer or personal data
Name: not-a-virus:NetTool.Win32.TorTool.goj
Threat level: Low
Object path: C:\Users\veera\AppData\Local\BraveSoftware\Brave- Browser\UserData\cpoalefficncklhjfpglfiplenlpccdb\1.0.27
Object name: tor-0.4.7.8-win32-brave-1
Reason: Databases
Databases release date: Yesterday, 20-08-2022 14:09:00
MD5: 6BF1C0DBFE8F2E6BC086F2CA8C03FBFB

Also do let me know if I should select delete to get rid of it or will that result in some kind of (yet another(btw I am now fed up with brave) brave software mess)

Edited by Veerain
  • Like 1
Posted

Also I think this happened because I used tor browser of brave(i.e. when you go to opts and select "New Private window with tor") to acess Zlibrary to get some book.As it is now blocked in my country.. so I thought this info might be helpful.

Also can you suggest any better method to acess tor without compromising my security(like this happened now and I don't want these kind of things repeating the next time I use tor...) Is there any "safe way" (acc to kaspersky) to acess the tor network? 

Flood and Flood's wife
Posted (edited)

Hello @Veerain

  • ?There's no reason to send us a PM requesting a reply, we are working on your topic, please be patient!

Thank you?

Flood?+?

Edited by Flood and Flood's wife
  • Haha 1
Flood and Flood's wife
Posted (edited)

Hello @Veerain

  1. We just ran Brave TOR & got no Kaspersky alerts -> which Brave/TOR version is installed? 
  2. Historically, Brave/TOR, is a known issue, not just with Kaspersky, with other AVs as well
  3. Brave is not supported by Kaspersky, read: KTS, Hardware and software requirements, Browser support
  4. Are (you) going to continue to use the Brave browser? IF Delete is selected, the next time Brave updates, it will update the TOR component. 
  5. Re TOR alternatives, unfortunately no, the Kaspersky Forum was created for the purpose of resolving issues encountered while using Kaspersky products, not for making recommendations for 3rd Pty software; also, we have not tested all TOR software, so are unable to make any informed suggestions. 

Thank you?

Flood?+?

Edited by Flood and Flood's wife
Posted

Thankyou for the reply first of all..

Secondly Here is the trailer of what happened while you were working on my issue :

Iike any person would, I selected the delete option.

For some time it didn't do anything and then it came back with :

Event: Malicious object detected
User: XENOMORPH\My name
User type: Active user
Component: Virus Scan
Result: Detected
Result description: Detected
Type: Trojan
Name: Trojan.Multi.GenAutorunReg.a
Precision: Exactly
Threat level: High
Object type: File
Object name: System Memory
Reason: Expert analysis
Databases release date: Yesterday, 20-08-2022 14:09:00

and then it asked me to do an advanced disinfection. So I proceeded with it. And after restarting my pc I went to the logs and found this:

Event: Object disinfected
User: XENOMORPH\my name
User type: Active user
Component: Virus Scan
Result: Disinfected
Result description: Disinfected
Type: Trojan
Name: Trojan.Multi.GenAutorunReg.a
Precision: Exactly
Threat level: High
Object type: File
Object name: System Memory

image.thumb.png.9d5fa2aeadf518cc469b2232a4405f1a.png

 And to my wonder,:classic_huh: now the same tor file that it couldn't disinfect  is now placed in the trusted applications group... 

the application control says:

Today, 21-08-2022 08:05:27:

Event: Application placed in the trusted group;

Application: tor-0.4.7.8-win32-brave-1;

Application name tor-0.4.7.8-win32-brave-1;

Application Path:C:\Users\my name\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.27;

Application PID: 0;

User NT AUTHORITY\SYSTEM;

 

User type: System user;

Application placed in group;;;;;;;Trusted;;;KSN

Posted

now I want to know how to remove an application off the "trusted applications" as they were able to place it in trusted application group so.......... how to deal with this situation now .........

Flood and Flood's wife
Posted (edited)
27 minutes ago, Veerain said:

now I want to know how to remove an application off the "trusted applications" as they were able to place it in trusted application group so.......... how to deal with this situation now .........

Hello @Veerain

You're most welcome!

  1. Re the Report above, you appear to be reporting different objects, save the Report as a text file, upload to any cloud service of your choice & post the share link please?
  2. In KTS, Manage applications, there's a number of options available, right click beside tor-0.4.7.8-win32-brave-1 (see image) & read: Manage applications window, List of applications
Spoiler

image.thumb.jpeg.7ccb6e3826cba3708c4e71c5cde3ec29.jpeg

*Also, update Kaspersky Database, then shutdown the computer using Shutdown, not Restart, power on, login, run a Full scan, allow it to complete

Thank you?

Flood?+?

Edited by Flood and Flood's wife
Posted

@Veerain

Please download and run AdwCleaner(*) as ADMIN.
1)   ⚠️ Don’t fix eventual detections ⚠️
2)  Please attach the TXT Log in your next post

(*) No installation required.

Flood and Flood's wife
Posted (edited)
3 hours ago, Veerain said:

Sorry for the late response I was planning out how to put forward my concern properly

Hello @Veerain

No problem, thank you for the information!

  1. Did Trojan.Multi.GenAutorunReg.a appear *after* the Database update, Full scan & Shutdown, power on, login, etc., we suggested in our previous reply
  2. IF you've completely blocked brave, why not uninstall it -> it sounds as if you're not going to use it, why keep it on the system??

Thank you?

Flood?+?

Edited by Flood and Flood's wife
Posted

Hello I was unavailable for some time so sorry for that.

6 hours ago, Flood and Flood's wife said:

Hello @Veerain

No problem, thank you for the information!

  1. Did Trojan.Multi.GenAutorunReg.a appear *after* the Database update, Full scan & Shutdown, power on, login, etc., we suggested in our previous reply
  2. IF you've completely blocked brave, why not uninstall it -> it sounds as if you're not going to use it, why keep it on the system??

Thank you?

Flood?+?

for your 1st question

Trojan.Multi.GenAutorunReg.a appeared after I clicked on "delete" in the "Select method of processing legitimate software." (refer my very first post in my first message image bottom right popup) till that point I couldn't see Trojan.Multi.GenAutorunReg.a in the kts logs. it was after the advanced disinfection that it showed me that Trogan. (which it removed)

Your message to shut down and update the database came after Kts had disinfected the trojan (after adv disinf) 

2)I did.! 

Infact When I blocked all its processes I wasn't able to uninstall it.( as I blocked brave installer also)

(then I unblocked the installer and then uninstalled it.)

But to my surprise Some components were still left (like in program files 86 etc) I manually deleted all of them by (searching "brave" in my explorer under full pc scan)

Then after sometime it again showed that it had deleted another trojan and made a quarantine copy of it.

Then after loosing all my patience I left my pc in the hands of the lord (may god bless it and my patience)

anyways now it seems to be fine

 

  • Like 1
  • 2 weeks later...
  • Solution
Posted

Dear all, malware analysts informed that this is a false positive and it will be fixed. Sorry about the trouble. 

  • Like 3
  • The title was changed to Kaspersky error message: "Detected legitimate software that can be used by intruders to damage your computer or personal data."
  • This topic was featured and unfeatured

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...