Jump to content

Lots of system symptoms, Eset false positive on Kaspersky bases.


Go to solution Solved by Schulte,

Recommended Posts

Posted
Ladies, Gentlemen. Akwardly i have a combo of eset online scanner with the free version. I had some trojan horses generics nesting in the labs base folder... Running hitman and eset, some mallwarebytes and SFC.EXE it was all ok again to be short, i had much more damage than this. repaired myself trough cmd . And.... I want to be tight and secure and running the eset over kapersky paid version again. still getting some deleted objects again, when installed back again the AVP of kaspersky. it is still running now but i will send a photo of this. can this be considered as false if it is back again a trojan generic horse ??? regards kenneth
Flood and Flood's wife
Posted
Hello KETZK, Welcome!
  1. Could you help us please, what exactly is the issue?
  2. Can you share screen images (that show the issue) with us please?
  3. What Kaspersky software do you have installed? Name/s, version/s, patch/s?
  4. Operating system, version, build?
  5. Does your Kaspersky REPORTS show any events that identify the issue? Can you export those events and upload the text file using the upload icon below please?
Looking forward to hearing from you. Many thanks!
Posted
Well, a intrusion took place, from my eyesight with a lot of symptoms, firefox crashing, screens shutting off...freezing...flickering....acces into registry addresses/keys, event log corruption, files denying to delete of changed security audio/display drivers corrupt etc.. To clear my case i was suprised with every side support i had from exploits to mallware protection, eset was the only one who saw more than the rest. I had some last bits in the C/PROGRAM DATA /KAPERSKY LAB/AVP 19.0.0/BASEES/CACHE/KJIM... a variant of ''Generic.DBVVYIJ.Horse as NOD32ESET displays in front of me. And after quarantine those files. i deleted them , and testing if it was my fault, maybe someting was coming in or so while downloading your client. Now 9out10 i was since the first developments allways satisfied with the AVP . And was thinking to buy finally the whole version after some digging and testing. And on the other side when i was setting up the client again with license for 2 years. I was curious about if eset detects anything on this client right now like with the last couple days what eset has told me about. Also directly downloaded from your servers. Again still 2 EDIT;3 potentials recognized, and i wanted to share that experience and wanted to highlight this if this was a very true or false fact,... what eset is recognizing in your folders? I am running up to date VER OF KASPERSKY RUNNING : WINX64 VER1903 AND this are the screen images. I have no attention notices from kaspersky whatsoever about what eset has to say. Thank you very much gentlemen. regards
Posted
Eset false positive detect Kaspersky bases. False positive. 1. Please post your GetSystemInfo report link, instructions: https://support.kaspersky.com/common/diagnostics/3632 Please upload the GetSystemInfo zip folder that is inside the larger GSI zip to the GSI parser site http://www.getsysteminfo.com/ and post the url to the parsed report here, in your next post.
Posted
I will do that sir, thank you.
Posted
https://www.getsysteminfo.com/report/29302a6ef3339e8002651049f81d2c71 This link with system info of mine, it wont get shared any further than you guys am i right? I like to keep it discreet. Thank you very much.
Posted
guys, i clicked accidentally on solved i guess. pardon me .
Posted
guys, i clicked accidentally on solved i guess. pardon me .
If you send me a PM with an explicit desire to undo that, we can undo. EDIT: Done as requested
Posted
guys, i clicked accidentally on solved i guess. pardon me .
If you send me a PM with an explicit desire to undo that, we can undo. EDIT: Done as requested
Thank you very much Sir Schulte. Again my apollogies.
Flood and Flood's wife
Posted
KETZK,
  1. Re: "no attention notices from kaspersky whatsoever about what eset has to say".
Kaspersky has no reason to report. -------------------------------
  1. Eset report:
  1. First 2 objects are identical
  2. Location is different.
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 a variant of Generik.DBVVYIJ trojan horse removed (after the next restart) C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\Cache\ kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 a variant of Generik.DBVVYIJ trojan horse removed (after the next restart) C:\Users\All Users\Kaspersky Lab\AVP19.0.0\Bases\Cache\ --------------------------------
  1. kjim - 046648d9043492926863b15830199c9c0ee7bbbd666867befd2be1b891cd3d56
MD5 1d87b48c03e8b252a0fc72ae36c5aed8 SHA-1 2700a2f4ad0164e193e49e05c017c73e0b87332d SHA-256 046648d9043492926863b15830199c9c0ee7bbbd666867befd2be1b891cd3d56 Authentihash 0abc5906c168fce572b1f441bf80b1d28e0559402cbb0043f390c01a9cd299e4 SSDEEP 24576:EUEENIBFunoLECFWYk/l7fQ7vdQ6eMmxA:WLZkrlMmy File type Win32 DLL Magic PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit File size 2.91 MB (3046736 bytes) History Creation Time 2019-05-30 09:18:26 Signature Date 2019-05-30 10:22:00 First Submission 2019-06-20 11:12:32 Last Submission 2019-06-20 11:12:32 Last Analysis 2019-07-02 19:05:51 Names kjim kjim.kdl kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 Signature Info Signature Verification Signed file, valid signature File Version Information Copyright © 2019 AO Kaspersky Lab. All Rights Reserved. Product Kaspersky Anti-Virus Description Script Heuristics Engine Original Name kjim.kdl Internal Name kjim File Version 5.29.0.31 Date signed 10:22 AM 5/30/2019 Signers Kaspersky Lab Name Kaspersky Lab Status Valid Valid From 12:00 AM 06/02/2017 Valid To 12:00 PM 07/08/2020 Valid Usage Code Signing Algorithm sha1RSA Serial Number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46 DigiCert High Assurance Code Signing CA-1 Name DigiCert High Assurance Code Signing CA-1 Status Valid Valid From 12:00 PM 02/11/2011 Valid To 12:00 PM 02/10/2026 Valid Usage Code Signing Algorithm sha1RSA Serial Number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F DigiCert Name DigiCert Status Valid Valid From 12:00 AM 11/10/2006 Valid To 12:00 AM 11/10/2031 Valid Usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing Algorithm sha1RSA Serial Number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77 Counter Signers Symantec Time Stamping Services Signer - G4 Name Symantec Time Stamping Services Signer - G4 Status Valid Valid From 12:00 AM 10/18/2012 Valid To 11:59 PM 12/29/2020 Valid Usage Timestamp Signing Algorithm sha1RSA Serial Number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50 Symantec Time Stamping Services CA - G2 Name Symantec Time Stamping Services CA - G2 Status Valid Valid From 12:00 AM 12/21/2012 Valid To 11:59 PM 12/30/2020 Valid Usage Timestamp Signing Algorithm sha1RSA Serial Number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B Thawte Timestamping CA Name Thawte Timestamping CA Status Valid Valid From 12:00 AM 01/01/1997 Valid To 11:59 PM 12/31/2020 Valid Usage Timestamp Signing Algorithm md5RSA Serial Number 00 ---------------------- History Creation Time 2019-05-30 09:18:26 Signature Date 2019-05-30 10:22:00 First Submission 2019-06-20 11:12:32 Last Submission 2019-06-20 11:12:32 Last Analysis 2019-07-02 19:05:51 Names kjim kjim.kdl kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 Signature Info Signature Verification Signed file, valid signature File Version Information Copyright © 2019 AO Kaspersky Lab. All Rights Reserved. Product Kaspersky Anti-Virus Description Script Heuristics Engine Original Name kjim.kdl Internal Name kjim File Version 5.29.0.31 Date signed 10:22 AM 5/30/2019 Signers Kaspersky Lab Name Kaspersky Lab Status Valid Valid From 12:00 AM 06/02/2017 Valid To 12:00 PM 07/08/2020 Valid Usage Code Signing Algorithm sha1RSA Serial Number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46 DigiCert High Assurance Code Signing CA-1 Name DigiCert High Assurance Code Signing CA-1 Status Valid Valid From 12:00 PM 02/11/2011 Valid To 12:00 PM 02/10/2026 Valid Usage Code Signing Algorithm sha1RSA Serial Number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F DigiCert Name DigiCert Status Valid Valid From 12:00 AM 11/10/2006 Valid To 12:00 AM 11/10/2031 Valid Usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing Algorithm sha1RSA Serial Number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77 Counter Signers Symantec Time Stamping Services Signer - G4 Name Symantec Time Stamping Services Signer - G4 Status Valid Valid From 12:00 AM 10/18/2012 Valid To 11:59 PM 12/29/2020 Valid Usage Timestamp Signing Algorithm sha1RSA Serial Number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50 Symantec Time Stamping Services CA - G2 Name Symantec Time Stamping Services CA - G2 Status Valid Valid From 12:00 AM 12/21/2012 Valid To 11:59 PM 12/30/2020 Valid Usage Timestamp Signing Algorithm sha1RSA Serial Number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B Thawte Timestamping CA Name Thawte Timestamping CA Status Valid Valid From 12:00 AM 01/01/1997 Valid To 11:59 PM 12/31/2020 Valid Usage Timestamp Signing Algorithm md5RSA Serial Number 00 Portable Executable Info Header Target Machine Intel 386 or later processors and compatible processors Compilation Timestamp 2019-05-30 09:18:26 Entry Point 30720 Contained Sections 5 Sections Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 949545 949760 6.65 f124eb1b636ae19f8eee8c7d38d75c51 .rdata 954368 2026602 2027008 6.13 d089c0aa9f400581d2fbae4caa069de9 .data 2981888 296 512 1.95 27f0b8419dfa7b434fcff1e2c9bb9b80 .rsrc 2985984 1512 1536 4.18 dbd4d51ac4204909e2b164c899605f68 .reloc 2990080 43814 44032 5.94 2af7f63dac8ea8e74cd010dfac137f12 Exports KJIM_1 KJIM_10 KJIM_11 KJIM_12 KJIM_13 KJIM_14 KJIM_15 KJIM_16 KJIM_17 KJIM_18 Contained Resources By Type RT_VERSION 1 RT_MANIFEST 1 Contained Resources By Language RUSSIAN 1 ENGLISH US 1 Contained Resources SHA-256 File Type Type Language 1af48599ba2eadc59c2fef6ee3bca8c3143106377611dd6bee0d9e3139287877 data RT_VERSION RUSSIAN 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e ASCII text RT_MANIFEST ENGLISH US ExifTool File Metadata CharacterSet Unicode CodeSize 949760 CompanyName AO Kaspersky Lab EntryPoint 0x7800 FileDescription Script Heuristics Engine FileFlagsMask 0x003f FileOS Windows NT 32-bit FileSubtype 0 FileType Win32 DLL FileTypeExtension dll FileVersion 5.29.0.31 FileVersionNumber 5.29.0.31 ImageFileCharacteristics Executable, 32-bit, DLL ImageVersion 0.0 InitializedDataSize 2073088 InternalName kjim LanguageCode English (U.S.) LegalCopyright 2019 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks Registered trademarks and service marks are the property of their respective owners LinkerVersion 10.0 MIMEType application/octet-stream MachineType Intel 386 or later, and compatibles OSVersion 5.1 ObjectFileType Executable application OriginalFileName kjim.kdl PEType PE32 ProductName Kaspersky Anti-Virus ProductVersion 6.0.1.990 ProductVersionNumber 6.0.1.990 Subsystem Windows GUI SubsystemVersion 5.1 TimeStamp 2019:05:30 10:18:26+01:00 UninitializedDataSize 0 ----------------------------- Before proceeding please ensure you have: Current backups. Current system image Current restore point. -----------------------------
  1. Is there a reason why Kaspersky software is patch (d)?
  1. If not please update to the current patch.
To do so please follow these steps:
  1. Uninstall Kaspersky software, in KTS application, right click, select "UNINSTALL", please ensure you select "SAVE LICENCE INFORMATION" only, leave the remaining options blank.
  2. Allow the UNINSTALL process to complete.
  3. POWER OFF COMPUTER by selecting "SHUTDOWN"
  4. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  5. Make sure KASPERSKY SECURE CONNECTION is NOT ACTIVE, if it is EXIT KASPERSKY SECURE CONNECTION.
  6. Go to C:\Windows\Temp - delete all files/folders - there will be 4 or 5 files/folders in use, do not worry, select "skip", there may also be a few files that require "Admin" to permit the deletion, please select Admin ok/yes to complete the clearing.
  7. Go to C:\ProgramData\Kaspersky Lab - search for AVP19*.*, if any Folders/Files are found, matching the criteria please delete, if it's a folder please clear any files/objects within, then delete the folder.
  8. Go to C:\Users\All Users\Kaspersky Lab\ - search for AVP19*.*, if any Folders/Files are found, matching the criteria please delete, if it's a folder please clear any files/objects within, then delete the folder.
  9. POWER OFF COMPUTER by selecting "SHUTDOWN"
  10. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  11. Download a new KTS installer.
  12. INSTALL KTS, allow the software installation to fully complete.
  13. POWER OFF COMPUTER by selecting "SHUTDOWN"
  14. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  15. Make sure KASPERSKY SECURE CONNECTION is NOT ACTIVE, if it is EXIT KASPERSKY SECURE CONNECTION.
  16. Make sure KTS is active.
  17. Run a MANUAL UPDATE.
  18. Sign into your MyKaspersky online account.
  19. Make sure your device is syncronised with the application/portal.
  20. Run a FULL MANUAL SCAN - allow it to complete and DO NOT RUN ANYTHING ELSE for the entire duration of the FULL SCAN.
---------------------------------- CLEAR ESET and rerun the ESET scan. Problem remains - YES? Please report back? Problem resolved - YES? Please report back? Thanks!
Posted
Sir Flood, thank you. I will proceed tomorrow. At all i can say now is that in idle , with no programs in run, there is back a reasonable silence, Only a bout 3prcent cpu load 25 ram buffer and 0 hdd 0 network. but for the fact of the so called false trojans in ESET . I will apply this procedure tomorrow. Thank you very much . regards
Posted
Sir, I applied what you explained me to do. After removing KTS, no rest files were found bij myself. after the whole restart en reset eset. Same error still counts.... Freefixers explained and whas the only website except my topic in google on how and why it works like that, but its a part of the heuristics engine script, but 85% would advise to delete it. but its only polled by 13 votes. Thoughts?
  • Solution
Posted
Hi, KETZK, let me explain in simple words: what ESET is telling you is quite normal. AV programs often recognize other AV programs as a danger. An AV program intervenes deeply in the system, which seems dangerous to the other AV program. The evaluation on Freefixers is only 'bullshit'. Obviously, users who don't know anything about KL products have rated it. Your screenshots also show the rating of a ten year old version (AVP9)... Summary: 'kjim.kdl' is a component of the KL products, it is a special .DLL, digitally signed and is checked by your KTS for unharmedness at every start.
Posted
EDIT found something valid about updating the other AV(zone alarm,eset..etc) which alarms you about it, its probably going to be false as you gentlemen explained. "KJIM.KDL" updated:11.39PM reading SCHULTE
Posted
Gentlemen, Sir Schulte, Thank you very much for taking time, effort, attention to this seems for you experts in the eye, maybe a boring worthless topic.(i said that, no shots fired) To me it explains everything. Would the AUTOSTART error explains this too, That it is a implementation of KTS ?
Posted
Hi KETZK, There is no 'boring worthless topic'. Every question has its justification and deserves an answer. Maybe other users have the same question.
Posted
Great, yes this may valid others scary feelings about this situation for sure. This topic is done for me gentlemen. Kudos to this group! Till next time, and i saw what you gentlemen did about the title of this topic, and i realised why. But by all means, had no bad/false plans with it. (pardon me ) Regards, and have a nice day/night further on. Stick safe! Kenneth.
Posted
I'm sorry, I didn't follow your subject very closely. Question: What do you mean by 'AUTOSTART error'? The start of the 'KJIM.KDL'? It is an important part of Kaspersky protection. By the way, it should be 'undeletable' for other programs, as long as Kaspersky is running, it is under special protection.
Posted
To be a bit clear , the title topic was " allways being happy with KTS, until i bought it ." And i realised why it was changed so, again by all means no bad meanings were intended. The question: Yes in the picture added in the last posts there are 2 in file folders. The KDL files. And the last one is a autostart error, but thath would be a safety config maybe from the KTS? For protecting the boot/startup up proces in windows ? But however i dont think i need to be worried about it. Because my proces loads are very comfortable these last days. But thank you very much for responding back to my last resting question.
Posted
I'm sure I speak for everyone involved: you're welcome.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...