Jump to content

PDM:Exploit.Win32.Generic.nblk false positive? rvc software


Go to solution Solved by oleg12121212,

Recommended Posts

oleg12121212
Posted (edited)
  1. Windows 10 Pro 19045.4170
  2. Kaspersky total security with official subscription
  3. hello

    im using this software called realtime voice changer

    https : //github.com/w-okada/voice-changer/blob/master/README_en.md

    old version 1.5.3.17b is working alright without any notifications from KTS

    today i tried to install and run latest version which is 1.5.3.18a

    and KTS gives me notification says its trojan

    Event: Process terminated
    Application: MMVCServerSIO.exe
    User: DESKTOP-3RMDC6P\admin
    User type: Active user
    Component: System Watcher
    Result description: Terminated
    Type: Trojan
    Name: PDM:Exploit.Win32.Generic.nblk
    Threat level: High
    Object type: Process
    Event: Malicious object detected
    Application: MMVCServerSIO.exe
    User: DESKTOP-3RMDC6P\admin
    User type: Active user
    Component: System Watcher
    Result description: Detected
    Type: Trojan
    Name: PDM:Exploit.Win32.Generic.nblk
    Threat level: High
    Object type: Process
    Object path: c:\mmvcserversio18a
    Object name: mmvcserversio.exe
    Reason: Databases
    Databases release date: Today, 4/8/2024 6:31:00 PM

    is it false positive?

    i have downloaded latest version here https : //huggingface.co/wok000/vcclient000/blob/main/MMVCServerSIO_win_onnxgpu-cuda_v.1.5.3.18a.zip

 

 

 

 

  1. UwSbm6B.png
Edited by Berny
oleg12121212
Posted
Event: Object deleted
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe

 

 

 

Event: Process terminated
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Terminated
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: C:\MMVCServerSIO18a
Object name: MMVCServerSIO.exe

 

Event: Malicious object detected
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Reason: Databases
Databases release date: Today, 4/8/2024 6:31:00 PM
Event: Blocked
Application: MMVCServerSIO.exe
User: DESKTOP-3RMDC6P\admin
User type: Active user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Exploit.Win32.Generic
Threat level: High
Object type: Process
Object path: c:\mmvcserversio18a
Object name: mmvcserversio.exe
Databases release date: Today, 4/8/2024 6:31:00 PM

 

todays reports

oleg12121212
Posted (edited)

i have 2 folders on drive c:/

 

c:/MMVCServerSIO for older version 1.5.3.17b which is working fine

and i tried to install and run 1.5.3.18a from folder c:/MMVCServerSIO18a

and that happened

Edited by oleg12121212
oleg12121212
Posted
6 минут назад, Berny сказал:

@oleg12121212 Welcome.

Please see how to submit a False Positive 

 

i will do

the odd thing is when im scanning this file it says no viruses

o58vMQc.png

 

BU4W0Ib.png

oleg12121212
Posted

i have submitted it for another review but it says

Report for hash

A9ADF005997DE92964247070271EC2DDFBF8A068B5FCC2466C677183EF234AD2
Clean
 
very odd
Posted

@oleg12121212 when you upload program to virustotal? How is result? 

oleg12121212
Posted
5 минут назад, nexon сказал:

@oleg12121212 when you upload program to virustotal? How is result? 

https://www.virustotal.com/gui/file/a9adf005997de92964247070271ec2ddfbf8a068b5fcc2466c677183ef234ad2?nocache=1

2/71 security vendors and no sandboxes flagged this file as malicious
Creation Time
2024-03-05 14:10:33 UTC 
First Seen In The Wild
2024-03-05 23:10:34 UTC 
First Submission
2024-03-05 17:40:18 UTC 
Last Submission
2024-04-08 21:48:48 UTC 
Last Analysis
2024-04-08 21:48:55 UTC

 

oleg12121212
Posted
7 минут назад, Schulte сказал:

Hello @oleg12121212,

'PDM...' indicates that the detection is done at runtime.

KOTIP cannot know if and with which other programs or drivers the program interacts on your computer.
Therefore only the support can help after receiving the relevant logs:
https://support.kaspersky.com/us/common/diagnostics/15898

i will read it how to do it

and submit as well

Posted

False positive. But contact Tech Support for analysis.. 

  • Solution
oleg12121212
Posted (edited)

RE: Kaspersky Anti-virus Lab replies to your request [VD3] [FILE:2] [LN:EN] [KL-2184162]

 
 
Kaspersky AntiVirus Lab
Сегодня, 12:16
Кому:вам
 
 
Hello,

This is a false positive of the PDM module.
Detection will disappear within 24 hours.

Best regards, Alexey Safonov, Malware Analyst, Kaspersky Lab
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names
Edited by oleg12121212
  • Like 2
Posted (edited)

BTW russian forum also exists here.. If you didnt knew...

Edited by nexon
oleg12121212
Posted
6 минут назад, nexon сказал:

BTW russian forum also exists here.. If you didnt knew...

🤪

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...