Kaspersky Woes

[Belly]

Could someone please help me with this?

Every day or so Kaspersky places a file or files into Quarantine, each file is similar and originates from more or less the same location:

Today’s Latest Example:

C\System Volume Information\ restore{FD0339C5-325C- (series of numbers\A0060809.exe

The report categories it as:

UDS: DangerousObject.Multi.Generic Quarantined 10/09/2012 13:36:57

When I go to Kaspersky Report, click the offending extry and send it by email to Kaspersky for analysis the reply is always that there is “No malicious code was found in this file”. It’s happening with monotonous regularity.

A few days ago I deleted all restore points and created a new one in the hope that this would cure the problem.

Does anyone have any idea what might be causing this and is there anything I can do about it.

I ran Spybot SD and that doesn’t find anything.

Thanx

 

[bignev72]

Sounds like a virus is trying to install some software but Kaspersky is stopping it.

Run Combofix.exe and Malwarebytes and see if they pick anything up.

 

[KIA]

Delete all restore points, disable then enable system restore.

 

[Belly]

Thanx

I've installed and run Malwarebytes it identified CMDOW.exe but I've restored it after doing a Google search.

I had a quick look at Combofix and frightens the life out of me!!

KIA, I'll take your advise on the restore points.

I actually saw Malwarebytes rush past the System Volume Information and didn't detect anything.

Thanx again

 

[Belly]

Yesterday I removed ALL Restore Points, Disabled, ran Kaspersky, enabled restore.

This morning when I booted up I got an error message that Kaspersky " Previous Application Launch Failed" and asked that I send the report to KIS.

I ran a vulnerability application Scan with KIS and it has (AGAIN) Quarantined the restore exe file.

C\System Volume Information\ restore{ (series of letters and numbers numbers\A0000001.exe

UDS DangerousObject.Multi.Generic Quarantined 11/09/2012 13:13:17

Can someone PLEASE help with this? As I say when I forward the file to KIS they suggest it is sound.

 

[TWiNKLeT0Es]

What version of KIS are you using?

I believe there was a bug in previous versions where the detection would still pop up after it was removed. Have you right clicked the detection and clicked "Remove"?

Download the latest version HERE. Version 2013.

Failing that try in the Forums.

 

[Belly]

Thanx TWiNKLeTOEs

My version is Internet Security 12.0.0 etc

KIS identifies the restore point Axxxxxxx.exe files as UDS DangerousObject.Multi.Generic - Quarantined.

When I had more than one restore point KIS would often identify a few of them. Sometime later I might get a message stating that one of them was NOT infected and could be restored. Next time KIS ran it might find the same file and put it back in quarantine. A bit like a Hamster in a Wheel.

When I go to KIS reports and send the file for analaysis to KIS (Internet) says its not infected.

However because I didn't need the restore points I deleted the files from Quarantine in KAS

Following the advice given above (KIA), I deleted all restore points, Disabled Restore, ran Malwarebytes+Spybot S&D and then enabled - giving me just one restore point.

The next time I ran KIS Scan it identified the "new" A000001.exe

So I'm really at a loss

I seem to remember that, for me, removing an old version of KIS and installing a new version was worrying. I still have sixty odd days left on 2012.

Do you think this is a serious attack?

Thanx again

 

[TWiNKLeT0Es]

I still have sixty odd days left on 2012.

Do you think this is a serious attack?

Its free to upgrade to any version so if you still have your key it will still work on version 2013. I wouldn't like to say if it was a serious attack but most probably its fine. Go over to the Kaspersy Forum and run a GetSystemInfo report and post a thread with all your info as may be able to help you with removing it.

Edit

Oh it look like you already have? There not the fastest at replying though.