INTERACT FORUM
More => Old Versions => Media Center 13 (Development Ended) => Topic started by: xen-uno on January 24, 2009, 01:12:04 pm
-
I'm getting a virus warning with Kaspersky (virus.win32.KME) in PackageInstaller.exe
[Edit by JimH -- From this build: ftp://ftp.jriver.com/pub/downloads/MC13/MediaCenter130112.exe ]
-
I'm getting a virus warning also in PackageInstaller.exe.
Virus.Win32.KME
-
Please report that to Kaspersky. It's a false positive.
-
My antivirus detected in the last mc13 version "Virus.Win32.KME"
What is it ?
Please analyse and fix ...
Thanks
-
What virus checker are you using? Kaspersky? ZoneAlarm?
Here's an example of a false positive:
http://linkscanner.softwaresecuritysolutions.com/knowledgeBase/kaspersky-false-positive.html
and another:
http://www.explabs.com/kb/display.asp?id=132
-
I sent the "PackageInstaller.exe" file to Virustotal (http://www.virustotal.com/). It tests the received files with 39 antivirus programs.
The result was 2/39. Only F-Secure and Kaspersky detected "Virus.Win32.KME".
Win32.KME is an old virus. It was found 5 years ago. Here is a description: http://www.f-secure.com/v-descs/bagif.shtml (like all viruses it has several names)
EDIT
Jim, you could report the issue to F-Secure. They have an online service for reporting false positives:
http://www.f-secure.com/samples/index.html
Perhaps Kaspersky has a similar service.
-
10-4 ... paused Kaz before install this time ... smooth sailing.
-
Jim, you could report the issue to F-Secure. They have an online service for reporting false positives:
http://www.f-secure.com/samples/index.html
It appears this service is for use by F-Secure user, not the virus creator (sorry, Jim ;) ). So I've reported it. I haven't done this before, so I don't know what to expect. I'll report whatever response I get.
-
I see from your link Jim that Kaspersky acknowledges that the "denial" I am getting with the launch of this build is a false positive. Even gladder to see they're working on a solution as I've just spent 30 minutes trying to get the wretched program to allow the installation without success. Does anybody know how to sort this out?? TIA. John.
-
I see from your link Jim that Kaspersky acknowledges that the "denial" I am getting with the launch of this build is a false positive. Even gladder to see they're working on a solution as I've just spent 30 minutes trying to get the wretched program to allow the installation without success. Does anybody know how to sort this out?? TIA. John.
what i did when it first came up in 109.
in kasperski you can add an exe to the trusted zone. see the attachment. it did look up the event in the reports from kaspersky. its on the frontpagefrom kasperky>reports>events. now rightclick the event where mcs packageinstaller is involved and say: add to trusted zone. you get the whole the path to the packageinstaller in some temp folder. i took that part away. the result i attached to this post. it seems to have done it, no problems with downloading and installing this build.
:)
gab
-
It is times like these I laugh. I have literally almost never ran an anti-virus since starting seriously with computers 10 years ago. I tried AVG just so I could say I've got one. It never found anything when I ran it. Nor do online scanners. I don't understand where people always get these viruses.
-
It is times like these I laugh. I have literally almost never ran an anti-virus since starting seriously with computers 10 years ago. I tried AVG just so I could say I've got one. It never found anything when I ran it. Nor do online scanners. I don't understand where people always get these viruses.
nice... young and fearless.
it is the day that one hits and all 13 machines and the server are infected that you will see the light. ;)
the question is how long it will take before you will even know that this trojan, for instance, is bombing the world with spam or watching how you just used your creditcard..
btw. its not only porn sites that are a risk. have desinfected to much computers of people who used virusscanners and were only surfing 'sience' sites.
:)
gab
-
I have literally almost never ran an anti-virus...
Why scan when you can nuke and pave? ;D
-
Thanks gappie - most helpful.
-
I'll report whatever response I get.
Here is the F-Secure response:
The file you submitted is indeed clean. A database update will be released to resolve this issue. For the meantime, you may exclude this file from Real-time Scanning. Instructions for exclusions can be found through this link (http://support.f-secure.com/enu/home/supportissue/fsis2007/virus_q06.shtml).
-
Thanks for sumbitting it, and for the report.
-
For Kaspersky I had to "pause" protection to install Media Center. Then Kaspersky flagged PackageIntaller.exe and put it in "untrusted". To get past that I had to manually move it "trusted" and then tell Kaspersky to "add exception" for the false virus.
I'm using it right now and it's working fine with those settings.
-
I resent the file to Virustotal. Unfortunately more programs detect it as a virus now. The result is 7/39:
http://www.virustotal.com/analisis/6eb5632515020b13f26b5dd84351445a (I am not sure if my result link works on other PCs, but you can always resent the file.)
Maybe the other program developers are licensing Kaspersky's and F-Secure's technology or maybe they are just copying the latest changes. ZoneAlarm (which is not separately included in Virustotal) uses Kaspersky's engine, but I don't know about others.
-
I resent the file to Virustotal. Unfortunately more programs detect it as a virus now. The result is 7/39:
http://www.virustotal.com/analisis/6eb5632515020b13f26b5dd84351445a (I am not sure if my result link works on other PCs, but you can always resent the file.)
Maybe the other program developers are licensing Kaspersky's and F-Secure's technology or maybe they are just copying the latest changes. ZoneAlarm (which is not separately included in Virustotal) uses Kaspersky's engine, but I don't know about others.
I believe both are licensed by quite a number of AV vendors.
-
Here's a quote from the Wikipedia article (http://en.wikipedia.org/wiki/Kaspersky_Lab) on Kaspersky Lab:
Kaspersky Anti-Virus engine also powers products or solutions by other security vendors, such as Check Point, Bluecoat, Juniper Networks, Sybari (now acquired by Microsoft), Netintelligence, GFI Software, F-Secure, Borderware, FrontBridge, G-Data, Netasq, and others. Altogether, more than 120 companies are licensing technology from Kaspersky, which makes it one of the most widely used antivirus engines in the industry.
-
I wonder if anyone has actually reported the false positive to Kaspersky.
They provide instructions here: http://forum.kaspersky.com/index.php?showtopic=13881&st=0&p=655042&#entry655042
I think someone from JRiver could post a report. It would actually be quite odd if the program developers could not do that when their program is falsely detected.
-
Just to add to this, ZoneAlarm Security Suite (version 7.x), which uses the Kaspersky engine, finds Virus.Win32.KME in the "packageinstaller.exe" file as well. I reported the issue to ZoneAlarm.
Larry
-
Viruses don't seem to find a way onto my computer while using Firefox. Especially if downloaded apps are limited and carefully examined before used.
-
Here is the F-Secure response:
Thank you! that issue was getting really annoying :)