Page 1 of 1

Posted: Fri Apr 16, 2010 4:13 pm
by Adrian (Softland)
Problem: Kaspersky antivirus detected FBackup as infected and deleted the exe file. That is a false positive and we already contacted Kaspersky to fix that problem. In the meantime, we offer two solutions bellow.
Description: Example of Kaspersky log:

`Proactive Defense

-----------------

Events monitored: 4

Registry calls: 0

Blocked: 4

Start time: 4/15/2010 11:19:05 AM

Duration: 04:39:26
Detected

--------

Status Object

------ ------
Events

------

Time Name Events

---- ---- ------

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP "Quarantine" action is selected

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Forced to terminate the process.

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Error moving to Quarantine.

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE "Quarantine" action is selected

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Forced to terminate the process.

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Error moving to Quarantine.
Registry

--------

Time Application Key name Value name Data Data type Operation type Status

---- ----------- -------- ---------- ---- --------- -------------- ------
Settings

--------

Parameter Value

--------- -----

Application Activity Analyzer on

Registry Guard off`
Solution:

In the Kaspersky report page, right click the suspicious file (FBackup.exe) and select "Add to trusted zone"
or
Open Kaspersky, click MySecurityZone - Applications (on the right).

Select All in the dropdown list and scroll down to the bottom.

Locate any applications related to FBackup and right-click them and click "change status" and select Trusted.

Run FBackup again.