Can someone help me understand why Kaspersky anti-virus identified and deleted a DLL within a recent Mission Planner update that is defined as a KeyLogger. I had to disable Kaspersky for the update to download; I was getting an update failed due to virus protection error; but my night time virus scan found this DLL with the Mission Planner directory and deleted it. Why is it there? Does it matter that it was deleted?

Cheers!
Pem

Views: 3291

Reply to This

Replies to This Discussion

what file did it delete?

there is no key logger inside mp, apart from shortcut keys.

My Kaspersky told me the same today. A KeyLogger was detected while installing the newest update: Trojan-Spy.MSIL.KeyLogger.bzam. It was found in http://firmware.diydrones.com/MissionPlanner/upgrade/BaseClassesNet...

I hope to have tiped it correct manually, because I couldn´t copy those lines directly from Kaspersky.

It is common for A/V software to detect false positives in new installations, thus the instructions usually suggest you disable your antivirus scanners during setup.

@Sgt_Ric,

I ran Windows Defender yesterday morning with MP 1.3.28 installed on my PC and it did not detect the mentioned Trojan.

I updated to MP 1.3.31 yesterday afternoon after running Windows Defender and the download was not blocked.

I am presently running Windows Defender on my PC to see if it detects the mentioned Trojan, if it is there, since I updated to MP 1.3.31.

Regards,

TCIII Admin 

just FYI, Windows Defender is about the weakest/most allowing AV available, while Kaspersky is the opposite, and  blocks just about anything new. 
So basically, windows defender isn't a good test of whether or not something will throw up a red flag.

@Scott,

The latest version of Windows Defender is pretty robust according to recent reviews and is updated every night on my PC.

I found Norton to be one of the most obnoxious pieces of antivirus crap that I have ever used. Norton even blocked downloads from its own website when I used to use it in the distant past.

Regards,

TCIII AVD

The deleted file is BaseClassNET.dll, shown in Mike Dobbs screensnap below.

As I said, I had to disable Kaspersky to get the update; with Kaspersky off, Mission Planner updated and ran fine.  But during the night when Kaspersky performs a virus scan, it identified and deleted this file:  BaseClassesNET.dll.  According to Kaspersky, within this file is:  Trojan-Spy.MSIL.KeyLogger.bzam.

How will the deletion of the "BaseClassesNET.dll" file from the "C:/Program Files (x86)/Mission Planner/" sub-directory effect the performance of Mission Planner?

the source code

https://github.com/diydrones/MissionPlanner/tree/master/ExtLibs/Bas...

the library is for talking to windows directshow.

Hi Michael,

Although I'm not currently using it, I have used Kaspersky in the past and it is a very popular anti virus program.

Way less obnoxious than Norton (what isn't) and even less of a pain than McAfee.

It comes free for a year on many Dell computers and there are hundreds of thousands of users.

Unfortunately, I think this means you can't ignore it and will either need to modify that module so it doesn't trigger Kaspersky's defenses or you will need to contact Kaspersky to get them to stop false triggering on it.

Obviously, some portion of the internal code bears a significant resemblance to the the "detected" virus and that is why they are deleting it.

It likely has nothing to do with it actually being the virus, but they are looking at machine code and it is entirely possible for a section of legitimate code to mimic a known evil chunk of code.

It would probably be simplest to just modify the order of elements in the DLL and recompile, there is a good chance that the code will be changed sufficiently to pass through Kaspersky without a false detection.

At worst you might need to move some of the elements to a separate DLL.

Just a thought.

Best Regards,

Gary

Reply to Discussion

RSS

© 2018   Created by Chris Anderson.   Powered by

Badges  |  Report an Issue  |  Terms of Service