Can someone help me understand why Kaspersky anti-virus identified and deleted a DLL within a recent Mission Planner update that is defined as a KeyLogger. I had to disable Kaspersky for the update to download; I was getting an update failed due to virus protection error; but my night time virus scan found this DLL with the Mission Planner directory and deleted it. Why is it there? Does it matter that it was deleted?Cheers!Pem
You need to be a member of diydrones to add comments!
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
Gary McCray > Michael OborneAugust 11, 2015 at 10:24am
Hi Michael,
Although I'm not currently using it, I have used Kaspersky in the past and it is a very popular anti virus program.
Way less obnoxious than Norton (what isn't) and even less of a pain than McAfee.
It comes free for a year on many Dell computers and there are hundreds of thousands of users.
Unfortunately, I think this means you can't ignore it and will either need to modify that module so it doesn't trigger Kaspersky's defenses or you will need to contact Kaspersky to get them to stop false triggering on it.
Obviously, some portion of the internal code bears a significant resemblance to the the "detected" virus and that is why they are deleting it.
It likely has nothing to do with it actually being the virus, but they are looking at machine code and it is entirely possible for a section of legitimate code to mimic a known evil chunk of code.
It would probably be simplest to just modify the order of elements in the DLL and recompile, there is a good chance that the code will be changed sufficiently to pass through Kaspersky without a false detection.
At worst you might need to move some of the elements to a separate DLL.
It is common for A/V software to detect false positives in new installations, thus the instructions usually suggest you disable your antivirus scanners during setup.
I ran Windows Defender yesterday morning with MP 1.3.28 installed on my PC and it did not detect the mentioned Trojan.
I updated to MP 1.3.31 yesterday afternoon after running Windows Defender and the download was not blocked.
I am presently running Windows Defender on my PC to see if it detects the mentioned Trojan, if it is there, since I updated to MP 1.3.31.
Regards,
TCIII Admin
Scott W > Thomas J Coyle IIIAugust 10, 2015 at 9:33am
just FYI, Windows Defender is about the weakest/most allowing AV available, while Kaspersky is the opposite, and blocks just about anything new. So basically, windows defender isn't a good test of whether or not something will throw up a red flag.
Replies
the source code
https://github.com/diydrones/MissionPlanner/tree/master/ExtLibs/Bas...
the library is for talking to windows directshow.
Hi Michael,
Although I'm not currently using it, I have used Kaspersky in the past and it is a very popular anti virus program.
Way less obnoxious than Norton (what isn't) and even less of a pain than McAfee.
It comes free for a year on many Dell computers and there are hundreds of thousands of users.
Unfortunately, I think this means you can't ignore it and will either need to modify that module so it doesn't trigger Kaspersky's defenses or you will need to contact Kaspersky to get them to stop false triggering on it.
Obviously, some portion of the internal code bears a significant resemblance to the the "detected" virus and that is why they are deleting it.
It likely has nothing to do with it actually being the virus, but they are looking at machine code and it is entirely possible for a section of legitimate code to mimic a known evil chunk of code.
It would probably be simplest to just modify the order of elements in the DLL and recompile, there is a good chance that the code will be changed sufficiently to pass through Kaspersky without a false detection.
At worst you might need to move some of the elements to a separate DLL.
Just a thought.
Best Regards,
Gary
ive submitted it as a false alarm. only time will tell from here
http://newvirus.kaspersky.com/
Same thing happened to me last night on MP ver 31(already installed). Using Norton Security Suite. Identified
baseclassesnet.dll as a Trojan.Gen.2 and blocked mission planner.exe.
I hope to have tiped it correct manually, because I couldn´t copy those lines directly from Kaspersky.
It is common for A/V software to detect false positives in new installations, thus the instructions usually suggest you disable your antivirus scanners during setup.
@Sgt_Ric,
I ran Windows Defender yesterday morning with MP 1.3.28 installed on my PC and it did not detect the mentioned Trojan.
I updated to MP 1.3.31 yesterday afternoon after running Windows Defender and the download was not blocked.
I am presently running Windows Defender on my PC to see if it detects the mentioned Trojan, if it is there, since I updated to MP 1.3.31.
Regards,
TCIII Admin
just FYI, Windows Defender is about the weakest/most allowing AV available, while Kaspersky is the opposite, and blocks just about anything new.
So basically, windows defender isn't a good test of whether or not something will throw up a red flag.
-
1
-
2
-
3
of 3 Next