Kaspersky
Solved

Kaspersky Detect untrusted program, HackTool but Kaspersky did not deleted it [Closed]

  • 29 July 2019
  • 6 replies
  • 1089 views

we faced a problem when Kaspersky detected strange program in one of our servers it is HackTool but Kaspersky did not deleted it
we kindly request your advises urgently .

Thanks in advance
icon

Best answer by richbuff 30 July 2019, 21:01

View original

This topic has been closed for comments

6 replies

Userlevel 7
Badge +7
Kaspersky did not deleted it
why should it be removed? Not everything that antivirus detects is a virus and must be removed.
Userlevel 7
Badge +4
Also, in addition to what kmscom indicates in the post located above this post,

Please post the full, complete detection details. Full file name, full path, full location, detection verdict. Post screenshot of Reports > Detailed reports > Detected objects.

Can you uninstall the item yourself? Can you delete the item yourself? What is the item?

We are just guessing, until you post the complete detection details.
Detected object:
not-a-virus:PDM:HackTool.Win32.CreDump.rbaa


Sunday, July 28, 2019 8:18:24 AM

Path to file
c:\​windows\​system32\​cmd.exe


Suspicious packed program N/A NT AUTHORITY\​SYSTEM
Userlevel 7
Badge +7
What does the “not-a-virus” prefix mean before an application’s name?
Not-a-Virus: What is it?
Userlevel 7
Badge +11
Detected object:
not-a-virus:PDM:HackTool.Win32.CreDump.rbaa
Path to file
c:\​windows\​system32\​cmd.exe
Suspicious packed program N/A NT AUTHORITY\​SYSTEM

@ymotairi,
To help @kmscom, @richbuff & me:
Go to KAV REPORTS, find the detection, export the report, upload the report using the "upload icon" in your reply post please?
Userlevel 7
Badge +4

Detected object:
not-a-virus:PDM:HackTool.Win32.CreDump.rbaa
Path to file
c:\​windows\​system32\​cmd.exe
Suspicious packed program N/A NT AUTHORITY\​SYSTEM
@ymotairi,
To help @kmscom, @richbuff & me:
Go to KAV REPORTS, find the detection, export the report, upload the report using the "upload icon" in your reply post please?


Also, in addition to what FLOOD indicates in the quoted post, located above this post,

Do you have a tool for Dumping User Credential?