Kaspersky
Question

net-slim-desktop.exe detected as Adware. Where is the backup copy?

  • 13 December 2020
  • 6 replies
  • 135 views

  • Community Citizen
  • 5 replies

Edit: it says that has beeen created a backup copy: where it is???

Evento :    È stata creata una copia di backup dell'oggetto
Utente :    HAL9003\Riccardo
Tipo di utente :    Utente attivo
Nome applicazione :    explorer.exe
Percorso dell'applicazione :    C:\Windows
Componente :    Anti-Virus File
Descrizione risultato :    Copia di backup creata
Tipo :    Adware
Nome :    not-a-virus:HEUR:AdWare.Win32.DealPly.gen
Precisione :    Analisi euristica
Livello di pericolosità :    Medio
Tipo di oggetto :    File
Nome oggetto :    driver-rainbow-8953-net-slim-desktop.exe
Percorso oggetto :    D:\Install\Hardware\TastieraRainbow
MD5 :    7BD31066C29EC6575EA7265538D51608

----

This is a driver installer for a keyboard still in use on a separate (old) pc, but was on mine too as a reference. By year.

 

Yesterday during a full scan I noticed the alert and on the fly allowed it as a trusted one, but it disappeared under my eyes. Now I’m reviewing all the scan log and… WHERE THE HELL IT IS NOW???

What means “blocked”, being it not in the quarantine? HOW CAN I RECOVER IT???

 

This is absolutely insane, cannot allow this.

Hoping for replies to both my questions, I cannot rely on such a situation: I MUST be asked if something is “not-a-virus”


6 replies

Userlevel 7
Badge +8

@RRisk Welcome.  What you could eventually try if you trust the object is disable temporary Kaspersky’s interactive protection , install the driver (if needed restore quarantine)  and create an exclusion.

Yes, if the product performs action on a file (for instance detection-removal), then it saves the copy to Quarantine in product.

So it is possible to restore the file from the Quarantine. 

@Anton Mefodys thanks for the reply, but that file IS NOT in Quarantine, it’s the first place I looked in yesterday during my log check.

So I might guess it has been definitely lost?

 

p.s. Any hint for saving a list of quarantined files or to expand the Kaspersky window will be very appreciated. :-(

@RRisk Welcome.  What you could eventually try if you trust the object is disable temporary Kaspersky’s interactive protection , install the driver (if needed restore quarantine)  and create an exclusion.


Hi Bemmy, as you can see from my screenshot that object exists no more in its folder, any suggestion about where to find it?

Thanks in advance.

Userlevel 7
Badge +8

@RRiskBefore reinstalling the driver, please follow these steps :

1) Uncheck “Perform recommended actions  automatically”
2) Install the driver
3) When prompted , save the object to Quarantine
4) Restore the Quarantine
5) Create an exclusion for the object
> Settings > Additional > Threats and Exclusions > Manage exclusions > Add …..
6) Enable “Perform recommended actions  automatically”
7) Reboot
 

 

Thanks everybody for your efforts, but as I wrote in the original message, that driver was not installed here in this PC, but in another one, and the driver installer was on my D:\Install folder just for archive/reference.

I do really appreciate the replies but didn’t point to the question of the “not a virus” file deleted by Kaspersky and no more recoverable.

And more I’m still arguing where that backup copy should be :-)

 

I just filed a ticket ( INC000012216512), but if Kaspersky deletes things erratically without asking and even after an “create exception” I cannot rely on it.

Anyway I will maint it on my PC (disabled of course) for some day hoping for a solution via the ticket or in case of details asked.

Reply