Kaspersky
Solved

File anti virus detects Heur.Exploit.Multi.DrvDos.gen in google search for CCleaner.

  • 27 January 2021
  • 24 replies
  • 628 views

Userlevel 2

Can somebody help me. When I search on google, kaspersky automatically blocks a download. Does my computer have a trojan? I run a full scan and detected a problem, it couldn't disinfect the virus (it was in the cache of edge) So I cleared the cache, cleared the reports, and reboot my computer. I run s can again and now it doesnt detect any problems. But when I search on google, kaspersky still automatically blocks a download. The issue was not solved at all. Heur.Exploit.Multi.DrvDos.gen is the file name. What do I do?

Please I really need help

icon

Best answer by Igor Kurzin 29 January 2021, 05:51

Good day,

The detect no longer occurs, please check on your side. Thanks.

View original

24 replies

Userlevel 7
Badge +8

@StellarDream Welcome. Can you please post a screenshot from the detection.

Userlevel 2

 

Userlevel 2

Thank you for responding!

It is triggered by a google search of "ccleaner". Does this affect my computer?  Before all of this, I just recently updated windows 10 and my bios upgraded, is this related to the issue? 

Please help me

Userlevel 5
Badge +1

https://opentip.kaspersky.com/D169426300AAD76FC3AAF4397D499258/

The same problem exists here:

https://www.technopat.net/sosyal/konu/kaspersky-technopat-sosyale-girerken-zararli-tespit-etti.1305338/post-9291863

 

Go to the same site you entered with the MS edge browser and share the MD5 result.

Userlevel 2

Sorry for the late reply.

The site was https://www.google.com/search?q=ccleaner&oq=ccleaner&aqs=chrome.0.69i59j0i67j0i395l6.1421j1j7&sourceid=chrome&ie=UTF-8

The md5 result from kaspersky is   52CB0FEF7A8366F586088BEC70AE4A39

 

Userlevel 2

 

Userlevel 7
Badge +9

But when I search on google, kaspersky still automatically blocks a download. The issue was not solved at all. Heur.Exploit.Multi.DrvDos.gen is the file name. What do I do?

Hello @StellarDream

Thank you for the additional information:ok_hand_tone4:

Same: 

 

 

 

 

 

 

 

 

  1. Your KIS application managed the immediate issue by blocking the download.
  2. In our searches, MD5 changes.
  3. Kaspersky need to look at the site, please log a case with Kaspersky Technical Support, fill in the MalwareDetected threat appears over & over again template (image 5 above); in the problem description provide a detailed history & the URL for this topic; Support may request Logs & or other system data, they will guide you. 
  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.

Please share the outcome with the Community when it’s available? 

  • CCleaner Technical Team have been informed. 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 7
Badge +4

Hi all, looks like a false detection, checking with VirusLab experts. Will post back when there is news. 

 

Userlevel 7
Badge +4

Good day,

The detect no longer occurs, please check on your side. Thanks.

Userlevel 2

Thank you very much for the help

The issue is also gone here too.

If you don't mind, I have one last question, can I rest easy that my computer is not infected?

 

Userlevel 7
Badge +9

Hello @StellarDream

Thank you for checking & confirming Kaspersky is no longer detecting CCLeaner www:ok_hand_tone3:  

Yes, you can relax. 

  1. The Kaspersky software blocked the download attempt. 
  2. The download attempt was a false positive, nothing actually happened, the problem was on the Kaspersky side, not on your computer & not on CCLeaner side. 
  3. Kaspersky fixed the problem on their side, things are back to normal. 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 2

Thank you very much again for the help. ^_^

Userlevel 7
Badge +4

can I rest easy that my computer is not infected?

Absolutely! 

To have a more fuzzy feeling of being protected, update databases and run a full scan task :) 

Hello, I have same problem but with a forum site; however the site is not full blocked:

 

 
 

 

 

Userlevel 7
Badge +9

Hello @Huchim

Welcome!

Confirmed:thumbsup_tone3:  

 

 

  1. Please log a case with Kaspersky Technical Support, fill in the MalwareDetected threat appears over & over again template (image 2 above); in the problem description provide a detailed history & the URL for this topic; Support may request Logs & or other system data, they will guide you. 
  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.

Please share the outcome with the Community when it’s available? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Waiting a response:

INC000012410597

Userlevel 7
Badge +4

Hi @Huchim , no detection on my end at the moment. Can you check now? 

Hi @Flood and Flood's wife, still detected on your pc?

Userlevel 7
Badge +9

Hello @Igor Kurzin

Yes.

 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Hi @Igor Kurzin , yes it is detected in firefox latest version:

 

Userlevel 7
Badge +8

Hi @Igor Kurzin

FYI, i can’t reproduce this issue on my side.

Userlevel 7
Badge +4

Hi @Flood and Flood's wife , thanks for posting back, we reproduced and virus analysts confirmed the false-positive. A fix will be released soon. 

@Huchim , thanks. 

@Berny , it seems the reproduction is intermittent. 

The detection does not longer occurs. Thank you

Userlevel 7
Badge +9

Confirmed!

Thanks @Igor Kurzin:thumbsup_tone3:

Hello,

The reason for the related warning is the recent Windows DoS / BSOD exploit. In short, when the relevant exploit code is searched in browsers or entered anywhere in the system, it causes BSOD in systems. Although Kaspersky cannot execute the code, it blocks pages containing the relevant code.

If you are getting the warning on every website, clear your browser history and cache. If you are getting warnings on other pages, those pages may contain the corresponding code. Members who joke on forum sites can send messages containing this code to the pages. This is why these pages are blocked by Kaspersky.

Sorry please, my English is not too good. So translated with Google Translate.

News on the topic: https: //www.bleepingcomputer.com/news/security/windows-10-bug-crashes-your-pc-when-you-access-this-location/

 

Reply / Ответить