Kaspersky
Solved

How can I install an application that KIS falsely identifies as malicious? Tajpi.exe detected. [Closed]


Today, KIS has identified an old application as malicious. It was created in 2016 and was working for a long time without any problems on my computer. Today, KIS has removed the application itself, the application installer, and prohibited the application from being downloaded. How to ignore all of this and install the application back?
I have created a support request INC000010472262.
icon

Best answer by Berny 23 May 2019, 19:56

Also in addition to FLOOD and only if you trust the application , before installing disable interactive protection > trust > exclude > enable interactive protection. Also , flush quarantine before proceeding.
View original

This topic has been closed for comments

14 replies

Userlevel 7
Badge +9
Hello ABEgorov,
Welcome!
Please tell us:
*Has KIS "quarantined the application?
If yes, may we have a screen print please?
*name of the application Kaspersky software (KIS) is objecting to?
*KIS version?
*Operating system, version & build?
Also, in Kaspersky application "Reports" are there any events detailing the detection/removal, if yes, please export to a text file & copy one complete entry and paste back here please?
Many thanks!
KIS 19.0.0.1088 (e).
Windows 10 x64, 1809 (10.0.17763.503)


I tried to restore it from the quarantine and add it to the exclusions. Now quarantine contains only help files...
code:
23.05.2019 19.59.07	Download blocked	http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000	Object name: Trojan-Spy.Win32.Xegumumune.aht	Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000	Application: Google Chrome	Object type: Trojan program	Time: 5/23/2019 7:59 PM
23.05.2019 19.59.07 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:59 PM
23.05.2019 19.44.35 PC Cleaner has finished a scheduled analysis of objects Time: 5/23/2019 7:44 PM
23.05.2019 19.41.55 Search for application updates Search completed, no available updates Important updates available: 0 Recommended updates available: 0 Started: Automatically Status: Completed Time: 5/23/2019 7:41 PM
23.05.2019 19.35.42 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:35 PM
23.05.2019 19.35.42 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:35 PM
23.05.2019 19.30.32 You have signed in to My Kaspersky portal Browser: Google Chrome Device: Desktop Operating system: Windows Login time: 5/23/2019 7:30 PM Time: 5/23/2019 7:30 PM
23.05.2019 19.30.31 Update of databases and application modules Completed. Average download speed:: 1.35 MB/s Status:: Completed. Downloaded and updated:: 1.07 MB Total duration: 4 minutes 36 seconds Time: 5/23/2019 7:30 PM
23.05.2019 19.24.29 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:24 PM
23.05.2019 19.24.29 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:24 PM
23.05.2019 19.23.56 Download blocked http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:23 PM
23.05.2019 19.23.56 Object (file) detected http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Object name: Trojan-Spy.Win32.Xegumumune.aht Object: http://www.zz9pza.net/tajpi/tajpi298inst.exe//data0000 Application: Google Chrome Object type: Trojan program Time: 5/23/2019 7:23 PM
23.05.2019 19.21.55 Rolled back actions of malware PDM:Trojan.Win32.Generic Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\tajpi.lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\malinstali tajpi.lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\helpo.lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\programdata\microsoft\windows\start menu\programs\tajpi\helpo (angla).lnk Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.55 File deleted when rolling back actions of malware c:\program files (x86)\tajpi\is-cimud.tmp Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.55 File renamed when rolling back actions of malware c:\program files (x86)\tajpi\is-cimud.tmp Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.21.40 Detected object (file) deleted C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:21 PM Object name: UDS:Trojan-Spy.Win32.Xegumumune
23.05.2019 19.21.40 Detected object (file) moved to Quarantine C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:21 PM Object name: UDS:Trojan-Spy.Win32.Xegumumune
23.05.2019 19.21.14 Removed malware PDM:Trojan.Win32.Generic Application name: I:\Downloads\tajpi298inst.exe Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:21 PM
23.05.2019 19.20.50 Detected malware PDM:Trojan.Win32.Generic Application name: Tajpi Setup Application path: i:\downloads\tajpi298inst.exe Time: 5/23/2019 7:20 PM
23.05.2019 19.20.50 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: C:\Users\abegorov\AppData\Local\Temp\is-O9L34.tmp\tajpi298inst.tmp File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: Trojan-Spy.Win32.Xegumumune.aht Reason: Information
23.05.2019 19.20.49 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: UDS:Trojan-Spy.Win32.Xegumumune
23.05.2019 19.20.48 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: Trojan-Spy.Win32.Xegumumune.aht Reason: Information
23.05.2019 19.20.48 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:20 PM Object name: Trojan-Spy.Win32.Xegumumune.aht Reason: Information
23.05.2019 19.20.43 Application added to the Trusted group Setup/Uninstall Application: Setup/Uninstall Reason: KSN information Application path: C:\Users\abegorov\AppData\Local\Temp\is-O9L34.tmp\tajpi298inst.tmp Time: 5/23/2019 7:20 PM
23.05.2019 19.20.41 Application added to the Trusted group Setup/Uninstall Application: Setup/Uninstall Reason: KSN information Application path: C:\Users\abegorov\AppData\Local\Temp\is-URD9Q.tmp\tajpi298inst.tmp Time: 5/23/2019 7:20 PM
23.05.2019 19.19.38 Detected object (file) deleted C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:19 PM Object name: Trojan-Spy.Win32.Xegumumune.aht
23.05.2019 19.19.37 Detected object (file) moved to Quarantine C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:19 PM Object name: Trojan-Spy.Win32.Xegumumune.aht
23.05.2019 19.18.11 Selective Scan No threats detected Detected: 0 Deleted: 0 Not disinfected: 0 Release date of databases used for scan: 5/23/2019 12:49 PM Total duration: 0 seconds Completion time: 5/23/2019 7:18 PM
23.05.2019 19.17.43 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:17 PM Object name: Trojan-Spy.Win32.Xegumumune.aht
23.05.2019 19.16.58 Detected object (file) deleted C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:16 PM Object name: Trojan-Spy.Win32.Xegumumune.aht
23.05.2019 19.16.58 Detected object (file) moved to Quarantine C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:16 PM Object name: Trojan-Spy.Win32.Xegumumune.aht
23.05.2019 19.15.18 Selective Scan No threats detected Detected: 0 Deleted: 0 Not disinfected: 0 Release date of databases used for scan: 5/23/2019 12:49 PM Total duration: 0 seconds Completion time: 5/23/2019 7:15 PM
23.05.2019 19.14.30 Object (file) detected C:\Program Files (x86)\Tajpi\Tajpi.exe Application: Windows Explorer File: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:14 PM Object name: Trojan-Spy.Win32.Xegumumune.aht
23.05.2019 19.11.45 Application is allowed to receive audio stream SkypeApp Application: SkypeApp Application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe Time: 5/23/2019 7:11 PM
23.05.2019 19.11.45 Application is allowed to receive audio stream SkypeApp Application: SkypeApp Application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe Time: 5/23/2019 7:11 PM
23.05.2019 19.11.37 Removed malware PDM:Trojan.Win32.Bazon.a Application name: C:\Program Files (x86)\Tajpi\Tajpi.exe Application path: c:\program files (x86)\tajpi\tajpi.exe Time: 5/23/2019 7:11 PM
23.05.2019 19.11.21 Removed malware PDM:Trojan.Win32.Bazon.a Application name: Klavarilo por esperantistoj Application path: HKU\S-1-5-21-2371300580-1008966690-3884442651-1001\Software\Microsoft\Windows\CurrentVersion\Run\Tajpi Time: 5/23/2019 7:11 PM
23.05.2019 19.11.19 Terminated malware PDM:Trojan.Win32.Bazon.a Application name: Klavarilo por esperantistoj Application path: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:11 PM
23.05.2019 19.11.19 Detected malware PDM:Trojan.Win32.Bazon.a Application name: Klavarilo por esperantistoj Application path: c:\program files (x86)\tajpi\tajpi.exe Time: 5/23/2019 7:11 PM
23.05.2019 19.11.18 Application added to the Low Restricted group Klavarilo por esperantistoj Application: Klavarilo por esperantistoj Reason: default Application path: C:\Program Files (x86)\Tajpi\Tajpi.exe Time: 5/23/2019 7:11 PM
23.05.2019 19.11.00 Task started Web Anti-Virus Time: 5/23/2019 7:11 PM
23.05.2019 19.11.00 Task started Mail Anti-Virus Time: 5/23/2019 7:11 PM
23.05.2019 19.11.00 Task started IM Anti-Virus Time: 5/23/2019 7:11 PM
23.05.2019 19.11.00 Task started System Watcher Time: 5/23/2019 7:11 PM
23.05.2019 19.11.00 Task started Network Attack Blocker Time: 5/23/2019 7:11 PM
23.05.2019 19.11.00 Task started Anti-Banner Time: 5/23/2019 7:11 PM
23.05.2019 19.10.55 Task started File Anti-Virus Time: 5/23/2019 7:10 PM
23.05.2019 19.10.55 Task started Firewall Time: 5/23/2019 7:10 PM
23.05.2019 19.10.55 Task started Application Control Time: 5/23/2019 7:10 PM
I added to the exclusions:
http_//www_zz9pza.net_tajpi_tajpi298inst.exe
I:\Downloads\tajpi298inst.exe
C:\Program Files (x86)\Tajpi

Are there any easier ways to do this?

------
Moderation Edit : Download link disabled
Userlevel 7
Badge +8
Also in addition to FLOOD and only if you trust the application , before installing disable interactive protection > trust > exclude > enable interactive protection. Also , flush quarantine before proceeding.
Userlevel 7
Badge +9
Hello ABEgorov,
Thanks for posting back the information.

The link http_//www_zz9pza.net_tajpi_tajpi298inst.exe is malicious according to the reputation data of Kaspersky VirusDesk. We do not recommend that you follow this link.
code:
The Kaspersky report:




code:
23.05.2019 19.11.37	Removed malware	PDM:Trojan.Win32.Bazon.a	Application name: C:\Program Files (x86)\Tajpi\Tajpi.exe	




Trojan.Win32.Bazon.A Description

Trojan.Win32.Bazon.A is a Trojan horse infection that may load on a system and then perform various actions in the background without any indication to the computer user. The actions of Trojan.Win32.Bazon.A may include allowing remote attackers access to the infected system. Through access by use of Trojan.Win32.Bazon.A, remote hackers may be able to steal data stored on the hard drive. Removal of Trojan.Win32.Bazon.A may require use of an updated antispyware program designed to remove Trojan horse infections

Software changes all the time, it could be a change in the software that was previously classified as safe no longer meets the criteria to continue with that classification.

(imo) I would not be seeking to install or try to override Kaspersky software before I consulted Kaspersky experts.

With respect, we suggest you seek the advice from Kaspersky Technical Team, log into your MyKaspersky account - https://my.kaspersky.com/, create an incident report.
or https://support.kaspersky.com/b2c - choose your location for Kaspersky Technical Team
or LiveChat
or email - customerservicesolution@kaspersky.com; newvirus@kaspersky.com

Thank you.

------
Moderation Edit : Download link disabled
Userlevel 7
Badge +8
I have created a support request INC000010472262.

Also, if you don’t trust please wait for the K-Lab verdict who will confirm or deny a False Positive.
Userlevel 7
Badge +9
Hello ABEgorov,
Thank you for posting back and for logging an incident.
If the expert team find the software is safe your input will be very helpful.
Best regards!
I trust this application.

It first appeared in KSN two years ago and yesterday KIS did not detect anything. I don't know why this happened today but the manual scan still shows "no threats detected"...

Userlevel 7
Badge +8
@ABEgorov This kind of issues can happen , in some cases KIS detections vs KSN are contradictory.
Now even without interactive protection, "C:\Program Files (x86)\Tajpi" in the exclusions and "Tajpi.exe" in Trusted (Application Control) group I cannot launch the application...


I have solved the problem. I need the two exclusions for the application...

Userlevel 7
Badge +8
Please provide above additional feedback to the Technical Support.
The Virus lab confirmed False Positive.

Userlevel 7
Badge +9
Hello ABEgorov,
Thank you for posting back, that is good news.
Best regards.