Kaspersky
Question

Problem with website detection

  • 6 September 2021
  • 39 replies
  • 399 views

Userlevel 2
Badge
  • Bronze Junior Helper
  • 50 replies

Here is the link :  "https://www.y2mate.com/en92"

In this link, kaspersky doesn’t block a redirects which are phishing and malicious don’t know.

Is Kaspersky’s detection ratio so low that it can’t block websites of a trending site which can be found by simple google search ?

Device :- Windows 10 21h1

Internet Security 21.3.10.391(f) 


39 replies

Userlevel 7
Badge +8

@Apal  Please submit the url here https://opentip.kaspersky.com and ask for reanalyze.

 

 

Userlevel 2
Badge

That I have already done at the first instance. 

But, I am really worried, Is kaspersky really protecting me from actual malicious website or, just a show piece?? 😥🤐

Userlevel 2
Badge

@Apal  Please submit the url here https://opentip.kaspersky.com and ask for reanalyze.

 

 

Can you please check from your side, if it is blocking the pop ups while downloading the video or, not ?

Userlevel 7
Badge +10

Hello @Apal,

  • Kaspersky denies the download, image 6 & Kaspersky report, image 7:

 

 

 

 

 

 

 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 7
Badge +5

Hello,

Which place do you think it has redirection link? Could you take a screenshot on it? I see its html code doesn’t have any redirection object.

Regards.

 

 

 

 

Userlevel 7
Badge +10

Hello @Wesly.Zhang

We can’t get to that site. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 7
Badge +5

Hello @Wesly.Zhang

We can’t get to that site. 

Thank you:pray_tone3:

Flood:whale: +:whale2:


Hello,

I think you should use a vpn services. :wink:

Regards.

Userlevel 7
Badge +10

Hello @Wesly.Zhang

:sweat_smile:

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood:whale: +:whale2:

Userlevel 2
Badge

Hello @Wesly.Zhang

:sweat_smile:

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood:whale: +:whale2:

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.

Userlevel 2
Badge

Hello,

Which place do you think it has redirection link? Could you take a screenshot on it? I see its html code doesn’t have any redirection object.

Regards.

 

 

 

 

I attached screenshot just above this reply.

Userlevel 2
Badge

Also, some time adblock tester shows 78/100 and, sometimes 53/100. Is my kaspersky not functioning ??

Userlevel 7
Badge +10

Hello @Apal

Thank you for the update!

Please remember, when you first log a topic, the more you tell us & show us (with images), the better we’re all able to help you - none of us possess a :crystal_ball:.

  1. On the download page, did you select one of the GREEN download options?
  2. Has KIS been restored to Default? 
  3. Have the browsers been reset to default? 

Please let us know?

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 2
Badge

Hello @Apal

Thank you for the update!

Please remember, when you first log a topic, the more you tell us & show us (with images), the better we’re all able to help you - none of us possess a :crystal_ball:.

  1. On the download page, did you select one of the GREEN download options?
  2. Has KIS been restored to Default? 
  3. Have the browsers been reset to default? 

Please let us know?

Thank you:pray_tone3:

Flood:whale: +:whale2:

1. Yes, according screenshot 1 that i have sent you, it shows a green button download mp4, and I clicked it, it instant redirected me to that fearful website.

2. Yes, Kaspersky has been restored to default, but changed required settings like detect other software and every thing as usual.

3. Yes, Just yesterday I reinstalled chrome browser. Before that also, I was facing and now also.

 

Also, I want to say that before this e and f patch, there used to be literally no pop ups or, redirects. And, I can safely download mp4 and mp3 from that website.

Userlevel 7
Badge +10

Hello @Apal

Thank you for the update!

Please remember, when you first log a topic, the more you tell us & show us (with images), the better we’re all able to help you - none of us possess a :crystal_ball:.

  1. Reinstalling Chrome browser is not the same as resetting the Chrome browser → follow all steps in topic written by @richbuff → Kaspersky notification of detection, file or website detected.
    In KIS Web Web Anti-virus Reports, filter for the last 48 hrs, save the Report as a text file, attach to your reply using the paper clip icon, we’d like to test the URLs in your images - we do not wish for you to post the URLs direct to this topic. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 2
Badge

Hello @Apal

Thank you for the update!

Please remember, when you first log a topic, the more you tell us & show us (with images), the better we’re all able to help you - none of us possess a :crystal_ball:.

  1. In KIS Web Web Anti-virus Reports, filter for the last 48 hrs, save the Report as a text file, attach to your reply using the paper clip icon, we’d like to test the URLs in your images - we do not wish for you to post the URLs direct to this topic. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

 

Also, in these reports you will be able to see access denied entries. That is for wicar, because I was testing whether the antivirus is working or, not.

Userlevel 7
Badge +10

Hello @Apal

Thank you for the report!

  1. In Chrome, how are Notifications configured?
  2. In Chrome, how are Popups configured?
  3. Reinstalling Chrome browser is not the same as resetting the Chrome browser → follow all steps in topic written by @richbuff → Kaspersky notification of detection, file or website detected.
  4. ALSO, what is the name of the YouTube video you wanted to download, that’s the one we wish to test, using y2mate? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 2
Badge

Hello @Apal

Thank you for the report!

  1. Reinstalling Chrome browser is not the same as resetting the Chrome browser → follow all steps in topic written by @richbuff → Kaspersky notification of detection, file or website detected.
  2. ALSO, what is the name of the YouTube video you wanted to download, that’s the one we wish to test, using y2mate? 

Thank you:pray_tone3:

Flood:whale: +

3. That I have done (Sorry, for not informing right thing).

4. Video name is exactly same as shown in screenshot 1, that I have sent you.

Also, this is irrespective of video. Because it is happening in every video, I am downloading.

 

1. and 2. Everything by default.

Userlevel 7
Badge +10

Hello @Apal

Thank you for posting back! 

:radioactive: Tell us the name please, we cannot see a name in the first image, each time we use the URL it generates an error - we wish to replicate exactly what you are doing → copy & paste that URL to a text file & attach to your reply please?

  1. In Chrome, how are Notifications configured?
  2. In Chrome, how are Popups configured?
  3. Follow all steps in topic written by @richbuff → Kaspersky notification of detection, file or website detected.

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 2
Badge

Hello @Apal

Thank you for posting back! 

:radioactive: Tell us the name please, we cannot see a name in the first image, each time we use the URL it generates an error - we wish to replicate exactly what you are doing → copy & paste that URL to a text file & attach to your reply please!

  1. In Chrome, how are Notifications configured?
  2. In Chrome, how are Popups configured?
  3. Follow all steps in topic written by @richbuff → Kaspersky notification of detection, file or website detected.

Thank you:pray_tone3:

Flood:whale: +:whale2:

 

  1. Notifications are allowed when I give the permission. (For this site, no notifications are allowed.)
  2. Don’t allow websites for pop up & redirect.

That’s it.

 

Userlevel 7
Badge +10

Hello @Apal

Thank you for posting back! 

Remove

Do NOT allow Notifications

 

YouTube video d/l’d.  

 

 

 

IF (your) KIS is not blocking the push URLs, it’s either not installed correctly, not configured correctly & or not restored correctly. 

  1. Exit out of Chrome & do not restart
  2. Uninstall KIS, do not check any check boxes EXCEPT save License information.
  3. Reboot the computer.
  4. Login. 
  5. Change Windows to run in Safe mode.
  6. Delete all files in C:\Users\USER\AppData\Local\Temp   *USER* = your name
  7. Delete all files in C:\Windows\Temp 
  8. Return to Windows normal mode. 
  9. Download KIS.
  10. Install KIS.
  11. Run a Database update. 
  12. Shutdown the computer using Shutdown, not Restart, power on, login. 
  13. Run a KIS Fullscan → allow it  to complete & do not use the computer while it’s running. 
  14. Start Chrome, retest the original issue? 

Please let us know the outcome? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 2
Badge

Hello @Apal

Thank you for posting back! 

Remove

Do NOT allow Notifications

 

YouTube video d/l’d.  

 

 

 

IF (your) KIS is not blocking the push URLs, it’s either not installed correctly, not configured correctly & or not restored correctly. 

  1. Exit out of Chrome & do not restart
  2. Uninstall KIS, do not check any check boxes EXCEPT save License information.
  3. Reboot the computer.
  4. Login. 
  5. Change Windows to run in Safe mode.
  6. Delete all files in C:\Users\USER\AppData\Local\Temp   *USER* = your name
  7. Delete all files in C:\Windows\Temp 
  8. Return to Windows normal mode. 
  9. Download KIS.
  10. Install KIS.
  11. Run a Database update. 
  12. Shutdown the computer using Shutdown, not Restart, power on, login. 
  13. Run a KIS Fullscan → allow it  to complete & do not use the computer while it’s running. 
  14. Start Chrome, retest the original issue? 

Please let us know the outcome? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Is it blocking redirects in your case ?

Also, the safe mode step seems risky to me. Will it work ?

Userlevel 7
Badge +10
  1. Is it blocking redirects in your case ?
  2. Also, the safe mode step seems risky to me.
  3. Will it work ?

Hello @Apal

Thank you for posting back! 

1.

 

  1. Why? 
  1. All the steps, done in sequence & exactly as documented (in all provided doc links) may help determine why your KIS install is not working correctly, either that or log a case with Kaspersky support, you know the drill for that; they may also ask you to clean up the machine & do a clean install,  it’s your choice. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 2
Badge
  1. Is it blocking redirects in your case ?
  2. Also, the safe mode step seems risky to me.
  3. Will it work ?

Hello @Apal

Thank you for posting back! 

1.

 

  1. Why? 
  1. All the steps, done in sequence & exactly as documented (in all provided doc links) may help determine why your KIS install is not working correctly, either that or log a case with Kaspersky support, you know the drill for that; they may also ask you to clean up the machine & do a clean install,  it’s your choice. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

While entering safe mode, Will it ask normal pin or, microsoft account credentials ?

Userlevel 7
Badge +10

Hello @Apal

Thank you for posting back! 

Neither.

Use How to start your PC in Safe Mode.

OR:

  1. In Windows Search:mag_right: , type msconfig
  2. Select System configuration app
  3. Select Boot tab
  4. Select Safe boot
  5. Select Apply
  6. Select OK
  7. Select Restart 

 

 

 

 

  • To revert to Windows normal mode, select General tab, select Selective startup, select Apply, select OK, select Restart

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 7
Badge +5

Hello @Wesly.Zhang

:sweat_smile:

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood:whale: +:whale2:

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

Reply