Kaspersky
Question

Kaspersky falsely identified as Avira by Windows 10 Update?


I have not been able to perform the last couple of updates of Windows 10. After download, install keeps saying I need to uninstall "Avira Antivir" first. Only: that was removed years ago. Also,
  • I successfully ran the special "Avira-Uninstaller" in windows safe mode. No trace of Avira left in the registry. Still, after reboot, same error message.
  • downloaded windows update directly from the server (https://www.microsoft.com/en-in/software-download/windows10)
  • tried all the proposed fixes from Microsoft support - nothng works.
SO: Is it possible that Windows update (happende for updates in about the last 7 or so months) mistakes Kaspersky Security Cloud for Avira?
Answer / help much appreciated!
ch53e_de

12 replies

Userlevel 7
Badge +5
Hello @ch53e_de,
Welcome!
Please share with us:
  1. Windows operating system? (1a) version? (1b) build?
  2. KCS, free? or premium? (this info allows us to target our advice specific to your situation).
  3. KCS version? patch(x)? x = letter
  4. Screen image of the error/s?
  5. Please check: c:\windows\system32\drivers\avipbb.sys
  6. IF avipbb.sys exists in this exact path avipbb.sys can be deleted.
  7. Have you tried uninstalling KCS, applying the Windows update, reinstalling KCS?
  8. Please collect GSI & Windws logs,upload to cloud storage of your choice and post back the link please?
Many thanks.
GSI ref doc: https://support.kaspersky.com/common/diagnostics/3632#block7
Hello Flood,
and: many thanks!
Here is the link to what you requested.
Cheers
https://send.firefox.com/download/e569abb21e6b1e8c/#NREAiOQcOp232tG0kz-foQ
Oh, by the way: System is cleaned of everything Avira. No avipbb.sys.

Userlevel 6
Badge +3
@ch53e_de try to use Avira Registry Cleaner https://www.avira.com/en/downloads#tools
Userlevel 7
Badge +5
I have not been able to perform the last couple of updates of Windows 10.
I successfully ran the special "Avira-Uninstaller" in windows safe mode. No trace of Avira left in the registry.

Hello @ch53e_de,
Please tell us:
Windows updates version and details info that are unable to be updated?
Have you:
  1. Unistalled KCS,
  2. Shutdown PC using "shutdown" option.
  3. After restart - login, apply or try to apply Windows update.
  4. If the upd is successful, shutdown PC using "shutdown" option.
  5. After restart - login, reinstall KCS.
  6. Shutdown PC using "shutdown" option.
  7. After restart - login, make sure KCS is active
  8. Run manual KCS update - allow upd to complete.
  9. Run manual Full Scan - allow scan to complete.
Report back please?
----
IF, 3. Windows UPD is unsuccessful, please post back with a new GSI & Windows log.

Thanks so much.
Thanks for all your input!
  • Version of failed win10 upd is 1903
  • Currently running on 1803
  • did run Avira Registry Cleaner successfully before. No change.
  • did the procedure by Flood above (uninstall KCS, shutdown...)
  • Update failed again in the last stages. BUT:
Got a new windows error code:
0xc1900209

Is that helpful?
Userlevel 7
Badge +5
  • Update failed again in the last stages. windows error code: 0xc1900209


Hello @ch53e_de,
Thanks for posting back.
Everything is helpful😉
  • Ok, so to confirm, Windows - during this upgrade attempt stopped sending alerts re "Avira Antivir", so, we've confirmed that Windows is not confusing KCS & the issue is not caused by KCS = progress👍🏽
  • May we have a screen image of the actual Windows error please?
  • Are you selecting the Windows update from Windows Update & Security?
  • May I have a screen image of that screen please?
  • Can you type winver in the (Windows) search field & post back a screen image please?
  • May we have a new GSI & Windows logs please?
Thanks
Flood,
unfortunately, no. Maybe I didn't get that message or I forgot to tell, but is is still there. This is the sequence I had, after your procedure and after a procedure from a microsoft advisor:
0) I download the Win10 updater "adksetup.exe" from here and start the process:
https://www.microsoft.com/en-us/software-download/windows10
1) Win10 upd says - again, at the very last stages of the whole process - that I need to uninstall Avira (that message in German, the OS language).
2) I close this process and windows says it needs to do some cleaning.
3)Then I get the message (now in English) with the error code.
I've done this various times. This is the sequence.

The link gives you sequence of screenshots + new GSI report
https://www.dropbox.com/sh/li1yoxnx7usqhgo/AADZycsCLI1ocTiuYgU2BzQ7a?dl=0

best,
ch53e_de
Userlevel 7
Badge +5
unfortunately, no. Maybe I didn't get that message or I forgot to tell, but is is still there.

Hello @ch53e_de,
Thanks for the feedback.
⭕️ When you did the last attempted update what was connected to the computer?⭕️
  • If you've not been able to do (Windows updates) for the last 7+- months, have you provided that info to MS?
  • There appears to be entries in the "hosts" file that are not standard - talk with Microsoft.
----
BEFORE you use Kavremover:
  1. Make sure all your data is backed up
  2. Create a system image
  3. Create a system restore point
----
  • Remnants of Kaspersky AV software - you really need to remove ALL Kaspersky software and start afresh.
  • Use Kavremover tool - follow the documentation exactly https://support.kaspersky.com/common/uninstall/1464
----
  • At the completion of Kavremover, shutdown the computer using "shutdown", power on to restart and create another GSI & Windows logs so we can verfiy?
🚫If Microsoft provide you with any procedures/instructions, anything, please follow and let us know so everything is very clear please?🚫
Best regards.
Hi Flood,
thanks for keeping this going.
  • Not sure I understand your question "...what was connected to the computer?" It's a Sony Vayo Laptop in its docking station, external mouse, keyboard and monitor connected to the docking staion. That's it.
  • Yes, I told MS. I got lot's of procedures from them, and followed them. Basically: cleanup system (delete everything unnecessary, temp, restore points, win update downloads etc.) and make sure Avira is totally removed. I followed a procedure by Avira themselves that MS recommended. That way I found some more Avira folders (in C:\programdata e.g.) and they proved extremely hard to delete. Deleted all of them in the end. Still: my search tool says, it still cannot access a lot of places, when looking for "Avira", so there still might be something very very hidden.
  • hosts file: congrats, you are thorough! Forgot about that: changed the host files myself upon recommendation; was supposed to reduce annoying behaviour of that application. Can change back if important.
  • Now following your recommendation, total removal of KSC with tool. On it.
Thanks, will report.
ch53e_de
Userlevel 7
Badge +5
Hello @ch53e_de,
Thank you for your comprehensive reply.
  • Have MS advised you re: Windows update error 0xc1900209? If not, please ask them for their advice.
  • For "difficult" file deletions, always try in safe mode, the majority of resources are released, allowing previously prevented actions.
--
  • If Wupd to 1903 is successful, please do a GSI& Windows log, before you install KCS.
Thanks.
Re: th🕵🏾rough😉
I do have to say - I am disappointed. What kind of philosophy are they following at Kaspersky Labs?
  • I get the recommendation to use the kavremvr tool to make sure everything Kaspersky is removed (in order to see whether win upd does indeed mistake KCS for something Avira). THAT implies, a normal uninstall will leave lots of stuff on the computer. Well, I do not appreciate this. If I remove a program, I expect it to be humble and to disappear completely.
  • If normal removal is not enough - I expect the program to tell me - the user - that this is the case and that I can use a special tool, if I want every trace to disappear. Doesn't happen in Kaspersky. A friendly tech person tells me, otherwise, I would never know.
  • If I use the special kavremvr removal tool, I am NOT told to do so in safe mode, in order to get rid of all the stuff I need to get rid of. Again, only the tech person tells me.
  • And then, after the kavremvr tool is done, first thin I see is the Kaspersky icon still in my desktop! Search easily still finds 5 Kaspersky folders and at least as many files. What kind of remover is this?
And again: what kind of philosophy is this? I want - and will pay for - programs that do WHAT I TELL THEM TO DO, and I don't want programmers and developpers to trick me! And less so when we talk about a security suite. So my trust in Kaspersky (as well as Avira, for that matter) is gone. In my opinion, this is not transparent and does not give the user the control he wants and expects.
Not good at all.
William

Reply / Ответить