Kaspersky
Solved

Lots of system symptoms, Eset false positive on Kaspersky bases.


Userlevel 1
Ladies, Gentlemen.

Akwardly i have a combo of eset online scanner with the free version.
I had some trojan horses generics nesting in the labs base folder...

Running hitman and eset, some mallwarebytes and SFC.EXE it was all ok again to be short, i had much more damage than this.
repaired myself trough cmd .
And....
I want to be tight and secure and running the eset over kapersky paid version again. still getting some deleted objects again, when installed back again the AVP of kaspersky.
it is still running now but i will send a photo of this.

can this be considered as false if it is back again a trojan generic horse ???

regards
kenneth
icon

Best answer by Schulte 4 July 2019, 23:38

Hi, KETZK,

let me explain in simple words:

what ESET is telling you is quite normal. AV programs often recognize other AV programs as a danger. An AV program intervenes deeply in the system, which seems dangerous to the other AV program.

The evaluation on Freefixers is only 'bullshit'. Obviously, users who don't know anything about KL products have rated it. Your screenshots also show the rating of a ten year old version (AVP9)...



Summary:

'kjim.kdl' is a component of the KL products, it is a special .DLL, digitally signed and is checked by your KTS for unharmedness at every start.
View original

28 replies

Userlevel 7
Badge +9
Hello KETZK,
Welcome!
  1. Could you help us please, what exactly is the issue?
  2. Can you share screen images (that show the issue) with us please?
  3. What Kaspersky software do you have installed? Name/s, version/s, patch/s?
  4. Operating system, version, build?
  5. Does your Kaspersky REPORTS show any events that identify the issue? Can you export those events and upload the text file using the upload icon below please?
Looking forward to hearing from you.
Many thanks!
Userlevel 1
Well, a intrusion took place, from my eyesight with a lot of symptoms, firefox crashing, screens shutting off...freezing...flickering....acces into registry addresses/keys, event log corruption, files denying to delete of changed security audio/display drivers corrupt etc..

To clear my case i was suprised with every side support i had from exploits to mallware protection, eset was the only one who saw more than the rest.
I had some last bits in the C/PROGRAM DATA /KAPERSKY LAB/AVP 19.0.0/BASEES/CACHE/KJIM... a variant of ''Generic.DBVVYIJ.Horse as NOD32ESET displays in front of me.
And after quarantine those files. i deleted them , and testing if it was my fault, maybe someting was coming in or so while downloading your client.
Now 9out10 i was since the first developments allways satisfied with the AVP .
And was thinking to buy finally the whole version after some digging and testing.
And on the other side when i was setting up the client again with license for 2 years.
I was curious about if eset detects anything on this client right now like with the last couple days what eset has told me about.
Also directly downloaded from your servers.
Again still 2 EDIT;3 potentials recognized, and i wanted to share that experience and wanted to highlight this if this was a very true or false fact,...
what eset is recognizing in your folders?

I am running up to date VER OF KASPERSKY
RUNNING : WINX64 VER1903

AND
this are the screen images.

I have no attention notices from kaspersky whatsoever about what eset has to say.

Thank you very much gentlemen.

regards
Userlevel 1

Userlevel 1

Userlevel 7
Badge +4
Eset false positive detect Kaspersky bases. False positive.

1. Please post your GetSystemInfo report link, instructions: https://support.kaspersky.com/common/diagnostics/3632
Please upload the GetSystemInfo zip folder that is inside the larger GSI zip to the GSI parser site http://www.getsysteminfo.com/ and post the url to the parsed report here, in your next post.
Userlevel 1
I will do that sir, thank you.
Userlevel 1
https://www.getsysteminfo.com/report/29302a6ef3339e8002651049f81d2c71

This link with system info of mine, it wont get shared any further than you guys am i right?
I like to keep it discreet.

Thank you very much.
Userlevel 1
guys, i clicked accidentally on solved i guess. pardon me .
Userlevel 7
Badge +7
guys, i clicked accidentally on solved i guess. pardon me .
If you send me a PM with an explicit desire to undo that, we can undo.

EDIT: Done as requested
Userlevel 1

guys, i clicked accidentally on solved i guess. pardon me .If you send me a PM with an explicit desire to undo that, we can undo.

EDIT: Done as requested


Thank you very much Sir Schulte. Again my apollogies.
Userlevel 7
Badge +9
KETZK,
  • Re: "no attention notices from kaspersky whatsoever about what eset has to say".
Kaspersky has no reason to report.
-------------------------------
  • Eset report:
  1. First 2 objects are identical
  2. Location is different.
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 a variant of Generik.DBVVYIJ trojan horse removed (after the next restart)
code:
C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\Cache\


kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 a variant of Generik.DBVVYIJ trojan horse removed (after the next restart)
code:
C:\Users\All Users\Kaspersky Lab\AVP19.0.0\Bases\Cache\


--------------------------------

  • kjim - 046648d9043492926863b15830199c9c0ee7bbbd666867befd2be1b891cd3d56
MD5 1d87b48c03e8b252a0fc72ae36c5aed8
SHA-1 2700a2f4ad0164e193e49e05c017c73e0b87332d
SHA-256 046648d9043492926863b15830199c9c0ee7bbbd666867befd2be1b891cd3d56
Authentihash 0abc5906c168fce572b1f441bf80b1d28e0559402cbb0043f390c01a9cd299e4
SSDEEP 24576:EUEENIBFunoLECFWYk/l7fQ7vdQ6eMmxA:WLZkrlMmy
File type Win32 DLL
Magic PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
File size 2.91 MB (3046736 bytes)
History
Creation Time 2019-05-30 09:18:26
Signature Date 2019-05-30 10:22:00
First Submission 2019-06-20 11:12:32
Last Submission 2019-06-20 11:12:32
Last Analysis 2019-07-02 19:05:51
Names
kjim
kjim.kdl
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Copyright © 2019 AO Kaspersky Lab. All Rights Reserved.
Product Kaspersky Anti-Virus
Description Script Heuristics Engine
Original Name kjim.kdl
Internal Name kjim
File Version 5.29.0.31
Date signed 10:22 AM 5/30/2019
Signers
Kaspersky Lab
Name Kaspersky Lab
Status Valid
Valid From 12:00 AM 06/02/2017
Valid To 12:00 PM 07/08/2020
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46
DigiCert High Assurance Code Signing CA-1
Name DigiCert High Assurance Code Signing CA-1
Status Valid
Valid From 12:00 PM 02/11/2011
Valid To 12:00 PM 02/10/2026
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
DigiCert
Name DigiCert
Status Valid
Valid From 12:00 AM 11/10/2006
Valid To 12:00 AM 11/10/2031
Valid Usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Serial Number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter Signers
Symantec Time Stamping Services Signer - G4
Name Symantec Time Stamping Services Signer - G4
Status Valid
Valid From 12:00 AM 10/18/2012
Valid To 11:59 PM 12/29/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
Symantec Time Stamping Services CA - G2
Name Symantec Time Stamping Services CA - G2
Status Valid
Valid From 12:00 AM 12/21/2012
Valid To 11:59 PM 12/30/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Thawte Timestamping CA
Name Thawte Timestamping CA
Status Valid
Valid From 12:00 AM 01/01/1997
Valid To 11:59 PM 12/31/2020
Valid Usage Timestamp Signing
Algorithm md5RSA
Serial Number 00
----------------------

History
Creation Time 2019-05-30 09:18:26
Signature Date 2019-05-30 10:22:00
First Submission 2019-06-20 11:12:32
Last Submission 2019-06-20 11:12:32
Last Analysis 2019-07-02 19:05:51
Names
kjim
kjim.kdl
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Copyright © 2019 AO Kaspersky Lab. All Rights Reserved.
Product Kaspersky Anti-Virus
Description Script Heuristics Engine
Original Name kjim.kdl
Internal Name kjim
File Version 5.29.0.31
Date signed 10:22 AM 5/30/2019
Signers
Kaspersky Lab
Name Kaspersky Lab
Status Valid
Valid From 12:00 AM 06/02/2017
Valid To 12:00 PM 07/08/2020
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46
DigiCert High Assurance Code Signing CA-1
Name DigiCert High Assurance Code Signing CA-1
Status Valid
Valid From 12:00 PM 02/11/2011
Valid To 12:00 PM 02/10/2026
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
DigiCert
Name DigiCert
Status Valid
Valid From 12:00 AM 11/10/2006
Valid To 12:00 AM 11/10/2031
Valid Usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Serial Number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter Signers
Symantec Time Stamping Services Signer - G4
Name Symantec Time Stamping Services Signer - G4
Status Valid
Valid From 12:00 AM 10/18/2012
Valid To 11:59 PM 12/29/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
Symantec Time Stamping Services CA - G2
Name Symantec Time Stamping Services CA - G2
Status Valid
Valid From 12:00 AM 12/21/2012
Valid To 11:59 PM 12/30/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Thawte Timestamping CA
Name Thawte Timestamping CA
Status Valid
Valid From 12:00 AM 01/01/1997
Valid To 11:59 PM 12/31/2020
Valid Usage Timestamp Signing
Algorithm md5RSA
Serial Number 00
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2019-05-30 09:18:26
Entry Point 30720
Contained Sections 5
Sections
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 949545 949760 6.65 f124eb1b636ae19f8eee8c7d38d75c51
.rdata 954368 2026602 2027008 6.13 d089c0aa9f400581d2fbae4caa069de9
.data 2981888 296 512 1.95 27f0b8419dfa7b434fcff1e2c9bb9b80
.rsrc 2985984 1512 1536 4.18 dbd4d51ac4204909e2b164c899605f68
.reloc 2990080 43814 44032 5.94 2af7f63dac8ea8e74cd010dfac137f12
Exports
KJIM_1
KJIM_10
KJIM_11
KJIM_12
KJIM_13
KJIM_14
KJIM_15
KJIM_16
KJIM_17
KJIM_18
Contained Resources By Type
RT_VERSION 1
RT_MANIFEST 1
Contained Resources By Language
RUSSIAN 1
ENGLISH US 1
Contained Resources
SHA-256 File Type Type Language
1af48599ba2eadc59c2fef6ee3bca8c3143106377611dd6bee0d9e3139287877 data RT_VERSION RUSSIAN
49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e ASCII text RT_MANIFEST ENGLISH US
ExifTool File Metadata
CharacterSet Unicode
CodeSize 949760
CompanyName AO Kaspersky Lab
EntryPoint 0x7800
FileDescription Script Heuristics Engine
FileFlagsMask 0x003f
FileOS Windows NT 32-bit
FileSubtype 0
FileType Win32 DLL
FileTypeExtension dll
FileVersion 5.29.0.31
FileVersionNumber 5.29.0.31
ImageFileCharacteristics Executable, 32-bit, DLL
ImageVersion 0.0
InitializedDataSize 2073088
InternalName kjim
LanguageCode English (U.S.)
LegalCopyright 2019 AO Kaspersky Lab. All Rights Reserved.
LegalTrademarks Registered trademarks and service marks are the property of their respective owners
LinkerVersion 10.0
MIMEType application/octet-stream
MachineType Intel 386 or later, and compatibles
OSVersion 5.1
ObjectFileType Executable application
OriginalFileName kjim.kdl
PEType PE32
ProductName Kaspersky Anti-Virus
ProductVersion 6.0.1.990
ProductVersionNumber 6.0.1.990
Subsystem Windows GUI
SubsystemVersion 5.1
TimeStamp 2019:05:30 10:18:26+01:00
UninitializedDataSize 0

-----------------------------
Before proceeding please ensure you have:

Current backups.
Current system image
Current restore point.
-----------------------------
  • Is there a reason why Kaspersky software is patch (d)?
  • If not please update to the current patch.
To do so please follow these steps:

  1. Uninstall Kaspersky software, in KTS application, right click, select "UNINSTALL", please ensure you select "SAVE LICENCE INFORMATION" only, leave the remaining options blank.
  2. Allow the UNINSTALL process to complete.
  3. POWER OFF COMPUTER by selecting "SHUTDOWN"
  4. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  5. Make sure KASPERSKY SECURE CONNECTION is NOT ACTIVE, if it is EXIT KASPERSKY SECURE CONNECTION.
  6. Go to C:\Windows\Temp - delete all files/folders - there will be 4 or 5 files/folders in use, do not worry, select "skip", there may also be a few files that require "Admin" to permit the deletion, please select Admin ok/yes to complete the clearing.
  7. Go to C:\ProgramData\Kaspersky Lab - search for AVP19*.*, if any Folders/Files are found, matching the criteria please delete, if it's a folder please clear any files/objects within, then delete the folder.
  8. Go to C:\Users\All Users\Kaspersky Lab\ - search for AVP19*.*, if any Folders/Files are found, matching the criteria please delete, if it's a folder please clear any files/objects within, then delete the folder.
  9. POWER OFF COMPUTER by selecting "SHUTDOWN"
  10. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  11. Download a new KTS installer.
  12. INSTALL KTS, allow the software installation to fully complete.
  13. POWER OFF COMPUTER by selecting "SHUTDOWN"
  14. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  15. Make sure KASPERSKY SECURE CONNECTION is NOT ACTIVE, if it is EXIT KASPERSKY SECURE CONNECTION.
  16. Make sure KTS is active.
  17. Run a MANUAL UPDATE.
  18. Sign into your MyKaspersky online account.
  19. Make sure your device is syncronised with the application/portal.
  20. Run a FULL MANUAL SCAN - allow it to complete and DO NOT RUN ANYTHING ELSE for the entire duration of the FULL SCAN.
----------------------------------

CLEAR ESET and rerun the ESET scan.

Problem remains - YES? Please report back?

Problem resolved - YES? Please report back?

Thanks!
Userlevel 1
Sir Flood, thank you.
I will proceed tomorrow.
At all i can say now is that in idle , with no programs in run, there is back a reasonable silence,
Only a bout 3prcent cpu load 25 ram buffer and 0 hdd 0 network.

but for the fact of the so called false trojans in ESET .

I will apply this procedure tomorrow.
Thank you very much .

regards
Userlevel 1
Sir,

I applied what you explained me to do.
After removing KTS, no rest files were found bij myself.
after the whole restart en reset eset.
Same error still counts....
Freefixers explained and whas the only website except my topic in google on how and why it works like that, but its a part of the heuristics engine script, but 85% would advise to delete it. but its only polled by 13 votes.

Thoughts?

Userlevel 1

Userlevel 1

Userlevel 1

Userlevel 7
Badge +7
Hi, KETZK,
let me explain in simple words:
what ESET is telling you is quite normal. AV programs often recognize other AV programs as a danger. An AV program intervenes deeply in the system, which seems dangerous to the other AV program.
The evaluation on Freefixers is only 'bullshit'. Obviously, users who don't know anything about KL products have rated it. Your screenshots also show the rating of a ten year old version (AVP9)...

Summary:
'kjim.kdl' is a component of the KL products, it is a special .DLL, digitally signed and is checked by your KTS for unharmedness at every start.
Userlevel 1
EDIT found something valid about updating the other AV(zone alarm,eset..etc) which alarms you about it, its probably going to be false as you gentlemen explained. "KJIM.KDL"

updated:11.39PM reading SCHULTE
Userlevel 1
Gentlemen,
Sir Schulte,

Thank you very much for taking time, effort, attention to this seems for you experts in the eye, maybe a boring worthless topic.(i said that, no shots fired)
To me it explains everything.

Would the AUTOSTART error explains this too,
That it is a implementation of KTS ?
Userlevel 7
Badge +7
Hi KETZK,
There is no 'boring worthless topic'. Every question has its justification and deserves an answer. Maybe other users have the same question.
Userlevel 1
Great, yes this may valid others scary feelings about this situation for sure.
This topic is done for me gentlemen.

Kudos to this group!

Till next time, and i saw what you gentlemen did about the title of this topic, and i realised why.
But by all means, had no bad/false plans with it.

(pardon me )

Regards, and have a nice day/night further on.

Stick safe!

Kenneth.
Userlevel 7
Badge +7
I'm sorry, I didn't follow your subject very closely.

Question:
What do you mean by 'AUTOSTART error'? The start of the 'KJIM.KDL'? It is an important part of Kaspersky protection. By the way, it should be 'undeletable' for other programs, as long as Kaspersky is running, it is under special protection.
Userlevel 1
To be a bit clear , the title topic was " allways being happy with KTS, until i bought it ."
And i realised why it was changed so, again by all means no bad meanings were intended.


The question:
Yes in the picture added in the last posts there are 2 in file folders.
The KDL files.
And the last one is a autostart error, but thath would be a safety config maybe from the KTS?
For protecting the boot/startup up proces in windows ?

But however i dont think i need to be worried about it.
Because my proces loads are very comfortable these last days.

But thank you very much for responding back to my last resting question.
Userlevel 7
Badge +7
I'm sure I speak for everyone involved: you're welcome.
Userlevel 1

Gentlemen.
I had a other problem on a other person his laptop, rendering the crap out of his harddrive without even showing up in the taskmanager or clogging it up like a worm. (rendering...)
After letting it scan at night, detecting a fourth virus , which was a first for me to see, which we know gentlemen it is just2 fake intrusions

in the normal folders which one is programmed in die autostart.

But now we detected a BT FOLDER .

Disk is as silent as a zero right now .

(Just wanted to show you guys what i have discovered, from what i assume it was a problem, allways had kaspersky free on this laptop he said.)
And while it was scanning updated the software to 1903 win 10 en shutting the internet adapter off en putting the pc i airplane modus and let it do his thing.

so there you go guys.

Cheers

Kenneth

AS YOU CAN SEE BTW 4HOURS TO SCAN THE CRAP IN THIS THING

Holy Hard drives!

Reply