Kaspersky
Solved

Lots of system symptoms, Eset false positive on Kaspersky bases.


Userlevel 1
Ladies, Gentlemen.

Akwardly i have a combo of eset online scanner with the free version.
I had some trojan horses generics nesting in the labs base folder...

Running hitman and eset, some mallwarebytes and SFC.EXE it was all ok again to be short, i had much more damage than this.
repaired myself trough cmd .
And....
I want to be tight and secure and running the eset over kapersky paid version again. still getting some deleted objects again, when installed back again the AVP of kaspersky.
it is still running now but i will send a photo of this.

can this be considered as false if it is back again a trojan generic horse ???

regards
kenneth
icon

Best answer by Schulte 4 July 2019, 23:38

Hi, KETZK,

let me explain in simple words:

what ESET is telling you is quite normal. AV programs often recognize other AV programs as a danger. An AV program intervenes deeply in the system, which seems dangerous to the other AV program.

The evaluation on Freefixers is only 'bullshit'. Obviously, users who don't know anything about KL products have rated it. Your screenshots also show the rating of a ten year old version (AVP9)...



Summary:

'kjim.kdl' is a component of the KL products, it is a special .DLL, digitally signed and is checked by your KTS for unharmedness at every start.
View original

28 replies

Userlevel 7
Badge +9
Hi KETZK/Kenneth,
No, you haven't upset me and my advice was not to convey anything like that.
It was simply to restate, the detections are false, however, they are also fixable, if Eset makes the choice to do so.
Furthermore, I raised the discussion points as to why, any company may choose not to fix something, if they stood to benefit from not taking proactive steps.
------------------
Your post, the contributions and the discussion that's resulted is valuable.
------------------
The Laptop is a another & different device, that has not been discussed previously in the post.
It wasn't obvious (to me) you "wanted to know if this is a legit place to be for that file mapping from the windows sections and further on?".
------------------
We're more than happy to provide analysis, support, discussion, we try very hard to do this, sometimes we need a little help, that's why you'll see, we frequently ask for technical data - direct from devices that are giving people difficulties.
------------------
Please run GSI & Windows logs, when complete please upload the .zip to cloud storage of your choice and pm me the link please?

Thanks and best regards.
Userlevel 1
Wow, sir i dont want to upset you as i am feeling this in your post, i just wanted to show you guys another detection in the WINDOS $ BT section.
And i know how the world is going around, and im happy that you explained that for me , thank you .

As we already spoke about if the first 3(included the autostart) is not a real intrusion.
but with the problem this laptop had, and finding nothing else then this and a checkdisk to make sure i am not blowing this ballon bigger as it should be, (That the disk is dying may be a reason, but it isnt)

I actually just wanted to know if this is a legit place to be for that file mapping from the windows sections and further on .
But i will silence myself, and will not repeat this again for your comfort 🙂.

However thanks again for your attention.

Regards!

You guys can close the topic if you want.
Userlevel 7
Badge +9
Hi KETZK/Kenneth,
What virus?
I'll reverse the situation, "sometimes" Kaspersky software detects software incorrectly and reports falsely. When Kaspersky are advised, they fix the issue.
In this specific case, this is what Eset is doing.
There's nothing for Kaspersky to fix.
---------
It would seem Eset "could" fix their reference db, however, that would involve them being willing to do so and being notified their information is erroneous.
Let's break this down:
  • Why might Eset not wish to fix their erroneous reference db?
Costs $

If potential Eset customers think Kaspersky distribute software laden with dangerous worm/virus/malware, potential customers may choose Eset software over Kaspersky software.

= more $ for Eset, a business in the same market as Kaspersky.
---------
  • Do Eset know?
Only if impacted Eset consumers tell them, by direct contact; even posting on Eset forums will not complel Eset to fix this, bc, they, potentially may profit from the current situation.
  • Have you contacted Eset?
Please let us know?

Thanks.
Userlevel 1

Gentlemen.
I had a other problem on a other person his laptop, rendering the crap out of his harddrive without even showing up in the taskmanager or clogging it up like a worm. (rendering...)
After letting it scan at night, detecting a fourth virus , which was a first for me to see, which we know gentlemen it is just2 fake intrusions

in the normal folders which one is programmed in die autostart.

But now we detected a BT FOLDER .

Disk is as silent as a zero right now .

(Just wanted to show you guys what i have discovered, from what i assume it was a problem, allways had kaspersky free on this laptop he said.)
And while it was scanning updated the software to 1903 win 10 en shutting the internet adapter off en putting the pc i airplane modus and let it do his thing.

so there you go guys.

Cheers

Kenneth

AS YOU CAN SEE BTW 4HOURS TO SCAN THE CRAP IN THIS THING

Holy Hard drives!
Userlevel 7
Badge +7
I'm sure I speak for everyone involved: you're welcome.
Userlevel 1
To be a bit clear , the title topic was " allways being happy with KTS, until i bought it ."
And i realised why it was changed so, again by all means no bad meanings were intended.


The question:
Yes in the picture added in the last posts there are 2 in file folders.
The KDL files.
And the last one is a autostart error, but thath would be a safety config maybe from the KTS?
For protecting the boot/startup up proces in windows ?

But however i dont think i need to be worried about it.
Because my proces loads are very comfortable these last days.

But thank you very much for responding back to my last resting question.
Userlevel 7
Badge +7
I'm sorry, I didn't follow your subject very closely.

Question:
What do you mean by 'AUTOSTART error'? The start of the 'KJIM.KDL'? It is an important part of Kaspersky protection. By the way, it should be 'undeletable' for other programs, as long as Kaspersky is running, it is under special protection.
Userlevel 1
Great, yes this may valid others scary feelings about this situation for sure.
This topic is done for me gentlemen.

Kudos to this group!

Till next time, and i saw what you gentlemen did about the title of this topic, and i realised why.
But by all means, had no bad/false plans with it.

(pardon me )

Regards, and have a nice day/night further on.

Stick safe!

Kenneth.
Userlevel 7
Badge +7
Hi KETZK,
There is no 'boring worthless topic'. Every question has its justification and deserves an answer. Maybe other users have the same question.
Userlevel 1
Gentlemen,
Sir Schulte,

Thank you very much for taking time, effort, attention to this seems for you experts in the eye, maybe a boring worthless topic.(i said that, no shots fired)
To me it explains everything.

Would the AUTOSTART error explains this too,
That it is a implementation of KTS ?
Userlevel 1
EDIT found something valid about updating the other AV(zone alarm,eset..etc) which alarms you about it, its probably going to be false as you gentlemen explained. "KJIM.KDL"

updated:11.39PM reading SCHULTE
Userlevel 7
Badge +7
Hi, KETZK,
let me explain in simple words:
what ESET is telling you is quite normal. AV programs often recognize other AV programs as a danger. An AV program intervenes deeply in the system, which seems dangerous to the other AV program.
The evaluation on Freefixers is only 'bullshit'. Obviously, users who don't know anything about KL products have rated it. Your screenshots also show the rating of a ten year old version (AVP9)...

Summary:
'kjim.kdl' is a component of the KL products, it is a special .DLL, digitally signed and is checked by your KTS for unharmedness at every start.
Userlevel 1

Userlevel 1

Userlevel 1

Userlevel 1
Sir,

I applied what you explained me to do.
After removing KTS, no rest files were found bij myself.
after the whole restart en reset eset.
Same error still counts....
Freefixers explained and whas the only website except my topic in google on how and why it works like that, but its a part of the heuristics engine script, but 85% would advise to delete it. but its only polled by 13 votes.

Thoughts?

Userlevel 1
Sir Flood, thank you.
I will proceed tomorrow.
At all i can say now is that in idle , with no programs in run, there is back a reasonable silence,
Only a bout 3prcent cpu load 25 ram buffer and 0 hdd 0 network.

but for the fact of the so called false trojans in ESET .

I will apply this procedure tomorrow.
Thank you very much .

regards
Userlevel 7
Badge +9
KETZK,
  • Re: "no attention notices from kaspersky whatsoever about what eset has to say".
Kaspersky has no reason to report.
-------------------------------
  • Eset report:
  1. First 2 objects are identical
  2. Location is different.
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 a variant of Generik.DBVVYIJ trojan horse removed (after the next restart)
code:
C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\Cache\


kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8 a variant of Generik.DBVVYIJ trojan horse removed (after the next restart)
code:
C:\Users\All Users\Kaspersky Lab\AVP19.0.0\Bases\Cache\


--------------------------------

  • kjim - 046648d9043492926863b15830199c9c0ee7bbbd666867befd2be1b891cd3d56
MD5 1d87b48c03e8b252a0fc72ae36c5aed8
SHA-1 2700a2f4ad0164e193e49e05c017c73e0b87332d
SHA-256 046648d9043492926863b15830199c9c0ee7bbbd666867befd2be1b891cd3d56
Authentihash 0abc5906c168fce572b1f441bf80b1d28e0559402cbb0043f390c01a9cd299e4
SSDEEP 24576:EUEENIBFunoLECFWYk/l7fQ7vdQ6eMmxA:WLZkrlMmy
File type Win32 DLL
Magic PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
File size 2.91 MB (3046736 bytes)
History
Creation Time 2019-05-30 09:18:26
Signature Date 2019-05-30 10:22:00
First Submission 2019-06-20 11:12:32
Last Submission 2019-06-20 11:12:32
Last Analysis 2019-07-02 19:05:51
Names
kjim
kjim.kdl
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Copyright © 2019 AO Kaspersky Lab. All Rights Reserved.
Product Kaspersky Anti-Virus
Description Script Heuristics Engine
Original Name kjim.kdl
Internal Name kjim
File Version 5.29.0.31
Date signed 10:22 AM 5/30/2019
Signers
Kaspersky Lab
Name Kaspersky Lab
Status Valid
Valid From 12:00 AM 06/02/2017
Valid To 12:00 PM 07/08/2020
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46
DigiCert High Assurance Code Signing CA-1
Name DigiCert High Assurance Code Signing CA-1
Status Valid
Valid From 12:00 PM 02/11/2011
Valid To 12:00 PM 02/10/2026
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
DigiCert
Name DigiCert
Status Valid
Valid From 12:00 AM 11/10/2006
Valid To 12:00 AM 11/10/2031
Valid Usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Serial Number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter Signers
Symantec Time Stamping Services Signer - G4
Name Symantec Time Stamping Services Signer - G4
Status Valid
Valid From 12:00 AM 10/18/2012
Valid To 11:59 PM 12/29/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
Symantec Time Stamping Services CA - G2
Name Symantec Time Stamping Services CA - G2
Status Valid
Valid From 12:00 AM 12/21/2012
Valid To 11:59 PM 12/30/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Thawte Timestamping CA
Name Thawte Timestamping CA
Status Valid
Valid From 12:00 AM 01/01/1997
Valid To 11:59 PM 12/31/2020
Valid Usage Timestamp Signing
Algorithm md5RSA
Serial Number 00
----------------------

History
Creation Time 2019-05-30 09:18:26
Signature Date 2019-05-30 10:22:00
First Submission 2019-06-20 11:12:32
Last Submission 2019-06-20 11:12:32
Last Analysis 2019-07-02 19:05:51
Names
kjim
kjim.kdl
kjim.kdl.1d87b48c03e8b252a0fc72ae36c5aed8
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Copyright © 2019 AO Kaspersky Lab. All Rights Reserved.
Product Kaspersky Anti-Virus
Description Script Heuristics Engine
Original Name kjim.kdl
Internal Name kjim
File Version 5.29.0.31
Date signed 10:22 AM 5/30/2019
Signers
Kaspersky Lab
Name Kaspersky Lab
Status Valid
Valid From 12:00 AM 06/02/2017
Valid To 12:00 PM 07/08/2020
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46
DigiCert High Assurance Code Signing CA-1
Name DigiCert High Assurance Code Signing CA-1
Status Valid
Valid From 12:00 PM 02/11/2011
Valid To 12:00 PM 02/10/2026
Valid Usage Code Signing
Algorithm sha1RSA
Serial Number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
DigiCert
Name DigiCert
Status Valid
Valid From 12:00 AM 11/10/2006
Valid To 12:00 AM 11/10/2031
Valid Usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Serial Number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter Signers
Symantec Time Stamping Services Signer - G4
Name Symantec Time Stamping Services Signer - G4
Status Valid
Valid From 12:00 AM 10/18/2012
Valid To 11:59 PM 12/29/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
Symantec Time Stamping Services CA - G2
Name Symantec Time Stamping Services CA - G2
Status Valid
Valid From 12:00 AM 12/21/2012
Valid To 11:59 PM 12/30/2020
Valid Usage Timestamp Signing
Algorithm sha1RSA
Serial Number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Thawte Timestamping CA
Name Thawte Timestamping CA
Status Valid
Valid From 12:00 AM 01/01/1997
Valid To 11:59 PM 12/31/2020
Valid Usage Timestamp Signing
Algorithm md5RSA
Serial Number 00
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2019-05-30 09:18:26
Entry Point 30720
Contained Sections 5
Sections
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 949545 949760 6.65 f124eb1b636ae19f8eee8c7d38d75c51
.rdata 954368 2026602 2027008 6.13 d089c0aa9f400581d2fbae4caa069de9
.data 2981888 296 512 1.95 27f0b8419dfa7b434fcff1e2c9bb9b80
.rsrc 2985984 1512 1536 4.18 dbd4d51ac4204909e2b164c899605f68
.reloc 2990080 43814 44032 5.94 2af7f63dac8ea8e74cd010dfac137f12
Exports
KJIM_1
KJIM_10
KJIM_11
KJIM_12
KJIM_13
KJIM_14
KJIM_15
KJIM_16
KJIM_17
KJIM_18
Contained Resources By Type
RT_VERSION 1
RT_MANIFEST 1
Contained Resources By Language
RUSSIAN 1
ENGLISH US 1
Contained Resources
SHA-256 File Type Type Language
1af48599ba2eadc59c2fef6ee3bca8c3143106377611dd6bee0d9e3139287877 data RT_VERSION RUSSIAN
49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e ASCII text RT_MANIFEST ENGLISH US
ExifTool File Metadata
CharacterSet Unicode
CodeSize 949760
CompanyName AO Kaspersky Lab
EntryPoint 0x7800
FileDescription Script Heuristics Engine
FileFlagsMask 0x003f
FileOS Windows NT 32-bit
FileSubtype 0
FileType Win32 DLL
FileTypeExtension dll
FileVersion 5.29.0.31
FileVersionNumber 5.29.0.31
ImageFileCharacteristics Executable, 32-bit, DLL
ImageVersion 0.0
InitializedDataSize 2073088
InternalName kjim
LanguageCode English (U.S.)
LegalCopyright 2019 AO Kaspersky Lab. All Rights Reserved.
LegalTrademarks Registered trademarks and service marks are the property of their respective owners
LinkerVersion 10.0
MIMEType application/octet-stream
MachineType Intel 386 or later, and compatibles
OSVersion 5.1
ObjectFileType Executable application
OriginalFileName kjim.kdl
PEType PE32
ProductName Kaspersky Anti-Virus
ProductVersion 6.0.1.990
ProductVersionNumber 6.0.1.990
Subsystem Windows GUI
SubsystemVersion 5.1
TimeStamp 2019:05:30 10:18:26+01:00
UninitializedDataSize 0

-----------------------------
Before proceeding please ensure you have:

Current backups.
Current system image
Current restore point.
-----------------------------
  • Is there a reason why Kaspersky software is patch (d)?
  • If not please update to the current patch.
To do so please follow these steps:

  1. Uninstall Kaspersky software, in KTS application, right click, select "UNINSTALL", please ensure you select "SAVE LICENCE INFORMATION" only, leave the remaining options blank.
  2. Allow the UNINSTALL process to complete.
  3. POWER OFF COMPUTER by selecting "SHUTDOWN"
  4. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  5. Make sure KASPERSKY SECURE CONNECTION is NOT ACTIVE, if it is EXIT KASPERSKY SECURE CONNECTION.
  6. Go to C:\Windows\Temp - delete all files/folders - there will be 4 or 5 files/folders in use, do not worry, select "skip", there may also be a few files that require "Admin" to permit the deletion, please select Admin ok/yes to complete the clearing.
  7. Go to C:\ProgramData\Kaspersky Lab - search for AVP19*.*, if any Folders/Files are found, matching the criteria please delete, if it's a folder please clear any files/objects within, then delete the folder.
  8. Go to C:\Users\All Users\Kaspersky Lab\ - search for AVP19*.*, if any Folders/Files are found, matching the criteria please delete, if it's a folder please clear any files/objects within, then delete the folder.
  9. POWER OFF COMPUTER by selecting "SHUTDOWN"
  10. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  11. Download a new KTS installer.
  12. INSTALL KTS, allow the software installation to fully complete.
  13. POWER OFF COMPUTER by selecting "SHUTDOWN"
  14. AFTER the COMPUTER is completely OFF, press the POWER BUTTON to turn the COMPUTER ON.
  15. Make sure KASPERSKY SECURE CONNECTION is NOT ACTIVE, if it is EXIT KASPERSKY SECURE CONNECTION.
  16. Make sure KTS is active.
  17. Run a MANUAL UPDATE.
  18. Sign into your MyKaspersky online account.
  19. Make sure your device is syncronised with the application/portal.
  20. Run a FULL MANUAL SCAN - allow it to complete and DO NOT RUN ANYTHING ELSE for the entire duration of the FULL SCAN.
----------------------------------

CLEAR ESET and rerun the ESET scan.

Problem remains - YES? Please report back?

Problem resolved - YES? Please report back?

Thanks!
Userlevel 1

guys, i clicked accidentally on solved i guess. pardon me .If you send me a PM with an explicit desire to undo that, we can undo.

EDIT: Done as requested


Thank you very much Sir Schulte. Again my apollogies.
Userlevel 7
Badge +7
guys, i clicked accidentally on solved i guess. pardon me .
If you send me a PM with an explicit desire to undo that, we can undo.

EDIT: Done as requested
Userlevel 1
guys, i clicked accidentally on solved i guess. pardon me .
Userlevel 1
https://www.getsysteminfo.com/report/29302a6ef3339e8002651049f81d2c71

This link with system info of mine, it wont get shared any further than you guys am i right?
I like to keep it discreet.

Thank you very much.
Userlevel 1
I will do that sir, thank you.
Userlevel 7
Badge +4
Eset false positive detect Kaspersky bases. False positive.

1. Please post your GetSystemInfo report link, instructions: https://support.kaspersky.com/common/diagnostics/3632
Please upload the GetSystemInfo zip folder that is inside the larger GSI zip to the GSI parser site http://www.getsysteminfo.com/ and post the url to the parsed report here, in your next post.
Userlevel 1

Reply