Jump to content

Kaspersky Virus Removal Tool detected as false positive


RepairUnit3k6
 Share

Recommended Posts

Downloaded from official website https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool, Immunet version 7.4.4.20633 falsely flagged KVRT.exe as Clam.Win.Malware.Emotet-6691278-0. Scanned by VitusTotal, file was completely clear https://www.virustotal.com/gui/file/f12c6654c8b17cacd1c157c65523bf617fc5bfd9832fcf22ac4f8d3a2940035b/detection. File in question is antivirus tool by itself which may and may not have something to do with it

 

-3k6

KVRT.exe

Link to comment
Share on other sites

Hello 3k6,

"I believe this is 'definitely' a FP!"  Since this is a False Positive created by the ClamAV module I would highly suggest you submit a FP report directly to the devs at ClamAV. Here's a link where you can do just that. https://www.clamav.net/reports/fp

Also, you can report this directly to the Immunet dev team at this link too. https://www.immunet.com/false_positive

Did you try to restore the .exe from Immunet's Quarantine list yet? If not, give that a try.

First open the UI -> click on the underlined word Quarantine located below & to the right of the History tab -> locate & click on the .exe file in the right side Details dialog box -> choose the 'Restore' option. That will automatically move the .exe to Immunet's Exclusion list.

If the .exe creates a 'Program Files' folder in that OS directory, another option would be to create a custom Exclusion rule for the 'entire Program Files folder' if just excluding the .exe doesn't work.

Regards, Ritchie...

 

Link to comment
Share on other sites

1 hour ago, ritchie58 said:

Hello 3k6,

"I believe this is 'definitely' a FP!"  Since this is a False Positive created by the ClamAV module I would highly suggest you submit a FP report directly to the devs at ClamAV. Here's a link where you can do just that. https://www.clamav.net/reports/fp

Also, you can report this directly to the Immunet dev team at this link too. https://www.immunet.com/false_positive

Did you try to restore the .exe from Immunet's Quarantine list yet? If not, give that a try.

First open the UI -> click on the underlined word Quarantine located below & to the right of the History tab -> locate & click on the .exe file in the right side Details dialog box -> choose the 'Restore' option. That will automatically move the .exe to Immunet's Exclusion list.

If the .exe creates a 'Program Files' folder in that OS directory, another option would be to create a custom Exclusion rule for the 'entire Program Files folder' if just excluding the .exe doesn't work.

Regards, Ritchie...

 

Greetings Ritchie and thank you for answer. I did actually tried https://www.immunet.com/false_positive but when I clicked submit it showed me error. I'm using Brave browser version 1.28.105. There was no reason to restore file from quarantine since quarantine failed as software was currently in use. Since KVRT is antivirus software as well, I assume it is prevented from shutting down by other programs as viruses could do that to prevent detection. I will report to ClamAV directly. Thank you for your time

 

-3k6

Link to comment
Share on other sites

Sorry about that! The site was down for a while but I thought Immunet's FP reporting site was fixed & functional again. Bummer! Until I hear the site is actually fixed I won't be suggesting that option again.

This is something I wish a support/dev person would get involved in but that rarely happens these days. Immunet just doesn't get the support or funding it once did regrettably.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...