It came to my attention that several antivirus engines report latest release of KVS tool as being Trojan. I would understand it if one engine was reporting incorrectly, but four??? What's happening?
Link? When I google "KVS Trojan" I get lots of hits about "TR/Dldr.KVS.trojan", but that seems to be old stuff dating back to at least 2006 and unrelated to the KVS airline tool. But then it doesn't matter to you anymore either, right? (if I recall from an earlier thread, your account wasn't renewed)
The way the software behaves may be similar to that of a Trojan, which could get it flagged unless the AV firms specifically clear it as okay. This is why some releases of AV software will flag things like Firefox as a threat, even though it clearly is not. Given the relatively low publicity of KVS Tool among the general public, it would not surprise me if some new AV standard has gotten it flagged, and no one thought to fix the erroneous message.
This might be another explanation. Someone else used the same three letters, and now it's flagged by association.
Needless to say, the KVS Tool does not contain any Trojans. Indeed, there is a particularly high risk of false positives when it comes to web browsers (which includes specialized web browser applications like the KVS Tool). A comprehensive scan using 43 AntiVirus products further confirms that there are no issues with the actual KVS Tool executable (V6.5.1.R3): http://www.VirusTotal.com/file-scan...8b51a0b7a542c6d1fe94816c16b0788cdc-1318311600 Simply re-packaging the current release as V6.5.1.R3P2 without any actual changes appears to have cleared most of those false positives in the Setup package, with the exception of one that relates to a Microsoft-provided component by eSafe (which has now been reported to the appropriate party). http://www.VirusTotal.com/file-scan...12a0fc5a73c28f073d8c31d48bda08f9b4-1318313091
Hey guys - I have been Scientific Director of EICAR (European Institute for Computer Antivirus Research) for four years. I know what I am talking about... Another comprehensive scan shows that V6.5.1.R3P2 is Trojan in three different engines... http://virusscan.jotti.org/en/scanresult/72fe0e351b7d36595c377461f39180d409d3a4df
It indeed matters, particuarly after what he did to me! My account is still valid for the next few days...
No one said you were wrong. We suggested other possible explanations for your observations. As a scientist myself, I think that's how the process works.
sorry, I have never heard of that institute (other than, now that I think about it, in another thread here on MP, I think). Sounds impressive/influencial. But with that information I have to admit to be somewhat surprised about your first message.
So what are the details of kd.376404? There are no top google results for it? As a virus expert why not share is that is real or potential issue? Given say 8/10 scanners say there is no issue I'd guess ther is not issue.
Indeed, the OP's post is extremely surprising, as someone with even minimal experience in this area of computer science would know that Heuristic Analysis can (and often does) result in False Positives, by definition. Indeed. As mentioned in this eSet White Paper (http://Go.eSet.com/us/resources/white-papers/Heuristic_Analysis.pdf): "Virus identification is a balance between two imperatives: the avoidance of false negatives (failure to detect an infection where one exists) and false positives (detection of a virus where none exists). As demonstrated by a cluster of false positive problems in several major scanners in the first few months of 2006, advances in the optimization of scanner technology have not eliminated the risk of false positives. Elimination of false positives is not always possible using heuristics, which by definition entail a degree of trial and error." And even more so when 41/43 scanners have identified no issues: http://www.VirusTotal.com/file-scan...12a0fc5a73c28f073d8c31d48bda08f9b4-1318313091 The reason there are no details, is because it is a result of a Heuristic Analysis (as described above), so the issue is potential, by definition, and, in the present case, non-existent.
EICAR has been around for 20 years now... I have left the post in 2008 to pursue my other research interests, Computer Forensics. So, it just came to my attention... I do not do any AV analysis anymore. My personal feeling is that it might be false positive, but after all that "shonky" experience with KVS that many of us have, one will never ever know... KVS was denying using certain "public" website - when that website went down, suddenly one of the methods in KVS stopped working. Now, KVS is denying any wrongdoing again, so judge yourself if we can trust it.
Are you referring to the well-known fact that heuristic analysis can (and does) produce False Positives? And if that was the subject of your thread, then you would have been correct: -------- Original Message -------- Subject: Avira Lab Response - Tracking number 852616 Date: Wed, 12 Oct 2011 10:49:04 +0200 From: Avira Virus Lab Response Team Dear Sir or Madam, Thank you for your email to Avira's virus lab. Tracking number: INC00852616. A listing of files alongside their results can be found below: Code: File ID Filename Size (Byte) Result 26336898 KVS_AvailabilityT...R3.exe 1.72 MB FALSE POSITIVE Please find a detailed report concerning each individual sample below: Filename Result KVS_AvailabilityT...R3.exe FALSE POSITIVE The file 'KVS_AvailabilityTool_Setup.EXE_V6.5.1R3.exe' has been determined to be 'FALSE POSITIVE'.In particular this means that this file is not malicious but a false alarm. Detection will be added to our virus definition file (VDF) with one of the next updates.Detection will be removed from our virus definition file (VDF) with one of the next updates. Alternatively you can see the analysis result here: http://analysis.avira.com/samples/d...UNbd0KCygUM807tdXkbBH2wznCN&incidentid=852616 [..] Kind regards Avira Virus Lab --------------------------------------------- Avira Operations GmbH & Co. KG Kaplaneiweg 1, 88069 Tettnang, Germany Phone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-500 3000 Internet: http://www.avira.com ---------------------------------------------
For your reminder, it is "Is or does KVS contain Trojan?" Do you see the question mark at the end? I never said it was indeed Trojan, I asked. Seems that on top of all the other problems you have, you also have problems with your eyesight and with understanding English... You have proven your point, happy?
I have been using KVS for several years and almost daily. It is a trustworthy tool and gives me all the info I need. He has always treated me with respect when I have had need to be in contact with him.
You should carefully read other threads to find out about KVS's questionable practices... I dared to criticise his business practices and I was denied renewal of my licence. To be fair, he has always been very courteous but that's where it stops...
My only thoughts from reading other threads are that he: A. Provides a good service B. Seems to arouse a certain number of people who appear to be purists but may have other agendas. C. He has survived several years w/o anyone suing him so I would suggest his site is legitmate. D. Of great wonderment, after reading your heavily flavored comments, is why you wanted to retain a membership. Its a good service and it does what I need it to do.
The answer to D. is very simple: My main problem with KVS is not what and how he is doing it, because as you pointed in C. "his victims probably do not mind", my problem is that he does not want to acknowledge it, even though that others and I have provided clear proofs of it - and I think I have made this clear before... I can manually do whatever he does (after thoroughly analysing his tool I know exactly where and how he goes), but it will take me much longer to do that compared to his tool. So I do use the tool (well, for last two days) because my time is money and his tool gives me more time to earn more money
I do take offense to you paraphrasing me wrongly......I didn't use the word victim or even imply it. That's your prejudical thinking. I don't for a minute think KVS is rocket science but it is a service he developed and commercialized so good for him.
I have submitted the sample to two independent experts and while I am still waiting for one of them, I am now confident that it was a false positive and that KVS installation file does not contain any malware.
