Is or does KVS contain Trojan?

Discussion in 'KVS' started by vbroucek, Oct 10, 2011.  |  Print Topic

  1. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    It came to my attention that several antivirus engines report latest release of KVS tool as being Trojan. I would understand it if one engine was reporting incorrectly, but four??? What's happening?
     
  2. bonnerbl
    Original Member

    bonnerbl Gold Member

    Messages:
    800
    Likes Received:
    2,046
    Status Points:
    1,170
    Did you ask KVS?
     
    KVS Tool likes this.
  3. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    After what happened to me, I do not trust KVS at all...
     
  4. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Link?

    When I google "KVS Trojan" I get lots of hits about "TR/Dldr.KVS.trojan", but that seems to be old stuff dating back to at least 2006 and unrelated to the KVS airline tool.

    But then it doesn't matter to you anymore either, right? (if I recall from an earlier thread, your account wasn't renewed)
     
    KVS Tool likes this.
  5. Scottrick
    Original Member

    Scottrick Gold Member

    Messages:
    2,586
    Likes Received:
    4,078
    Status Points:
    2,570
    The way the software behaves may be similar to that of a Trojan, which could get it flagged unless the AV firms specifically clear it as okay. This is why some releases of AV software will flag things like Firefox as a threat, even though it clearly is not. Given the relatively low publicity of KVS Tool among the general public, it would not surprise me if some new AV standard has gotten it flagged, and no one thought to fix the erroneous message.
     
    KVS Tool likes this.
  6. Scottrick
    Original Member

    Scottrick Gold Member

    Messages:
    2,586
    Likes Received:
    4,078
    Status Points:
    2,570
    This might be another explanation. Someone else used the same three letters, and now it's flagged by association.
     
  7. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Indeed.
     
  8. KVS Tool

    KVS Tool Z Representative

    Messages:
    402
    Likes Received:
    245
    Status Points:
    520
    Needless to say, the KVS Tool does not contain any Trojans.

    Indeed, there is a particularly high risk of false positives when it comes to web browsers (which includes specialized web browser applications like the KVS Tool).

    A comprehensive scan using 43 AntiVirus products further confirms that there are no issues with the actual KVS Tool executable (V6.5.1.R3):

    http://www.VirusTotal.com/file-scan...8b51a0b7a542c6d1fe94816c16b0788cdc-1318311600

    Simply re-packaging the current release as V6.5.1.R3P2 without any actual changes appears to have cleared most of those false positives in the Setup package, with the exception of one that relates to a Microsoft-provided component by eSafe (which has now been reported to the appropriate party).

    http://www.VirusTotal.com/file-scan...12a0fc5a73c28f073d8c31d48bda08f9b4-1318313091
     
  9. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    Hey guys - I have been Scientific Director of EICAR (European Institute for Computer Antivirus Research) for four years. I know what I am talking about...

    Another comprehensive scan shows that V6.5.1.R3P2 is Trojan in three different engines... http://virusscan.jotti.org/en/scanresult/72fe0e351b7d36595c377461f39180d409d3a4df
     
  10. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    It indeed matters, particuarly after what he did to me! My account is still valid for the next few days...
     
  11. Scottrick
    Original Member

    Scottrick Gold Member

    Messages:
    2,586
    Likes Received:
    4,078
    Status Points:
    2,570
    No one said you were wrong. We suggested other possible explanations for your observations. As a scientist myself, I think that's how the process works.
     
  12. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    sorry, I have never heard of that institute (other than, now that I think about it, in another thread here on MP, I think). Sounds impressive/influencial. But with that information I have to admit to be somewhat surprised about your first message.
     
    KVS Tool and iolaire like this.
  13. iolaire
    Original Member

    iolaire Gold Member

    Messages:
    3,510
    Likes Received:
    5,767
    Status Points:
    4,170
    So what are the details of kd.376404? There are no top google results for it? As a virus expert why not share is that is real or potential issue?

    Given say 8/10 scanners say there is no issue I'd guess ther is not issue.
     
    KVS Tool and HaveMilesWillTravel like this.
  14. KVS Tool

    KVS Tool Z Representative

    Messages:
    402
    Likes Received:
    245
    Status Points:
    520
    Indeed, the OP's post is extremely surprising, as someone with even minimal experience in this area of computer science would know that Heuristic Analysis can (and often does) result in False Positives, by definition.

    Indeed. As mentioned in this eSet White Paper (http://Go.eSet.com/us/resources/white-papers/Heuristic_Analysis.pdf):

    "Virus identification is a balance between two imperatives: the avoidance of false negatives (failure to detect an infection where one exists) and false positives (detection of a virus where none exists). As demonstrated by a cluster of false positive problems in several major scanners in the first few months of 2006, advances in the optimization of scanner technology have not eliminated the risk of false positives.

    Elimination of false positives is not always possible using heuristics, which by definition entail a degree of trial and error."​

    And even more so when 41/43 scanners have identified no issues:

    http://www.VirusTotal.com/file-scan...12a0fc5a73c28f073d8c31d48bda08f9b4-1318313091

    The reason there are no details, is because it is a result of a Heuristic Analysis (as described above), so the issue is potential, by definition, and, in the present case, non-existent.
     
  15. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    I am waiting for results of manual analysis and will post it as soon as I receive it.
     
  16. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    EICAR has been around for 20 years now... I have left the post in 2008 to pursue my other research interests, Computer Forensics. So, it just came to my attention... I do not do any AV analysis anymore. My personal feeling is that it might be false positive, but after all that "shonky" experience with KVS that many of us have, one will never ever know...

    KVS was denying using certain "public" website - when that website went down, suddenly one of the methods in KVS stopped working. Now, KVS is denying any wrongdoing again, so judge yourself if we can trust it.
     
  17. KVS Tool

    KVS Tool Z Representative

    Messages:
    402
    Likes Received:
    245
    Status Points:
    520
    Are you referring to the well-known fact that heuristic analysis can (and does) produce False Positives?

    And if that was the subject of your thread, then you would have been correct:

    -------- Original Message --------
    Subject: Avira Lab Response - Tracking number 852616
    Date: Wed, 12 Oct 2011 10:49:04 +0200
    From: Avira Virus Lab Response Team

    Dear Sir or Madam,

    Thank you for your email to Avira's virus lab.
    Tracking number: INC00852616.

    A listing of files alongside their results can be found below:
    Code:
    File ID         Filename                        Size (Byte)     Result
    26336898        KVS_AvailabilityT...R3.exe      1.72 MB         FALSE POSITIVE
    Please find a detailed report concerning each individual sample below:

    Filename Result
    KVS_AvailabilityT...R3.exe FALSE POSITIVE


    The file 'KVS_AvailabilityTool_Setup.EXE_V6.5.1R3.exe' has been
    determined to be 'FALSE POSITIVE'.In particular this means that this
    file is not malicious but a false alarm.
    Detection will be added to our
    virus definition file (VDF) with one of the next updates.Detection will
    be removed from our virus definition file (VDF) with one of the next
    updates.

    Alternatively you can see the analysis result here:
    http://analysis.avira.com/samples/d...UNbd0KCygUM807tdXkbBH2wznCN&incidentid=852616

    [..]

    Kind regards
    Avira Virus Lab

    ---------------------------------------------
    Avira Operations GmbH & Co. KG
    Kaplaneiweg 1, 88069 Tettnang, Germany
    Phone: +49 (0) 7542-500 0
    Fax: +49 (0) 7542-500 3000
    Internet: http://www.avira.com
    ---------------------------------------------
     
  18. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    For your reminder, it is "Is or does KVS contain Trojan?" Do you see the question mark at the end? I never said it was indeed Trojan, I asked. Seems that on top of all the other problems you have, you also have problems with your eyesight and with understanding English...

    You have proven your point, happy?
     
  19. I have been using KVS for several years and almost daily. It is a trustworthy tool and gives me all the info I need.
    He has always treated me with respect when I have had need to be in contact with him.
     
  20. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    You should carefully read other threads to find out about KVS's questionable practices...

    I dared to criticise his business practices and I was denied renewal of my licence.

    To be fair, he has always been very courteous but that's where it stops...
     
  21. My only thoughts from reading other threads are that he:
    A. Provides a good service
    B. Seems to arouse a certain number of people who appear to be purists but may have other agendas.
    C. He has survived several years w/o anyone suing him so I would suggest his site is legitmate.
    D. Of great wonderment, after reading your heavily flavored comments, is why you wanted to retain a membership.

    Its a good service and it does what I need it to do.
     
  22. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    The answer to D. is very simple:
    1. My main problem with KVS is not what and how he is doing it, because as you pointed in C. "his victims probably do not mind", my problem is that he does not want to acknowledge it, even though that others and I have provided clear proofs of it - and I think I have made this clear before...
    2. I can manually do whatever he does (after thoroughly analysing his tool I know exactly where and how he goes), but it will take me much longer to do that compared to his tool. So I do use the tool (well, for last two days) because my time is money and his tool gives me more time to earn more money :D
     
  23. I do take offense to you paraphrasing me wrongly......I didn't use the word victim or even imply it. That's your prejudical thinking.
    I don't for a minute think KVS is rocket science but it is a service he developed and commercialized so good for him.
     
    kellio and HaveMilesWillTravel like this.
  24. vbroucek
    Original Member

    vbroucek Silver Member

    Messages:
    305
    Likes Received:
    241
    Status Points:
    470
    I have submitted the sample to two independent experts and while I am still waiting for one of them, I am now confident that it was a false positive and that KVS installation file does not contain any malware.
     

Share This Page