Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UDS:DangerousObject.Multi.Generic


  • Please log in to reply

#1
library_babel

library_babel

    Member

  • Member
  • PipPip
  • 23 posts
I was hoping that you could help me with a problem that I was discussing with a tech a Kaspersky forum and a tech at Kaspersky lab. Neither the forum tech nor the lab tech was able to resolve the issue. Here is a link to the forum discussion: http://forum.kaspers...howtopic=253983 Here are some highlights:

I am running Kasp Pure 2.0 12.0.2.733.

UDS:DangerousObject.Multi.Generic comes up once or twice a day when I open Outlook. I hit FIX. Goes away. Returns later.

Problematic file is CBS.dll in folder C:\Program Files (x86)\CyberLink\Power2Go

Ran TDSS killer, etc. but nothing was detected. Tech thought it might be a false positive and suggested I send it in to the lab.

I was unable to zip/archive sample to send to the lab. Kept getting "access denied".

I tried Md5Checker, but the file CBS.dll came up Not available (N/A): Invalid file path, file is missing or inaccessible.

That's where we hit a dead end.

Detection of UDS:DangerousObject.Multi.Generic still continues on a regular basis.

Thanks for taking a look! :)

Let me know if there are any reports you would like me to upload.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I'm pretty sure it's a false positive but I'm surprised that the Kaspersky people weren't more help.

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms64.exe
Copy and paste the following in the edit box:

C:\Program Files (x86)\CyberLink\Power2Go\cbs.dll

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

That should give you permission to do something with it.

See if you can upload it to www.virustotal.com


Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\Program Files (x86)\CyberLink\Power2Go\cbs.dll

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.

If it won't let you submit it to virustotal boot into Safe Mode with Networking and try again:


(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

IF that doesn't work, while still in Safe Mode attempt to copy the file and paste it onto your desktop. Then submit the desktop copy.

Ron
  • 0

#3
library_babel

library_babel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Perms txt

K

Attached Files


  • 0

#4
library_babel

library_babel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
https://www.virustot...d8ed1/analysis/



SHA256: a8a28e3b62a3f1d4dd25ecf83435fef885795d9c2c7e4c2e33f938fbbd1d8ed1
File name: CBS.dll
Detection ratio: 2 / 46
Analysis date: 2013-01-20 16:39:04 UTC ( 1 week, 6 days ago )

Only hits were:

Kaspersky UDS:DangerousObject.Multi.Generic 20130120

TrendMicro-HouseCall TROJ_GEN.F47V0822 20130120
  • 0

#5
library_babel

library_babel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thank you so much for the clear, step-by-step instructions! it was VERY helpful :)

K
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
You should be able to submit it to Kaspersky as a false positive now.
  • 0

#7
library_babel

library_babel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks so much! the md5checker worked this time and I sent it in to Kaspersky Lab. Best, K
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP