[library_babel]

I was hoping that you could help me with a problem that I was discussing with a tech a Kaspersky forum and a tech at Kaspersky lab. Neither the forum tech nor the lab tech was able to resolve the issue. Here is a link to the forum discussion: http://forum.kaspers...howtopic=253983 Here are some highlights:

I am running Kasp Pure 2.0 12.0.2.733.

UDS:DangerousObject.Multi.Generic comes up once or twice a day when I open Outlook. I hit FIX. Goes away. Returns later.

Problematic file is CBS.dll in folder C:\Program Files (x86)\CyberLink\Power2Go

Ran TDSS killer, etc. but nothing was detected. Tech thought it might be a false positive and suggested I send it in to the lab.

I was unable to zip/archive sample to send to the lab. Kept getting "access denied".

I tried Md5Checker, but the file CBS.dll came up Not available (N/A): Invalid file path, file is missing or inaccessible.

That's where we hit a dead end.

Detection of UDS:DangerousObject.Multi.Generic still continues on a regular basis.

Thanks for taking a look!

Let me know if there are any reports you would like me to upload.

[Advertisements]

I'm pretty sure it's a false positive but I'm surprised that the Kaspersky people weren't more help.

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms64.exe
Copy and paste the following in the edit box:

C:\Program Files (x86)\CyberLink\Power2Go\cbs.dll

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

That should give you permission to do something with it.

See if you can upload it to www.virustotal.com


Please go to: VirusTotal

• Click the Choose File button and search for the following file (one by one):
  
  

  C:\Program Files (x86)\CyberLink\Power2Go\cbs.dll

• Click Open > Scan It!.
• Please be patient while the file is scanned.
• Copy and past the Link (URL) with the results.

If it won't let you submit it to virustotal boot into Safe Mode with Networking and try again:


(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

IF that doesn't work, while still in Safe Mode attempt to copy the file and paste it onto your desktop. Then submit the desktop copy.

Ron

[RKinner]

I'm pretty sure it's a false positive but I'm surprised that the Kaspersky people weren't more help.

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms64.exe
Copy and paste the following in the edit box:

C:\Program Files (x86)\CyberLink\Power2Go\cbs.dll

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

That should give you permission to do something with it.

See if you can upload it to www.virustotal.com


Please go to: VirusTotal

• Click the Choose File button and search for the following file (one by one):
  
  

  C:\Program Files (x86)\CyberLink\Power2Go\cbs.dll

• Click Open > Scan It!.
• Please be patient while the file is scanned.
• Copy and past the Link (URL) with the results.

If it won't let you submit it to virustotal boot into Safe Mode with Networking and try again:


(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

IF that doesn't work, while still in Safe Mode attempt to copy the file and paste it onto your desktop. Then submit the desktop copy.

Ron

[library_babel]

Perms txt

K

Attached Files

•  Perms 2-2-13.txt   391bytes   175 downloads

[library_babel]

https://www.virustot...d8ed1/analysis/



SHA256: a8a28e3b62a3f1d4dd25ecf83435fef885795d9c2c7e4c2e33f938fbbd1d8ed1
File name: CBS.dll
Detection ratio: 2 / 46
Analysis date: 2013-01-20 16:39:04 UTC ( 1 week, 6 days ago )

Only hits were:

Kaspersky UDS:DangerousObject.Multi.Generic 20130120

TrendMicro-HouseCall TROJ_GEN.F47V0822 20130120

[library_babel]

thank you so much for the clear, step-by-step instructions! it was VERY helpful

K

[RKinner]

You should be able to submit it to Kaspersky as a false positive now.

[library_babel]

Thanks so much! the md5checker worked this time and I sent it in to Kaspersky Lab. Best, K