Avast WEBforum

Other => Non-Avast security products => Topic started by: SpaceBun on October 08, 2020, 01:32:13 AM

Title: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
Post by: SpaceBun on October 08, 2020, 01:32:13 AM
Hello!

I have the free Avast Antivirus installed on my Windows 10 computer but sometimes like to download and run the free Kaspersky Virus Removal Tool (KVRT) just as a second opinion scan for malware. However, whenever I run this scan, KVRT seems to drop a couple of .tmp files into my C:\Users\*****\AppData\Local\Temp which usually look something like this "iocXXX.tmp". Avast detects a Win64:Vitro threat on the .tmp files and locks them away in the virus chest while the KVRT scan runs.

I'm wondering if these are actual threats or false positives. I'm also wondering if KVRT is able to accurately scan my system while Avast has these .tmp files locked up in the virus chest. I usually just let KVRT complete the scan regardless of the threat detection but can't help but think it's being inhibited by Avast. Would it be irresponsible to disable Avast while KVRT does its thing?

Any incite would be greatly appreciated!
Title: Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
Post by: Asyn on October 08, 2020, 11:11:00 AM
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
Title: Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
Post by: SpaceBun on October 08, 2020, 08:29:50 PM
Here's the result from VirusTotal. I sent both files separately but they each had this same result.

"iocABBE.tmp" and "ioc544.tmp"
https://www.virustotal.com/gui/file/6d246ed3d1702fcfd4c6f2b0792682fda2fbb568b5cdabd7a626779f5bd92304/detection

This is my first time using VirusTotal so I can't be sure what to think of it.
Title: Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
Post by: Asyn on October 09, 2020, 07:09:50 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
Post by: strakl on October 26, 2020, 07:13:06 PM
It's strange that .tmp files by an antivirus vender would be flagged as malware?
Title: Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
Post by: DavidR on October 26, 2020, 07:26:11 PM
The file type .tmp could be almost anything with just the file type .tmp used.

Another possibility that these could also be virus signatures used in the scans and the signatures could be picked up.

It isn't that unusual for one AV to detect something about what another AV is doing when both are running.  I too would be reluctant to disable Avast in these circumstances, but be aware of the possibility of a detection whilst the other is running a scan.