Author Topic: Kryptik-PFA [Trj]  (Read 56740 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Kryptik-PFA [Trj]
« on: May 06, 2015, 08:28:38 PM »
Users all over my network are getting infection alerts for Kryptik-PFA [Trj] after the latest 150506-3 update.  I think it's a massive false-positive reaction.  Can anyone confirm and fix on the next update?

Offline CSEIT

  • Newbie
  • *
  • Posts: 7
Re: Kryptik-PFA [Trj]
« Reply #1 on: May 06, 2015, 08:29:29 PM »
Users all over my network are getting infection alerts for Kryptik-PFA [Trj] after the latest 150506-3 update.  I think it's a massive false-positive reaction.  Can anyone confirm and fix on the next update?

Same here.

Offline Bassmaster

  • Jr. Member
  • **
  • Posts: 84
Re: Kryptik-PFA [Trj]
« Reply #2 on: May 06, 2015, 08:34:59 PM »
SAME HERE!

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #3 on: May 06, 2015, 08:41:00 PM »
We're seeing a major uptick in notifications for this virus too.

Offline CSEIT

  • Newbie
  • *
  • Posts: 7
Re: Kryptik-PFA [Trj]
« Reply #4 on: May 06, 2015, 08:43:42 PM »
What OS's? So far I haven't heard from anyone else. So far its just me with Windows 8.1

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #5 on: May 06, 2015, 08:44:42 PM »
It has started blocking chrome.exe district-wide on almost 22,000 machines! I'm dying over here!!!

Offline Bassmaster

  • Jr. Member
  • **
  • Posts: 84
Re: Kryptik-PFA [Trj]
« Reply #6 on: May 06, 2015, 08:52:16 PM »
so far its only happening to our windows 8.1 PC's as well.

Offline CSEIT

  • Newbie
  • *
  • Posts: 7
Re: Kryptik-PFA [Trj]
« Reply #7 on: May 06, 2015, 08:52:56 PM »
Can you change your group settings to 'no action' for now?

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #8 on: May 06, 2015, 08:54:08 PM »
Our systems are 64-bit Windows 7 Pro.

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #9 on: May 06, 2015, 08:54:47 PM »
We're seeing this in our school district, too. We're getting hits on 32-bit and 64-bit Windows 7 Professional.

We're getting false positives on "C:\windows\system32\MBWrp32.dll" mainly. I sent that file off to VirusTotal and got this back:

https://www.virustotal.com/en/file/8f9234b7efd9e06430c79615a3491f59e105622ad439db3042364ebbb0554e43/analysis/

We gotten a couple hits on "C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll", too.

It sure looks like a false positive. I threw on a couple of exclusions to try and stem the tide.

Anybody know if there's an API that I can use to connect to the "Virus Chest" on a hundred PCs to restore this file, or am I better off just copying it with a script?

Edit:

It looks like this is going to be a chance to exercise an "Auxiliary Task" to restore previously-detected files from the "Virus Chest" that are no longer detected *once* Avast updates the definitions.  >sigh<
« Last Edit: May 06, 2015, 09:00:14 PM by edanderson »

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #10 on: May 06, 2015, 09:00:46 PM »
Same here. Different files, machines all over the network.  Virustotal shows the files are clean, even by Avast.

Offline CSEIT

  • Newbie
  • *
  • Posts: 7
Re: Kryptik-PFA [Trj]
« Reply #11 on: May 06, 2015, 09:04:53 PM »
It looks like this is going to be a chance to exercise an "Auxiliary Task" to restore previously-detected files from the "Virus Chest" that are no longer detected *once* Avast updates the definitions.  >sigh<

Do you have a 'How to' on that? :)

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #12 on: May 06, 2015, 09:11:27 PM »
Same here

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #13 on: May 06, 2015, 09:12:03 PM »
Same here :(

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #14 on: May 06, 2015, 09:12:30 PM »
You guys/gals seeing this on 32-bit and 64-bit or just 32-bit?