Author Topic: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat  (Read 1167 times)

0 Members and 1 Guest are viewing this topic.

Offline SpaceBun

  • Newbie
  • *
  • Posts: 2
Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
« on: October 08, 2020, 01:32:13 AM »
Hello!

I have the free Avast Antivirus installed on my Windows 10 computer but sometimes like to download and run the free Kaspersky Virus Removal Tool (KVRT) just as a second opinion scan for malware. However, whenever I run this scan, KVRT seems to drop a couple of .tmp files into my C:\Users\*****\AppData\Local\Temp which usually look something like this "iocXXX.tmp". Avast detects a Win64:Vitro threat on the .tmp files and locks them away in the virus chest while the KVRT scan runs.

I'm wondering if these are actual threats or false positives. I'm also wondering if KVRT is able to accurately scan my system while Avast has these .tmp files locked up in the virus chest. I usually just let KVRT complete the scan regardless of the threat detection but can't help but think it's being inhibited by Avast. Would it be irresponsible to disable Avast while KVRT does its thing?

Any incite would be greatly appreciated!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 68073
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
« Reply #1 on: October 08, 2020, 11:11:00 AM »
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
Win 8.1 [x64] - Avast PremSec 20.10.2441.Beta4 [UI.584] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5.1 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline SpaceBun

  • Newbie
  • *
  • Posts: 2
Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
« Reply #2 on: October 08, 2020, 08:29:50 PM »
Here's the result from VirusTotal. I sent both files separately but they each had this same result.

"iocABBE.tmp" and "ioc544.tmp"
https://www.virustotal.com/gui/file/6d246ed3d1702fcfd4c6f2b0792682fda2fbb568b5cdabd7a626779f5bd92304/detection

This is my first time using VirusTotal so I can't be sure what to think of it.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 68073
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
« Reply #3 on: October 09, 2020, 07:09:50 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Win 8.1 [x64] - Avast PremSec 20.10.2441.Beta4 [UI.584] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5.1 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline strakl

  • Full Member
  • ***
  • Posts: 141
Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
« Reply #4 on: October 26, 2020, 07:13:06 PM »
It's strange that .tmp files by an antivirus vender would be flagged as malware?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84162
  • No support PMs thanks
Re: Kaspersky Virus Removal Tool Free (KVRT) Win64:Vitro Threat
« Reply #5 on: October 26, 2020, 07:26:11 PM »
The file type .tmp could be almost anything with just the file type .tmp used.

Another possibility that these could also be virus signatures used in the scans and the signatures could be picked up.

It isn't that unusual for one AV to detect something about what another AV is doing when both are running.  I too would be reluctant to disable Avast in these circumstances, but be aware of the possibility of a detection whilst the other is running a scan.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.609) UI-1.0.580/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security