Results 1 to 4 of 4

Thread: Anti-Spyware deep inspection scan reports KIX32.EXE as Trojan Win32.Backdoor.Bifrost

  1. #1
    fusspot Guest

    Default Anti-Spyware deep inspection scan reports KIX32.EXE as Trojan Win32.Backdoor.Bifrost

    Today (15 JUL 2008) KIX32.EXE (versions
    .451 to .460) from www.kixtart.org is reported as having Win32.Backdoor.Bifrost malware, yet http:\\virusscan.jotti.org and www.viscan.org report nothing detected when the file is uploaded and scanned by them. My definitions were last updated today and my anti-spyware engine is 5.0.189.0 from Security Suite 7.0.483.000. KIX is a scripting environment with a large user base. By quarantining KIX32 all my admin scripts are defunct. Is KIX32.EXE malware?

    Operating System:Windows XP Pro
    Software Version:
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    riceorony Guest

    Default Re: Anti-Spyware deep inspection scan reports KIX32.EXE as Trojan Win32.Backdoor.Bifrost

    Try to get a second opinion by scanning with legitimate and good programs.

    Follow these directions:
    1.) Perform a free online scan by visiting b i tdefender.com (connect all the letters). Make sure to use internet explorer and follow the prompts as it continues. This will both scan and remove any detected infections (a very good free antivirus/antispyware scan)
    2.) Download the FREE home version of Superantispyware by visiting (http://superantispyware.com/superant...freevspro.html), update, and perform a complete scan of your drive
    3.) Download the FREE version of A-squared FREE 3.5 by visiting (http://www.emsisoft.com/en/software/download/), update and perform a deep scan of your drive.
    4.) Download the FREE version of MalwareBytes by visiting (http://www.malwarebytes.org/) and downloading the latest version.
    5.) Update ZA-ISS, physically disconnect your computer from the internet, and reboot into SAFE MODE WITH NETWORKING. Load up ZA-ISS and perform a complete scan.

    That right there will ensure that your computer is most likely clean.

    If you're still worried about a possible infection, then download HiJack This! by TrendMicro and posting to such sites like www.castlecops.com, www.bleepingcomputer.com, www.geekstogo.com

    Good luck!

  3. #3
    fusspot Guest

    Default Re: Anti-Spyware deep inspection scan reports KIX32.EXE as Trojan Win32.Backdoor.Bifrost



    Ricerony, both viruscan.org and virustotal.com include **bleep** in their scans with, amongst others, Panda, Kapersky, McAfee, Sophos, Symantec. None report a problem with KIX32.exe. ZoneAlarm only reports a problem with it in deep inspection scan mode.
    The recommended, 'Intelligent Quick Scan' doesn't pick it up at all. My KIX32.EXE is part of KIXTART, the scripting environment, with KIX32.EXE being the script interpreter executable. My KIX32.EXE file
    is not located
    on the %SystemDrive%. KIXTART has been around for a good few years
    and is used widely in commercial setups. I have notified
    the KIXTART community of ZoneAlarm's spyware status detection of their KIX32.EXE. At this moment I don't distrust KIXTART but I do want to understand why ZoneAlarm does.

  4. #4
    riceorony Guest

    Default Re: Anti-Spyware deep inspection scan reports KIX32.EXE as Trojan Win32.Backdoor.Bifrost

    fusspot,

    Then most likely it's a false positive if you can verify the validity of the program (which you say is good). The way anti-virus and anti-spywares mainly detect infections is based on definitions/rules that either look for the common registry entries, program files in specific locations, and HASH files (tid-bits of files) created by malware. More than likely your version of KIX32.exe shares some common code with a true malware program, and was accordingly flagged.

    False positives are a common sort for most security vendors (some are afflicted by them much more than others). You are welcome to submit your false positive report to Zonelabs and they will usually get back with you whether it is a true FP or a true infection after inspection.

    http://smartdefense.zonealarm.com/tm...cReporting.jsp

    Good luck!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •