Jump to content

Kaspersky vs MalwareBytes


Recommended Posts

So I'm curious..upon first install I ran MalwareBytes 1.3.0..it found 3 things..1 of which the infamous Trojan.Alert..& 2 Registry Keys..anyway that isn't the point at all..so I removed them..it made the log..then said it needed to restart my computer to finish everything..so I let it..

As it was killing processes preparing to shutdown Kaspersky 8.0.0.454 popped up & told me MalwareBytes was trying to download a driver in a "hidden" way..the path was Local/Windows/System32/GXTMR.sys

I accepted it..since I figured well..I got the program from your site..I doubt it's malicious..

Anyway here I am..wondering what GXTMR.sys is :-)

Google brought up nothing :-*(

Thanks Much ^^

Link to post
Share on other sites

It's part of Kaspersky's heuristics, whenever it detects an unknown/hidden driver being installed (in this case the non-malicious driver being used to remove malware by MBAM), it alerts the user because this is a tactic commonly used by malicious trojans and rootkits to infect systems. It' not so much a false positive as a behavioral detection based on Kaspersky's parameters the same way it detects every game when you run it for the first time as a keylogger because games intercept user input (they have to so you can control your player with your keyboard and mouse or game controller). It's nothing to worry about as long as you trust the program that is displaying the suspicious behavior which in this case, seeing as Malwarebytes is one of the best anti-malware applications out there, you know it can be trusted and should be allowed.

Link to post
Share on other sites

As it was killing processes preparing to shutdown Kaspersky 8.0.0.454 popped up & told me MalwareBytes was trying to download a driver in a "hidden" way..the path was Local/Windows/System32/GXTMR.sys

Hi

You encountered this with KIS is suppose and not KAV ?

Thanks for your kind reply

Berny +++

Link to post
Share on other sites

Hi

You encountered this with KIS is suppose and not KAV ?

Thanks for your kind reply

Berny +++

Nope..KaV..with application integrity & most of the scanning options available

So once I saw the replies..I left it alone & didn't think another thing of it..until I saw the results of my next MalwareBytes scan..

GXTMR.png

GXTMR.sys was the file Kaspersky warned me about..I see the above about the potentially overzealous heuristics but now MB is telling me about it too.. :-/

Link to post
Share on other sites

Nope..KaV..with application integrity & most of the scanning options available

So once I saw the replies..I left it alone & didn't think another thing of it..until I saw the results of my next MalwareBytes scan..

GXTMR.png

GXTMR.sys was the file Kaspersky warned me about..I see the above about the potentially overzealous heuristics but now MB is telling me about it too.. :-/

I think I see it now..so these randomly named files in my system32 for the delete on reboot are being detected as trojan.downloader by MB..lol..potential False Positive? It doesn't seem to be removing itself either..leaving it available to be detected../shrug

When I deleted those 2 files it made another random in the same directory..same warning from Kaspersky..this time the file was named dllrv.sys..& MB is detecting it again as well

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.