Virus when I install newest beta version

  • 1
  • Problem
  • Updated 3 months ago
Hello. I uninstalled the older version and downloaded the newer version so my chrome could work. I had to disable my anti-virus and restarted my computer reinstating my anti virus. However now my anti virus is detecting a Trojan that seems to be attached to the latest covenant eyes download! And now several of my system processes are not working due to malware. my antivirus says it detected "Trojan.Win32.Hosts2.gen"  located in C:\Windows\System32\drivers\ect\hosts.   I am 100% sure it was from the covenant eyes download because the same thing happened to another computer right after I downloaded the new version.  PLEASE HELP!
Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
Could you tell me what antivirus you're using? Also which version of Windows?

There is a host file change that we do make, but I've never seen it called that. I did forward this to our Windows devs to see if they are somehow related.

John talked about it on this thread and Windows Defender marks it as a potential threat, but I haven't seen that file before.

I will post back as soon as I know something more.
(Edited)
Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
*Update*

My suspicions concerning the host file change have been verified by one of our Windows team. It would still be really helpful to us to know the information about your Windows version(s) and antivirus, especially since they're working on the next step of helping systems understand we aren't malware.
Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes

I am running Windows 7 Home Premium and  Kaspersky.  When I run the Disinfect scan it pulls up a few processes that it says does not run in Windows or obtains an error and asks me to use a reinstallation disc to reinstall.  One of them is under System32\ole32.dll  I think


Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes

Same thing with something called Microsoft.NET/framework

Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes

C:\Windows\Microsoft.NET\Framework\v4.0.30319  is what it said there was an error or not configured to work with Windows  this just popped up through my Kaspersky along with the ole32.dll after I installed the new covenant eyes on both computers same exact thing

Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
Ahhh, Kaspersky. While we do continuously try to keep peace with antiviruses, there is a long history of butting heads with Kaspersky. In the case of this host file change, it is one of three that really dislike what we're doing. The other two are BitDefender and Zone Alarm. Windows Defender also pops up a potential threat, but sounds like its more laid back than those three.

To give you a little more insight, the host file changes are to allow us to see, rate, and filter searches on Google. You may actually see a pop up the first time you do a Google search about how SSL has been turned off.

I am assuming that your version of Windows is 64 bit, but could you confirm that for me?
Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
Sorry, I was checking in on Kaspersky and missed the messages that came in in between :/

I am checking on the framework and dll files now.
Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes
oh thank you!
Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes

yes I have seen that Google search pop up.  So the notification of the ole32.dll and the Microsoft.Net are all tied in to this as well? They pop up when I do the anti virus disinfect scan saying they are not working properly. After each scan it restarts my computer and asks me to scan again with the same results.  I am running 64 bit yes.  I never seemed to have this issue with Kaspersky and Covenant Eyes on any of the previous versions though.  So I need to switch my anti virus software?


Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes

just an FYI...these are work computers at my business and I just want to make sure before I open up any programs such as QuickBooks that what I am dealing with here isn't a virus or something that could damage my data or files.


Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
I believe so, but I'm double checking. 

We've had this change in Beta versions since February, but haven't really pushed any of those versions unless they helped fix a problem so maybe 10% of our Windows sign-ins are on versions that include the change. What we have seen on Mac, which did a full release of the change in March, is that Kaspersky actually deletes the hosts file when disinfect is run so Kaspersky and CE go round and round on it complete with the warning messages.

If you did want to switch antiviruses to something that is more Covenant Eyes friendly, I checked with the Customer Service team and they recommend AVG or Microsoft Security Essentials. Both of those are free. If you prefer a paid antivirus, I was told Norton is okay.
Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes
Oh ok. Yeah I will look into switching my anti virus then. Are the dll and framework files that I am having issues with also due to the incompatibility of Kaspersky with CE? So switching anti virus software should fix those as well? If I am understanding correctly
Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
I have spoken with the developers who worked on that version and it is possible that Kaspersky is freaking out because of the hosts file. We would, however, hate to have your data messed with if there is something else going on so here are some things you can do:

1. Uninstall, run Kaspersky to verify that everything is clear and reinstall to make absolutely certain that it is a Kaspersky/Covenant Eyes issue.

2. Install the 5.0.4.280 version of Covenant Eyes for Windows. It has the malicious downloads message attached, but Chrome will let you download it by jumping through warnings. Internet Explorer does not issue any warnings that I know of. Firefox will not allow the download. 

If you do do that, you may want to consider putting it on a drive or a shared space with your other work computers so you don't have to jump through all of the hoops multiple times. 

We have received word that Chrome works for people who have uninstalled and reinstalled that version. They also were talking about releasing a patch which may solve that problem.

3. Change antiviruses.

There is a beta that should be available in about a week that works better with Kaspersky, but it still won't be the optimum Covenant Eyes experience.

You can also call our Customer Support line, but I know they've been pretty slammed today so the wait time is long enough that I wanted to try and avoid that if possible for your sake and theirs.

Does that help?
(Edited)
Photo of Brad

Brad

  • 10 Posts
  • 0 Reply Likes
Yes this has been very helpful!! I do believe it is a Kaspersky/CE issue because on my other computer I uninstalled CE and restarted the computer and there are no issues detected through Kaspersky. I will be converting to Norton since that is what I used to use a few years ago.  Thank you again so much for the quick response time and detailed help.
Photo of Alaina

Alaina

  • 259 Posts
  • 8 Reply Likes
You're welcome! I'm glad I could help :)
Photo of Betty Barfield

Betty Barfield

  • 1 Post
  • 0 Reply Likes
The virus is back. 

I tried to install and Avast blocked it -- it says that the download is infected with the IDP.Generic virus.
Photo of Robert B

Robert B, Official Rep

  • 499 Posts
  • 47 Reply Likes
Betty,

In recent days, I have not seen or heard of this issue with our software. Let me make two suggestions:

1 - Turn off Avast and try installing CE one more time.
2 - Contact Customer Support via live chat or phone (877.479.1119). During the week, the team is available from 8 am - 11:45 pm (EST). On Saturdays, they are available from 10 am to 5:45 pm (EST). We are closed on Sundays.

Robert