Kaspersky - (No) Solution For False Positive Compiled Bots

[jomark3 25]

I was doing a little housekeeping today and I moved a Ubot folder to an area that I don't have whitelisted in Kaspersky. And sure enough, within a minute, Kaspersky identified a compiled bot in the folder as a virus and sent it to quarantine.

 

HOWEVER, I noticed that I had another compiled bot in that folder that Kaspersky left alone. Both bots were compiled using Ubot version 4.2.6. The only difference in the 2 compiled files is the one that was left alone had 'dash old' at the end of the file name. So I recompiled the bot that was just quarantined and gave it the name 'Bot Name-new.exe'.

 

It's been over an hour now and Kaspersky has not identified this bot as a virus.

 

So, in the future, I will be adding '-new' to the name of all of the bots that I create.

 

I'll keep the community posted if Kaspersky swoops in and identifies it as a virus, but for now, it seems to be a workable solution that prevents Kaspersky from giving false positives on compiled bots.

 

UPDATE:

 

Sorry, Kaspersky fans, both the -old.exe and the -new.exe file were identified and sent to quarantine after about 5 hours. Oh well, back to the drawing board.

[Anonym 53]

Hmmm... I don't know about Kaspersky, but lately I have got loads of messages from my AVG antivirus about bots being trojan horses.

[AutomationNinja 194]

For me using Kaspersky was pure hell. It f*ckd my computer. I spent to days trying to fix it. Over 2 hours on the phone with their support. Numerous help tickets and emails. I am fairly certain that kaspersky isn't even compatible with windows 8. I would highly recommend looking into using a different AV software. There are free ones that do a great job. Good luck!