Win32 klayout.exe 0.19.3 detected as trojan by Kaspersky

edited May 2010 in General

Hallo,

Kaspersky recently started to report the Win32 executable "klayout.exe" in version 0.19.3 as a trojan (Trojan.Win32.Vilsel.abzb). That can be verified with Kaspersky's online scanner (http://www.kaspersky.com/de/virusscanner).

Only version 0.19.3 is reported, 0.19.2 and 0.20 are not considered dangerous.

klayout.exe of 0.19.2 and 0.19.3 differ in a few bytes only - namely date and version strings. This I hope, serves as a proof that there is no trojan hidden inside klayout.exe in version 0.19.3. Obviously, I have managed to trigger the signature detector inside the Kaspersky scanner.

Best regards,

Matthias

Comments

  • edited November -1
    That's funny ))
    P.S. I'm former Kaspersky's employee
  • edited November -1

    Hi all,

    Kaspersky has removed klayout.exe from their signature files. Lately, all versions have been reported to contain a virus. Kaspesky has confirmed that it was a false positive and changed their signatures accordingly. klayout.exe now is clean.

    McAfee who also reported klayout.exe as containing a virus sent a note that it would take 4 to 6 weeks to confirm the false positive ...

    Matthias

  • edited November -1
    Hello

    Could someone also contact AVG as they see Klayout as also containing a Virus

    The message reads "Trojan Horse Generic19ADEW"

    Even the version I had already installed I try downloading the latest version and still does it.
  • edited November -1
    not sure if this link works but.
    http://www.virustotal.com/file-scan/report.html?id=4f136fcbd79577ca3b683135e2ab4361525d311fe1d8dd3e80e619d58f8353e4-1286275400
    Tested this file with Virustotal.
    and the problem is alot farther reaching that whats been posted above. Klayout is being flagged by 19 ot of 43 possible scan engines.
  • edited November -1
    I have submitted it to Avast as a false positive. hope that solves it for some.
  • edited November -1

    Thank you for taking care of that.

    Matthias

Sign In or Register to comment.