cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Drivers & Software

whip2-1
Journeyman III
‎03-29-2022 02:51 PM

Latest chipset driver has trojan as per Kasperky & VirusTotal says its matches some rules

https://www.virustotal.com/gui/file/09f95393059dafbc69a7dbd94ec6f913d491433b98c9d8fbb878154f0e8e8a58...

File URL: https://drivers.amd.com/drivers/amd_chipset_software_4.03.03.431.exe

It can be dowloaded from(scroll down to bottom): https://www.amd.com/en/support/kb/release-notes/rn-ryzen-chipset-4-03-03-431

Kaspersky prevented its installation & the logs say trojan, so I checked on virustotal
-----
Please check with software team & cybersecurity team.

From VirusTotal:

1 match for rule Oilrig by Ariel Millahuel from SOC Prime Threat Detection Marketplace
OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industries; however, this group has occasionally targeted organizations outside of the Middle East as well. It also appears OilRig carries out supply chain attacks, where the threat group leverages the trust relationship between organizations to attack their primary targets.
 View rule View matches
 
1 match for rule Suspicious Script Execution From Temp Folder by Florian Roth, Max Altgelt from Sigma Integrated Rule Set (GitHub)
Detects a suspicious script executions from temporary folder
 View rule View matches
 
1 match for rule Execution of Suspicious File Type Extension by Max Altgelt from Sigma Integrated Rule Set (GitHub)
Checks whether the image specified in a process creation event doesn't refer to an .exe file (caused by process ghosting or other unorthodox methods to start a process)
 View rule View matches
 
1 match for rule Execution Of Non-Existing File by Max Altgelt from Sigma Integrated Rule Set (GitHub)
Checks whether the image specified in a process creation event is not a full, absolute path (caused by process ghosting or other unorthodox methods to start a process)
 View rule View matches
 
28 matches for rule Stop Windows Service by Jakob Weinzettl, oscd.community from Sigma Integrated Rule Set (GitHub)
Detects a windows service to be stopped
0 Likes
1 Solution
PManaus
In response to whip2-1
Adept I
‎03-31-2022 07:12 AM

Good Morning!..
I use kaspersky total security and I installed the new chip set driver without normally. The antivirus did not detect any viruses.
I would contact kapersky support and report what happened.
I once had a similar situation when installing starscape creator studio and I contacted kaspersky support and after some tests they concluded that it was a false positive.

View solution in original post

8 Replies
whip2-1
Journeyman III
‎03-29-2022 02:51 PM

I should highlight that prev version have not caused such detections

0 Likes
whip2-1
Journeyman III
‎03-29-2022 02:55 PM

@Ray_AMD kindly check

0 Likes
elstaci
In response to whip2-1
MVP
‎03-29-2022 05:52 PM

I bet it is a false Positive by your Anti-Virus software.

If AMD CHIPSET truly is virus infected then more Anti-Virus software would also tag it as malware.

The link you post clearly shows that it is safe to use.

I have installed the last AMD CHIPSET driver package without any issues or being tagged as being infected with a virus.

Recently my VPN has been falsely tagged as being infected with a virus by Window's Defender. This is a false positive after contacting my VPN about it.

If AMD gets more reports of their Chipset driver being infected from Kasperky than I imagine they will look into the matter and they will consult with your Anti-virus developer.

hrpuffnstuff
In response to elstaci
Miniboss
‎03-29-2022 05:58 PM

I'd ditch Kaspersky ASAP!

whip2-1
In response to elstaci
Journeyman III
‎03-30-2022 12:31 PM

could be a supply chain attack

0 Likes
PManaus
In response to whip2-1
Adept I
‎03-31-2022 07:12 AM

Good Morning!..
I use kaspersky total security and I installed the new chip set driver without normally. The antivirus did not detect any viruses.
I would contact kapersky support and report what happened.
I once had a similar situation when installing starscape creator studio and I contacted kaspersky support and after some tests they concluded that it was a false positive.

digitaluser504
Journeyman III
‎06-15-2022 05:46 AM

I am a beginner in cybersecurity. I have a huge firewall log file(14GB). I have to find out which are all the source IP have sent maximum bytes (accumulated) to (destination IP) and tabulate the top 10 results in descending order along with additional details like Date, time, service, country. For example , IP-1 have sent 70bytes on first request and 40bytes on second request, IP-2 have sent 90 bytes on first request and 10 bytes on second request. So, IP-1 is the one who sent max bytes accumulated (110bytes) than IP-2 (100bytes) -Find out which Country (source Country) have sent maximum bytes (accumulated) to (destination IP) and tabulate the top 10 results in descending order along with additional details like Date, time, service, IP.

0 Likes
FederaluL
Adept III
‎06-15-2022 06:44 AM

sorry, KasperWho?

EK watercooled 6900xt - 5900x - Lian Li XL - Samsung neo G8 - Logitech G910 - Hero G502
0 Likes