Thinkpads Forum

Est. 1995 - Copyright © 1995-2017 (see FAQ for details)
https://forum.thinkpads.com/

TpKnrres.exe identified as Virus (InfoStealer)

https://forum.thinkpads.com/viewtopic.php?f=18&t=106259

Page 1 of 1

TpKnrres.exe identified as Virus (InfoStealer)

Posted: Mon Sep 17, 2012 1:19 pm
by hyde
I assume it is a false positive but I still wanted to post about this here, in case someone reached out to Lenovo or Symantec about this.
It is also strange that while it was reported back in 2011 today is the first time I was warned by Norton about this.

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

http://gyazo.com/6d16bb12b5ca30be243942 ... 1347904872

http://gyazo.com/cc46c6ed22ba2d168d3782 ... 1347905489
Resolved Threats:
No risks have been resolved

Unresolved Threats:
Infostealer
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Not Attempted
-----------
8 Registry Entries
HKEY_USERS\S-1-5-21-2023814471-3051691555-3246933146-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->Hidden:1 - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->Hidden:1 - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->Hidden:1 - No action taken
HKEY_USERS\S-1-5-21-2023814471-3051691555-3246933146-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - No action taken
HKEY_USERS\S-1-5-21-2023814471-3051691555-3246933146-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - No action taken
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run->LENOVO.TPKNRRES - No action taken
2 Files
c:\program files\lenovo\communications utility\tpknrres.exe - No action taken
c:\program files\lenovo\communications utility\tpknrres.exe - No action taken
1 Process
c:\program files\lenovo\communications utility\tpknrres.exe - No action taken
1 Browser Cache

Re: TpKnrres.exe identified as Virus (InfoStealer)

Posted: Mon Sep 17, 2012 1:29 pm
by ajkula66
Get rid of Norton and sleep tight... :D

Re: TpKnrres.exe identified as Virus (InfoStealer)

Posted: Mon Sep 17, 2012 2:06 pm
by RealBlackStuff
+1, and then some!

Re: TpKnrres.exe identified as Virus (InfoStealer)

Posted: Mon Sep 17, 2012 9:49 pm
by ThinkRob
If you're going to pay for anti-virus, you may as well get NOD32 and call it a day. Otherwise, I'd recommend MSE.

But either way, Norton does not enter into the picture. There's a reason for that.
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/