December 21, 2007 6:04 AM PST

Kaspersky inadvertently quarantines Windows Explorer

By David Meyer
Special to CNET News.com

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Kaspersky inadvertently quarantines Windows Explorer

Related Stories: Microsoft flags Gmail as a virus
November 13, 2006; AOL offers free antivirus software
August 7, 2006; Flaw found in Kaspersky antivirus
October 3, 2005; McAfee's Trojan horse error gets developer's goat
September 10, 2004
Related Blogs: Kaspersky's secret to success
News Blog
August 21, 2007; Antiviral marketing: Kaspersky and me
News Blog
October 10, 2007; Antiviral marketing: Kaspersky and me
News Blog
October 10, 2007

Windows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.

Users of Kaspersky Lab's antivirus products noticed the issue, which Kaspersky claimed lasted two hours, on Wednesday night.

The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files.

David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net."

"This is classic false-alarm territory," Emm said. "We will check through our systems and see if we can tighten them up so we don't run into this problem in the future. No antivirus company, including ourselves, can say they have never had a false alarm, (but) on all fronts, we do what we can to minimize any potential risk for our customers."

Emm pointed out that Kaspersky adds about 3,000 records per week to its database, demonstrating the "scale of the issue, in terms of testing procedures."

The "offending signature" went out at around 7 p.m. on Wednesday, according to Emm, who claimed that it was pulled two hours later in a "makeshift" attempt to limit the damage while Kaspersky examined the signature.

"We proactively went out to our enterprise customers to make them aware there was this potential issue," Emm said. "Only one corporate customer (in the U.K.) encountered this problem, as well as a handful of home users." He added that users who have not changed their default settings would have found explorer.exe to be only quarantined, rather than deleted.

In March of this year, Kaspersky criticized Microsoft's consumer antivirus product, OneCare, for incorrectly quarantining and, in some cases, deleting Microsoft Outlook files.

David Meyer of ZDNet UK reported from London.

See more CNET content tagged:
Kaspersky Lab, Microsoft Windows Explorer, antivirus, antivirus company, Microsoft Corp.

Add a Comment (Log in or register) 18 comments

Not necessarily a false positive
by pinowudi December 21, 2007 7:19 AM PST: Considering there are newly released malicious codes that inject
directly into the Windows Explorer memory space, Kaspersky's
deetction is neither invalid or a false positive. At that point
Windows Explorer is a malicious process that needs to be
mitigated. Note that it is not replacing explorer.exe as many
previous virii have attempted. It is mangling the legitimate copy
as it is running to achieve it's ends.

One example:
http://www.symantec.com/enterprise/security_response/weblog
/2007/08/the_new_peacomm_infection_tech.html; Reply to this comment

Explorer.exe *IS* malicious code. They were right
by Anon-Y-mous December 21, 2007 7:30 AM PST: Explorer.exe and IExplorer.exe are the two things that let everything bad into a windows system. Therefore by definition it IS malicious. Delete it and replace with a real OS and you'll be much safer.; Reply to this comment View all 2 replies
Processing

Kapsersky Maybe Right
by i_made_this December 21, 2007 8:30 AM PST: In general, this false positive ironically agrees with a positive on windows explorer executable in continuous use as an "undefined process" (and thus never wholly safe) by Microsoft Corp. MSFT enterprise security as well as retail security products, while not outright banning or quaranteening explorer both keep in a suspended state of being a "dangerous process."; Reply to this comment

Thumbs Up Kaspersky
by jeffgtr60 December 21, 2007 9:11 AM PST: Now if Kaspersky could just find a way to quarantine IE from the net the world would be a better place. Untold amounts of money and time would be saved coding standards compliant websites. The general health and well being of webdesigners all over the planet would improve resulting in a slight decrease in health care costs. Web users could breath a sigh of relief that the web would at least be a slightly safer place. Ahhh one can at least dream can't they?; Reply to this comment

Shouldn't that be "iexplore.exe"?
by Penguinisto December 21, 2007 9:54 AM PST: "explorer.exe" is the main 'doze file browser, and the taskbar (among a ton of other services) rely on it.

"iexplore.exe" is the bug-ridden, standards-hating, lock-in-generating web broswer thingy.

/P; Reply to this comment View reply
Processing

I would love to have explorer quarantined!
by sktuarim December 21, 2007 10:20 AM PST: With as many problems over the years with explorer windows freezing up or just plain not working, maybe it should be quarantined. It is not as if Microsoft will correct the problems within Windows.; Reply to this comment

I've also heard of
by hawkeyeaz1 December 22, 2007 11:46 AM PST: McAfee on a Vista machine flagging (and trying to remove) msconfig/System Configuration Utility. Unfortunately, I wasn't able to do much more analyzing with it.; Reply to this comment

what a blunder....
by ncftech December 22, 2007 1:09 PM PST: it was supposed to quarantine Windows Vista....(ALL FILES). . Sorry MSFT, Vista suuuuuuxxxxxxx......; Reply to this comment

Take the Norton Challenge
by mytetteh December 24, 2007 1:53 AM PST: For those of you who have not considered Norton lately: Maybe it's time to take the Norton Challenge and see how we have improved! Check this out -- http://www.takethenortonchallenge.com/ See how we have enhanced our performance. And just give it a try, there's a money back guarantee!; Reply to this comment View reply
Processing

Kaspersky quarantines-Windows-Explorer?
by as901 December 24, 2007 3:56 AM PST: Perhaps they see Windows as a virus? I do.; Reply to this comment

You need to place this in the computer humor section
by wbenton December 24, 2007 8:32 PM PST: >>>Windows Explorer, one of the most crucial components of Microsoft's operating system<<<

That lead line just about sums up a whole bunch of Microsoft's security problems!

If IE is one of the most crucial components of Microsoft's OS, then they're doomed to fail one of these days.

IE is the most insecure browser in the world... and Microsoft freely opens it's OS innards up to IE in a way that no other manufacturer's application could do because they use so many secret built-in holes to get IE to do the insecure things the way it does!

If Microsoft ever opened up all their secrets about IE, you'd find 90% or more of Microsoft security woes wrapped up in this one nutshell!

Walt; Reply to this comment View all 3 replies
Processing

Latest tech news headlines

The main problem with Windows Vista
Posted in Defensive Computing by Michael Horowitz

September 6, 2008 7:50 PM PDT
Google-focused satellite enters orbit
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 7:33 PM PDT
In NFL deal, an extra point for Adobe's Flash
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 6:40 PM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
Google-focused satellite enters orbit
The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Crossfade
The Standard, 'A Different Skin': Free MP3 of the Day
Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.