You are here: Home > Multi-Monitor Resources > Forum

Guide
FAQ

Database
Gallery
Forum
Products
UltraMon

Programming
Links
Contact

Post Reply

Forums -> UltraMon™ -> Kaspersky Suspicious activity
Kasper   2010-01-29 10:53
Hello.
I'm using Ultramon 3.0.9 RC.

And my Kaspersky Antivirus 9.0.0.736 keeps warning me with the following:

"Suspicious activity:
Process is trying to inject module into all processes. This behavior is typical to some malicious programs.

Allow
Block
Quarantine
Terminate
"
Systeminfo:
2 monitors
Current desktop: 5120x1600 (0,0 - 5120,1600)

Monitor 1 - SyncMaster (primary):
Settings: 2560x1600, 32-bit color, 60 Hz refresh rate
Coordinates: 0,0 - 2560,1600. Workspace: 0,0 - 2560,1560
Video card: NVIDIA GeForce GTX 280
Device: \\.\DISPLAY1\Monitor0

Monitor 2 - SyncMaster:
Settings: 2560x1600, 32-bit color, 60 Hz refresh rate
Coordinates: 2560,0 - 5120,1600. Workspace: 2560,0 - 5120,1560
Video card: NVIDIA GeForce GTX 280
Device: \\.\DISPLAY2\Monitor0

Thanks in advance.
Regards Kasper
Kasper   2010-01-29 10:54
Just to clearify, this warning appears after opening a new window, explorer.exe, applications etc.
Christian Studer   2010-01-30 08:39
What's the name of the process that is trying to inject a module?

Christian Studer - www.realtimesoft.com
Kasper   2010-02-14 07:56
Hello, first of a sorry for the late reply.
This is the log of Kaspersky.

28-01-2010 23:37:44 Allowed: PDM.Invader (loader) C:\PROGRAM FILES (X86)\COMMON FILES\REALTIME SOFT\RTSHOOKINTEROP\X32\RTSHOOKINTEROP.EXE Action selected according to the settings RTSHookInterop
28-01-2010 23:37:38 Detected: PDM.Invader (loader) C:\PROGRAM FILES (X86)\COMMON FILES\REALTIME SOFT\RTSHOOKINTEROP\X32\RTSHOOKINTEROP.EXE RTSHookInterop
28-01-2010 23:37:38 Allowed: PDM.Invader (loader) C:\PROGRAM FILES\ULTRAMON\ULTRAMONTASKBAR.EXE Action selected according to the settings UltraMon Taskbar
28-01-2010 23:37:32 Detected: PDM.Invader (loader) C:\PROGRAM FILES\ULTRAMON\ULTRAMONTASKBAR.EXE UltraMon Taskbar
28-01-2010 23:37:31 Allowed: PDM.Invader (loader) C:\PROGRAM FILES\ULTRAMON\ULTRAMON.EXE Action selected according to the settings UltraMon
28-01-2010 23:37:11 Detected: PDM.Invader (loader) C:\PROGRAM FILES\ULTRAMON\ULTRAMON.EXE UltraMon

Best Regards
Kasper.
Christian Studer   2010-02-14 10:34
This is due to the hooks used by UltraMon.exe, UltraMonTaskbar.exe and RTSHookInterop.exe.

For some features, for example the window buttons, UltraMon loads a DLL into every application which gets the buttons. For 64-bit apps this is done by UltraMon.exe, for 32-bit apps by RTSHookInterop.exe. UltraMonTaskbar.exe only hooks into explorer.exe.

If you want to disable hooks for an application, you would need to disable window buttons, menu commands and dragging of maximized windows for the app via UltraMon Options > Compatibility.

Christian Studer - www.realtimesoft.com
Kasper   2010-02-15 04:13
Thank you for the explaination sir.

Best Regards
Kasper.
Forums -> UltraMon™ -> Kaspersky Suspicious activity

Post Reply