Multiple files starting with MpKsl keep trying to run at startup - part of MSE?

This just started this morning.

I'm using W7 running MSE as well as online armor. This morning online armor alerts me that it has blocked a file named "MpKsl49705033.sys", described as KSLDriver 1.1.1010.0. I searched for a reference to that file name online and couldn't find anything, so I let it stay blocked. I then ran a full scan with MSE and it found nothing. Finally, I did a search for the file name and it found nothing.

I then shut down and rebooted. Again online armor detected similar file, this time named MpKslc7677c07.sys. Same as before - blocked it, found nothing in search.

I downloaded hijack this to see if I could catch it on startup. It didn't find it, but this time a program named MpKslc2f08d1b.sys tried to start.

Fourth time I receive a 'A Program wants to run' alert from online armor - this time saying 'MpKslad32ce2e6.sys'. This alert did include program location - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{various letters and numbers}\MpKslad32ce2e6.sys

However, when I go there, the file does not appear in the folder.

Are any or all of these programs legitimate? Why would today be the first day they show up after using this program for well over a year?

 

Answer
Answer

The MpKsl... file is a "service" which changes with each definition update.  This is something new which started with the engine update (1.97.xxx.0) last week.  With each update from now on, the old MpKsl... service is deleted and a new MpKsl... service is started.

This probably is done to defeat new forms of malware.  My current file is located here:

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5946A27-1913-47D3-B5CF-C4EEE4C366AB}\MpKsl8497ee63.sys

I am running XPH SP3.

If you still want to run Online Armor, I suggest you post this in their forums.

HTH, Trader2100


Trader2100

9 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Answer
Answer

There is really no benefit to running MSE and online Armor together. Uninstalling Online Armor should resolve the problem.

Jim


Microsoft MVP Consumer Security - Forum Moderator - Live One Care - Live Mesh - Microsoft Security Essentials

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated May 14, 2020 Views 36,000 Applies to: