I'm having a difficult time believing this is installing itself after Kaspersky is gone. They have one of the cleaner uninstallers and though it does leave a very few registry entries, it does not leave anything executable behind. If they are able to actually pull this off maybe they should be banned for that reason alone.
I did reboot after uninstalling KIS. I also used kavremover after the uninstall.Did not do a registry search and clean. The uninstall of UltraAV and UltraVPN appeared to be clean.[FWIW there is at least one anecdotal report on the web of the Ultra programs auto-reinstalling after an "uninstall"] The same program that installs UltraAV will also auto-uninstall your Kaspersky programs. Here's an active reddit thread: https://www.reddit.com/r/antivirus/comments/1fkr0sf/kaspersky_deleted_itself_and_installed_ultraav/
NO!!!! Your account has nothing to do with this. It does not matter if you deleted your account or not. IN NO WAY should that allow them (as in, have the ability) to push out then install those programs without your permission. For one, your system alone should have blocked it UNLESS something was left behind and running, keeping that door open.
To be clear I wasn't accusing you of making it up. If you ran kavremover there should have been nothing left. I haven't ran KIS in a couple of years but in the past kavremover removed pretty much everything, even the registry entries, which by themselves are not executable and cannot do anything. If something slipped itself on your PC with no prompts it would have to be running at system level. An account alone shouldn't have that kind of access unless that account runs a service on your PC which would only be useful for doing things such as this. If this is going on I say good riddance to them, Even if the ban were to be lifted nobody would trust them again.
Regarding my active account, I was only thinking in terms of it's being part of the process of identifying who/to which PCs to send the UltraAV install program to. How they snuck it onto my PC is another issue.
Yeah. I understand that and that makes sense. Installing it without your permission is the big thing.
I figure that somewhere in the Kaspersky license or terms of service or whatever that Kaspersky users agreed to there is something that grants Kaspersky broad authority to install "stuff", so Kaspersky would say we already authorized the installation of the "Ultra Stuff" or something like that, e.g,. UltraAV is taking a free ride on Kaspersky's permissions, (or something like that.) Whatever, here's a KAV Forum Thread https://forum.kaspersky.com/topic/k...omatically-installs-and-cant-remove-it-50628/ KAV moderators and employees don't know what to say and are ducking the big questions and referring forum posters to UltraAV for answers. 00
And that's likely very true. But that typically means updates and definition files. And it still requires something to be running in the background for the process to happen. And to that point, once you uninstalled KIS and rebooted, nothing should have been left running in the background.
I totally agree. I was shocked, mystified, and angry last night when I discovered the hijacking of my PC. I have never before experienced anything like it. Particulalrly galling is that the program installed is for all practical purposes an unknown yet critical program. And I didn't appreciate being placed in a situation where I had two active AV programs running on my PC.
Again, not arguing with you, but the concern is how. Even if they argued that somehow technically they had your permission to do this it's not how Windows works. If they ran an installer and you got a UAC prompt (assuming you did not disable UAC) that would make sense and you somewhat did it to yourself or at least would have had some indication of it.. If you uninstalled KIS and this later slipped itself on without any indication of doing so then they were hiding something on your system that had system level access to do this. I would format c: and start over if this is the case. I'd call that malware.
According to a Kaspersky employee who spoke with Bleeping Computer: "...on 9/19, U.S. Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," https://www.bleepingcomputer.com/ne...f-installs-ultraav-antivirus-without-warning/ ..."Rob Joyce, the former director of cybersecurity at the National Security Agency, said in a post on X that,'Users were ‘migrated’ — software uninstalled and a totally different product was installed automagically,' adding that Kaspersky 'had total control of your machine." https://techcrunch.com/2024/09/23/s...rise-forced-update-to-new-antivirus-software/
I've uninstalled K+ from my machines, and I'm not in the US so not affected... yet, but this high strangeness would not be acceptable with me either.
Few years ago when I was testing Kaspersky, I noticed that after uninstall, Kaspersky's Upgrade Launcher task was still present after restart. After running that task manually (or letting it run by itself when scheduled) that task would delete itself and associated application. I even found a post I made back then about this happening (related to other problem): https://www.wilderssecurity.com/threads/kaspersky-latest-release.431632/page-17#post-3059060 Maybe that happened to you too? That task could still be there and instead of deleting itself it run installer for UltraAV.
Someone over at malwaretips.com did a review of UltraAV: https://malwaretips.com/threads/ultraav-antivirus-2024.133032/ . You definitely don't want to be using this as your AV solution.
To be fair any AV is running with kernel rights and has total control over your machine. That's why security issues with AV's can be really dangerous. The issue here is Kaspersky silently installing UltraAV for users.
I wonder what would be a better course of action? I guess Kaspersky could just uninstall and leave the computer with Windows Defender. Would users prefer that?
Send an email with the download link and then let the user choose. Do not install a 3rd party software without express permission, no matter how many warning you send first.
I sure would. Regardless - the better course action (Marcelo just beat me to it, but I will reiterate) would have been Kaspersky informing its users exactly what was happening and giving those users a choice. Choice A, uninstall Kaspersky, let Microsoft Defender automatically enable itself. Or Choice B, uninstall Kaspersky, install UltraAV.
Agreed, this would have been a better way to go. Kaspersky could have also given people an option to install and activate UltraAV on their own.
Agreed. My bad for not saying that as I typically prefer to install my security apps on a secondary drive under a folder of my choice. Users typically are only given that option when they are given the option to choose a custom install.
I agree with the others, I would rather be left with Microsoft Defender and then be allowed to make any other choice from that point. I had never heard of UltraAV before this and still know nothing of it.
PC Magazine just reviewed UltraAV: https://www.pcmag.com/reviews/ultraav . In a nutshell, PC Mag thought its malware protection was great. Major complaint is it lacks web filtering capability.
