In response to the recent NERC Alert, GridSME compiled a tool that functions as a relatively quick way of identifying if Kaspersky software is on a system or verifying that Kaspersky is no longer installed after using their product removal tools. The tool recursively hashes the contents of the directory you tell it to, and compares each file hash to the NIST NSRL database of known Kaspersky file hashes , which is included in the zip archive available for download below. It can also be used “offline” by using a txt hash input list that is then compared to the NSRL database.
DISCLAIMER: By downloading this tool, user agrees and accepts that GridSME grants no express or implied warranty or guarantee of any kind, including, but not limited to, warranty of quality, merchantability, or fitness for a particular use or purpose. GridSME makes no representations as to the effectiveness of the tool. GridSME is not liable for any damage this tool may cause to your systems. While GridSME tested and verified the usage of this tool on its own systems, scanned with anti-virus tools, and provided integrity verification methods, GridSME strongly recommends that users take the appropriate precautions before introducing into any critical or production environment to ensure both security and compliance requirements are upheld.
If you have any questions about the NERC Alert, mitigation strategies, or need help using the tool, don’t hesitate to reach out to firstname.lastname@example.org