False Positive - dll windows??

Hello

1 - scanning

2 - after reboot pc


any ideas?



Most regards,

NF

 

Hello, this isn't FP 100%.

 

A virus for sure

 

v3 - not detect

v4 - detect



Each time you restart the pc it says is the lack of file ... if it were a virus was the same?

 

Maybe V4 has better malware detection, i have some files that are detected in V3 but not in V2

 

This should be checked . Are you sure ? Nowhere have I read that detection was improved in this regards

because the file is gone but the reg key is not (most likely)

 

Could you send them to me (please load them somewhere and PM me links) . I am very interested because all I have seen was detected by both versions - just curious . Thanks!

 

Win32/Adware.Virtumonde produces amount of DLLs in system folders and every file hasn't to be detected, too. When you remove only file without his Registry values, OS calls this DLL at startup everytime. I recommend you check this in ESET SysInspector.

 

Of course, as soon as PM's are available again

 

v3 data base virus setup installation

v4 data base virus setup installation


not update internet connection


you can see for myself if the virus was present in v3 database?




Regards,
NF

 

I got it . thanks!

 

As far as I'm concerned, exchanging malware samples is not allowed at Wilders, but correct me if I'm wrong. Could you please send a log from SysInspector to samples[at]eset.com with this thread's url in the subject?

 

I just noticed from your screenshot that the program is not up-to-date but with old signatures . Do you mean that you were running v3 with definitions out of date - the one that came integrated in the installer ? If so , it is normal because the v4 installer does have newer signature version than the one from the v3 installer of 3.0.672

 

He didn't post them for the public , just sent them for me in-private. This way nobone can get infected .

 

It is not malware, its a keygen, and i'm sure it didnt do anything at all, but the strange thing, is that is detected in V3 as a variant of Win32/Agent Trojan, but V2 do not detect it with all options enabed

 

Ah, BTW Marcos, i think u should show more interesting in answering things very important like this https://www.wilderssecurity.com/showthread.php?t=225634

And no worrying about such trivial stuff.

 

yes friend, signatures database setup, no updates internet connection



Most Regards,
NF

 

Hello,

Please submit the file in a password-protected archive to samples@eset.sk with a link to this message thread.

Regards,

Aryeh Goretsky

 

It's not a trivial stuff at all, maybe it seems so to you, but it's not. I cannot answer the other question right now. Please send the ESI log as requested to samples[at]eset.com with this thread's url in the subject. The file is 100% Virtumonde, but I'd like to check the log to see where it's registered and what application could have dropped it.

 

Send tomorrow Marcos



Thank you

 

By the way , you should submit the keygen file as false positive because it really isn't malware (IMO) .

 

I for one think that keygens are not desired stuff in corporate environment. Should we really spend precious time removing detection for keyloggers instead of dealing with malware?

 

If it is not malware, u should.

 

I agree .

Do you have this file ? You detect it as a variant of Trojan Agent . Is it trojan actually ? I doubt . "It's a keygen so let's detect it even though it is not a malware" - I didn't expect to hear such thing from you.

 

I think if you want to you use a keygen, just exclude it