Is it that old? It's from a few days old pack from VirusSign. AFAIK they include files that have been recently cought with their honeypots or whatever - or maybe they are files uploaded by users. In any case they should be files that are currently in the wild. Yes, the conres.dll was created while real-time protection was enabled, of course. Wouldn't make much sense to test stuff if it is disabled. Since it was written and scan-at-write or how that's called is enabled as well, it should have been detected and blocked from being created, but it's always there when I execute a Floxif file. I don't know if he file does anything malicious, but Virustotal shows like 50 hits or more, so I would expect it to be removed by WVSX.
Hi, Thanks for your feedback. 1. We try to minimize resources usage when performing a scan, so WVSX will not interfere with the user's other work by this way. In the future, we would like to add an option that " Scan faster with more CPU usage" and users can check it if they are willing to. 2. WVSX releases updates in every minute even second with streaming updates. Not just update after boot.
I'm pretty sure this sample can be detected by WVSX even two years ago. You can download WVSX installer through our website https://update2.wisevector.com/WiseVector_StopX.exe. The installer was built and signed in September. Please disconnect your VM from network before installing WVSX. Then scan "conres.dll" in your VM, thanks.
Did you upload it to VirusTotal to determine what the detection was there? If this is indeed a two year old sample, the detection rate should be high at VT. If the detection rate is low, then it can be assumed this is a new variant. Also VT will show by date when the sample was first uploaded to it.
I am having tons of False Positives with the latest PhyCharm Professional version; even without executing any code I have written. The operation of PyCharm itself is causing the false positives. I have been submitting them as false positives from within WiseVector StopX. I got a free license for PyCharm Professional through my University. There is also a free community version with less features. You may want to see if they will give you a license for the professional version for testing purposes. https://www.jetbrains.com/pycharm/ I'm using Windows 10 x64 Professional version 20H2, and I have Python version 3.9.1 installed. Below is information about the version and build of PyCharm I am using. Product: PyCharm Version: 2020.3 Build: 203.5981.165 Released: December 02, 2020
Hi, We have tested PyCharm 2020.3 with Virtualenv installed. When running python scripts in PyCharm it will inject a remote thread into Python.exe. This behavior is considered dangerous and will be blocked by WVSX's behavior detection. We have now fixed this issue, thanks for your feedback.
Thank you for looking into this so quickly! I use PyCharm for a Python course I am taking at my University.
Thank you for the recommendation! I will get it, but I will not have time to read it until after i'm finished with the course. It's been difficult getting everything done these last few semesters. I'm glad I only have two more to go!
Enjoy every second and absolutely absorb everything. Undergraduate education is a wonderful thing only appreciated fully after it is done.
I did a full scan & WV found 2 possible malware, which I immediately uploaded. WV marked both of these for Exclude. I wanted to change the action to "Quarantine" -- pending results of the upload -- but couldn't find a way to do it. How do I get WV to move these to Quarantine vice Exclude?
Hi, Now in this case, you can only move these two files out of Exclude manually, then rescan these two files and select Quarantine. Can you please send these files to virus@wisevector.com and you will get our reply after the analysis is completed. Thanks!
As noted in my Post #963, I uploaded these 2 files immediately as they were detected by WV. Do you want me to send them a second time? I understand how to manually move these files from exclude & will do so. However, I am concerned that WV detected these files as possible threats but automatically designated them as "Exclude" with NO action on my part. Why would WV detect these files as possible threats and then automatically designate them for exclusion with NO input by the user? Is this the way WV works or is there a problem with my copy of WV? Or... what?
If you send the two files to our mailbox, we will know which files were from you and tell you the reason why WVSX detected them as malicious when the analysis is completed. No, WVSX will not automatically designate the files for exclusion with no input by the user. Quarantine is the default action. Exclude is a button you can click. When clicking Exclude, there will be an alert "Are you sure you want to exclude this harmful file?"
Not necessary. I already sent you the files and a subsequent scan by WV did NOT label them as threats. Evidently they were FPs & WV has been adjusted accordingly. But that IS what WV did do. Perhaps my copy is messed up? I will download again & re-install.
If these files were marked for Exclude, WVSX will not alert them as malicious again. Please move them out from Exclude and rescan, then you will know the result.
Yes, I know to do that before rescanning. I had already moved them out of Exclude before I rescanned and before posting #967. I do appreciate your help, however.
Yeah, I know! The real-world work environment can be brutal! I worked in a Maximum Security Correctional facility for 12 years as a Corrections Officer, Cert Team Member, and Spanish Interpreter. I've also had various other jobs over the years. I went to school for Spanish years ago, but I did not finish my bachelor's. I believe I completed 92 hours, if i'm not mistaken. I decided to go back 3 1/2 years ago and work on a degree in CIT (Computer Information Technology), which is in the Department of Engineering. I have an AAS in CIT Information Security. I'm focusing on Database Administration, Networking, and Security for my bachelors. I should be done within a year. I provided a couple of links below in case you are curious about the program I am in. Here is a link to the program I am in. https://www.wku.edu/cit/ Here is a link that shows the type of classes I have been taking the last couple of years. https://www.wku.edu/cit/cit_brochure1c.pdf
Hello Everyone, WiseVector StopX V2.70 is here, What's new: 1. Added lightweight rollback to roll back changes caused by some destructive malware, such as ransomware. This feature has been designed to remain lightweight and users can hardly notice any performance degradation. 2. Redesigned the real-time file monitoring, it is more sensitive and faster than before. 3. Redesigned the Behavior Detection. Now the Behavior Detection can identify more unknown file infector viruses, being more capable of detecting advanced threats. 4. Improved Memory Protection to detect RAT trojan abuses legitimate processes to hide their malicious implants, such as Gh0st, Meterpreter and CobaltStrike. 5. Malware quarantine is now sorted by date. Quarantine reason is added. 6. The UI is not transparent now, so that the interface can be displayed more clearly. Some new skins are added. 7. Improved the ability to delete malicious files being locked. 8. Now users can select whether or not to automatically download and install program updates. The download link: https://update2.wisevector.com/WiseVector_StopX_V27.exe https://www.wisevector.com/WiseVector_StopX_V27.exe Please pick up the faster one. After a few days of testing, V2.67 can update to V2.70 automatically. Now you can perform an overwrite install or fresh install. Cheers & Best Regards, WiseVector
First link downloaded quickly for me. Installed over the top of previous version. You need to exit WV before the over the top install will run. Exclusions etc all kept. Nice skins!! Am busy running a scan. All seems good so far.