They are just bait files for ransomware that it installed in folders. And like most all software and AV it will leave files behind. Simply use Hibit Uninstaller to uninstall the program with and it will clean out all leftovers completely! http://www.hibitsoft.ir/Uninstaller.html
Something they will need to improve on. We shall see. Slow scanning apps of any sort is a NO-GO for me being a lightning performance fan of security programmes as I been all along.
I gave HiBit a go and it did remove those files/folders that the Windows/WV uninstallers couldn't/didn't!
In regards to these bait files. Are they created in C:\Windows and its sub-directories? That would be disturbing.
Bait folders aren't difficult to spot, I manually deleted some after uninstalling AppCheck. No big deal. I found them in my Documents, one in my Downloads, etc to my recollections. So it would be interesting if someone could report if any bait was set in places other than User space by WiseVector. Right. With upgraded hardware on here, a scan of any kind taking longer than 25-30 sec. is poorly tolerated. Guess I'll lurk around a while longer.
Yikes! You guys are tough! Regarding the bait files, these will be placed in 2 Honeypot Directories that will be created in the root of each partition on your system (C:\, D:\, etc) as well as 2 in the Documents folder. Also in the WiseVector Directory there will be a Bait directory with the files included. Note that one can get rid of the Honeypot directories (but the reason why one would want this escapes me) as they all just contain the message: "This directory is for Ransomware detection. Please leave it here (WiseVector StopX)" in multiple languages. However a person can get rid of them all (except the Bait sub-directory in Program Files\WiseVector) by going into Settings/Advanced, and under Anti-Ransomware settings/Enable Deception Based Ransomware detection, click setup and check all of the honeypot directories you see there and choose Delete- and poof- they are gone! One must then manually delete the Bait sub-directory in the main app directory to get all clean. Also, on my test systems a regular uninstall and reboot deletes them all without any further user intervention- so there is no need to follow the above if you are just uninstalling the app.
As I previously reported, a regular uninstall did not remove those 'bait files/folders on my SSD, but then again they survived the uninstall before rebooting. As I ran my test with my entire drive virtualized by SD, a restart would have brought me back to a clean state regardless of any installs/uninstalls. However, as I subsequently reported, the HiBit Uninstaller did remove all of those files/folders (even before performing a restart)!
Yes, it's a slow scanner. That's why I use it primarily as a real-time "patrolling scanner," alongside of VoodooShield. However, it's pretty fast when it comes to doing right-click context scans of single files. For my full system scans I use Kaspersky Virus Removal Tool (as suggested by @cruelsister ) & Hitman Pro. As to WV's stuff in my various files -- WV uses "roach trap" files to detect those ransomeware vermin. Thus, it puts roach traps into my various file folders. Use of roach traps by WV is an option for the user to select or NOT select. The roach trap option is located at: Advanced Detection Settings > Anti-Ransomware Settings > Enable deception based ransomeware detection The roach trap option is the check box alongside of "Enable deception based ransomeware detection" --- either put a check in that box, or not. Me, I checked that box --- but each to her or his own tastes, as the lady said when she kissed the frog. Ribbit
WiseVector doing a lot of I/O reads and writes. More than double the amount of Kaspersky. Is all of this going to wear out my SSD.
That time element scan duration is completely acceptable for me. Up to perhaps 15 maybe, give or take. It's the results someone(s) posted of it going to hour(s) or therewith that would be the rub. I'm about to run it myself in a few days on another laptop of 8.1 (O/S of choice) and then I can offer some own results per scanning part. As per bait files. I was one of the dedicated beta testers for Heidef's Ransomoff and i'm as confident as the sun rising bait files are of no real "personal" risk and remember please we are dealing with WINDOWS, and I have had files in the past literally stick like glue after Uninstall of various apps that was a agitation but I use a PE Disc to parallel entry WINDOWS (even Linux works fine) to 100% totally pull those stubborn type wisdom teeth files out of a partition should it need be done. I favor those bait files since they are a attraction (given their extensions) in the event a ransomware encrypt begins to search them out to bug them up and a system.
Bait files are pretty much a standard technique for anti-ransomware: MalwareBytes AR, AppCheck, HD RansomOff (I was also a beta tester), and many others. Nothing new there.
Per @bjm_ above posted screen shot, it appears the bait files are named the same regardless of the directory they are dropped in. As such, would be trivial for an attacker to bypass them. More so if the same bait file names are used for every WiseVector installation.
In using Honeypot files to detect an encryption process, it is the extension and not the content that matters.
As far as WV registering in Windows Security Center, this comment: https://malwaretips.com/threads/wisevector-free-ai-driven-security.87965/post-892428 In other words, it has to be certified. Also noted at malwaretips.com is this software will be going the paid shareware route in the very near future.
This software seems to be getting a lot of attention, so I thought I would give it a go. But, not sure what to make of this preceding screenshoot:
On your attached screenshot, the part in color is the ONLY screen I see during a scan by WV. The additional ghosted icons shown on your screenshot are not usually seen during any of WV's scans. Perhaps they are a peculiarity within your computer. More likely, they showed through from your computer's desktop because of WV's relatively transparent GUI. Hmmm... reference your screenshot of an alert that blocked WV's access to a certain file. Please note that this alert tells you, "You can allow apps to access your protected folders, but you should only allow apps that you trust." If you do not trust WV, why run it? It is usual for antivirus scanners to have liberty to scan the files on your computer. If you don't want certain files scanned then don't give an AV carte blanche to scan your computer. If you want certain files NOT to be scanned, then simply configure WV to exclude them..... Advanced Settings > Advanced Detection Settings > Exclusions With respect to the specific file shown in your screenshot {%userprofile%\Documents\3457oQrM8}, if you would read through this thread you would find the answer to your questions already answered. Note especially the post by @cruelsister at HERE. If you wish no roach trapping to have access to your files, then simply delete the traps listed at... Advanced Settings > Anti-Ransomware Settings > Enable deception-based detection > Set up Re "scan still running" -- You have also reported slow actions in another thread -- Here Here Here Here & Here. Perhaps the slowness issue is at least partly endemic to your computer. Several others have found that WV's scans take approximately 12 minutes, and the developer has been made aware of this fact. As to your statement that you know about the files that WV has detected as malware, are you saying that WV has made false positives? If not, surely it is to be expected that WV will detect such files if it is doing its job.
Any chance someone who is a member @ malwaretips.com could get / ask the developer to get involved here too?
