WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    Thanks for your report, we will analyze this file soon and get it resolved once FP is confirmed.
     
  2. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    @WiseVector Can you elaborate what is the difference between "Trojan.Generic" or say "Trojan.Ransom.Generic" and "Heur. ML.PE"? I guess one is from machine learning and other one is a normal threat signature?
     
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    Yes, your guess is correct.
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    @lucd
    Please check whether this bat file is in the task scheduler or not. Only items in task scheduler can run every 10 minutes.
    Can you please send this file to virus@wisevector.com or tell me where can I download it? Judging from the content in the screenshots, WVSX should not flag the file as malicious.
     
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    763
    Location:
    Island of Woman
    most likely a firmware issue due to windows install of "intel system" and other stuff, I can see nothing in task scheduler
    It tagged this one (see link below), although 15 minutes after it was run, not immediately, probably by coping part of the batch I didn't close the loop properly and machine learning saw it is weird and stopped it (maybe)

    https://gist.github.com/robinlennox/f52e8f8291617469e833c64f8c27eac9
    @avman1995 I am sorry I told you to use chekcmal but they are not compatible with WVSX, you need to whitelist WVSX in checkmal if you plan on using it
     
    Last edited: May 11, 2021
  6. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
  7. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    Yes, we do plan to jion virustotal, but they said we had to wait a long time because there were so many other security software in the queue before us...
     
  8. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    We have tested. When running the bat file directly or as administrator, WVSX didn't flag it as malicious.
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    763
    Location:
    Island of Woman
    I am not surprised, I told it stopped by ML behavior checks when it saw this running over and over, in a loop (good to know it identifies such actions),

    ultimate-windows-tweaker-4-:This is still tagged as malware, when you disable WD, the software is not harmful, it is popular:
    https://www.thewindowsclub.com/ultimate-windows-tweaker-4-windows-10

    I stand correct about some of the security aspets of task scheduler, some task are important like
    CreateExplorerShellUnelevatedTask
     
    Last edited: May 13, 2021
  10. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    A bit late, but you're welcome and thank you.
     
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    Thanks for your info.;)
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    10,742
    Location:
    U.S.A. (South)
    Late to that same finding as was examining WVSX service noticed it that too. I disengaged Microsoft Defender long enough to run some solo tests and by golly WiseVector like a hungry ant eater instantly zeroed in and took care of business. The team of WVSX is really impressive to the performing of tasks and for any length of time the program is challenged as well. It was flooded by rapid succession bad actions and successfully returned positive results.

    It's in tandem on my Windows 10 20H2 along with Microsoft Defender and WVSX is light as can be while formidable.
    Also newly set the protected folders "set up" and got a rapid alert to PrivaZer ShellBags Analyzer deletions which was another EXCLUDE set.

    Thank You @WiseVector
     
  13. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    EASTER, thank you for the positive review! We’re so happy you loved your experience and can’t wait to have you comments for our next 3.0 beta when it comes out a few days later.
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,092
    Unexpected to see this one, but i think it was a FP. :( I excluded it.

    WiseVector_HitManPro_alert_01.JPG

    WiseVector_HitManPro_alert_02.JPG
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,092
    Oops... I just recovered from a hard reboot. Apparently, my laptop froze during the HMP scan, for whatever reason.

    P.S. I'll try running it again, later today. I am going back to sleep.
     
  16. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    Hi Tarnak,

    Sorry for the inconvenience, we have installed Hitman Pro Alert 3.8.13 build 901, but we can't find "hitmanpro37.sys" in the drivers directory, only a file named "hmpalert.sys" in there. So we
    can not reproduce the issue you encountered.

    Anyway, we have whitelisted the driver file. When a driver is identified as malicious by WVSX, it will be prevented from loading into the system, which can not lead to deadlock. So there may be other reasons for the frozen, you can do it again as you did before to see if the problem has been solved. Thanks.
     
  17. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,405
    In HitmanPro 3.8.23 build 318, the "hitmanpro37.sys" appears in the drivers directory during the HMP scan only.
     
  18. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,092
    Hi WiseVector,

    No problem. :) Just did a scan, and no more freeze.

    WiseVector_HitManPro_alert_03.JPG
     
  19. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    211
    With Mandatory ASLR enabled, antivirus cannot be installed.
     
  20. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
  21. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    542
    Location:
    China
    Hi solitarios,,

    We can reproduce this issue with ASLR enabled. The problem appears to be the version of the installer software used by WVSX, NSIS 2.x, which fails when have the Mandatory ASLR option turned on in Windows Exploit Protection settings. We will try to upgrade to the latest version of NSIS to solve this problem. For now, you can temporarily disable ASLR, and re-enable ASLR after the installation is complete. Thanks for your feedback.
     
  22. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    763
    Location:
    Island of Woman
    if I remember correctly HMPA is known to cause bsod, but have not used it in a year
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    10,742
    Location:
    U.S.A. (South)
    Looking forward to that when the development team rolls out the releases from the assembly line. Still amazed at how feather light this program is but most formidable when confronted. :thumb:
     
  24. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    StopX flagged the temp .exe for Simplewall update (33.4) today which I reported as FP
     
  25. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149
    I have had some issues with WiseVectorW recently. First, when I had WX and KTS enabled, my pc take at least 15 mn to reboot/shutdown (in fact after 15 mn I have chosen to shut down my PC the hard way, so not sure what could have happened if I had waited longer ). Then I tried to uninstall/reinstall it, but the uninstall process failed: I was able to close WX in the systemtray, but it was not sufficient. The uninstaller continued to ask me to close WX. In the task manager, I found no other WX occurrence, but I found one using Sysinternal Process Explorer. But the WX process displayed here was impossible kill.I finally managed to uninstall it in booting in safe mode. I will reinstall it later.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.