[Submission of Malware Samples for Analysis]

5 hours ago, Hardq said:

Furthermore, this requires analysis in a virtual machine, both static and dynamic analysis, and deobfuscation of the code. Otherwise, how are they going to identify the threat, given that several days have already passed and it seems that the sample sent to your email was not processed. 

Wow, and how much are you going to pay for such service ?

[ESET can't detect threats from archives]

7 hours ago, Kristal said:

user can run .exe malware file without unarchiving and infect a system

Could you please elaborate what do you mean by that ?

[Submit samples with Gmail]

If gmail doesn't work for you.. just use different email provider (what about outlook.com ?)

[Virus Dexon Agent.exe no detectado por el antivirus ESET Endpoint (Dexon Agent.exe virus not detected by ESET)]

VT says 1fa45104b40630d08b83513cd2424ab72d79b0e1 was signed by Dexon Software.
Additionally this file contains timestamp countersignature which proofs it is not "recent"

 

Date signed
11:53 PM 11/30/2005

 

[CompatTelRunner.exe]

This file is genuine Windows file. It is signed by Microsoft and seen on many computers in the world (hxxp://whitelisting.kaspersky.com/advisor#search/8a511a096bb626405f760d432abbfae6a0870c8c)

You can't blindly believe online services showing you some indicators.. If they were so good, there would be no space in the market for proper AVs

[Free FileSysnc false positives]

Is there a version of the FreeFileSync installer without advertisements?

[ZoneAlarm update recognized as threat]

It seems that ESET is the only top vendor protecting his customers from very beginning:

https://virustotal.com/pl/file/bc24c76f1f5ed878104eb9e747715c4117f6dc9fcdab8b30cd5a5780f99dedad/analysis/1462200411/

 

Yes, the detection is correct and was confirmed by ESET viruslab

ZoneAlarm server was not hacked, PUA file is signed by Check Point Software Technologies Ltd

[? Detect word macro virus]

Obviously NOD32 is able to detect macro viruses

[pop-up, unknown, shows "sugr.swf", https //sdk,vindicosuite.com]

Maybe it will give you some hint: hxxp://languagelog.ldc.upenn.edu/nll/?p=16345

[Is ESET detecting cracks for games as viruses?]

OK, I probably misunderstood you:

In some cases, where the "crackers" don't have access to an unprotected file

When I read it first time I believed you think it is possible to make reversing w/o access to the code, but it seems that you were talking about proper unpacking

 

PS. submit incorrectly detected file to the ESET viruslab

[Is ESET detecting cracks for games as viruses?]

Some of User's statements are incorrect but in general he is right and  it is expected to see cracks/keygens/patchers detected by ESET as unsafe applications.

If something is detected as a trojan or virus, is probably NOT a crack/keygen but malware/virus

[About Newly Malware List]

"The road to hell is paved with good intentions"

 

Windows executable files have complicated format. If file does not follow this format (ie. was truncated, some parts overwritten) it can't run and is corrupted.

Adding detection for corrupted files is useless. It causes increase of virus db without any gain. Bigger virus db means bigger RAM consumption, longer update, slower scanning.

[Fey Extractor False Positive]

If ESET says something is bad, it is. Deal with it

 

"You also understand that feytools.com cannot and does not guarantee or warrant that files available for downloading through the Site will be free of infection or viruses, worms, Trojan horses or other code that manifest contaminating or destructive properties"

hxxp://www.feytools.com/feytools-web-site-agreement/

[Trojan Detection?]

My observation - when you send really malicious file your submission is resolved quickly, when you send not malicious/corrupted/useless file - it gets low priority and you often get no answer.

[Eset Users]

hxxp://www.opswat.com/about/media/reports/antivirus-january-2014

[The Cabinet file 'core.cab' required for this installation is corrupt]

What is the URL and hash of file(s) you downloaded ?

[ESET and Malwarebytes Comparison]

I think big difference is detection and cleaning of viruses. Only more advanced products can deal with polymorphic file infectors.

ESET can do it, MB - can't.

[Should Eset have a integrated image backup function]

Partnering with external company means advocating their solution and being blamed for partner mistakes.

I don't think ESET should do that in times of surveillance.

 

Arakasi - "Backup and Restore was deprecated in the most recent versions of Windows" (hxxp://en.wikipedia.org/wiki/Backup_and_Restore)

[False Positive for Tube Dimmer]

Same post on Emsisoft forum..

"We are not bad or malicious".. just useless

[False Positive of MVPS hosts file]

VirusTotal detection for this file:

https://www.virustotal.com/pl/file/8ccad1aa7fc94df8a9fb63a9f8c6f0d08a0bd0c80ed1e64d03eb358e4038cbd7/analysis/

 

Not detected.

[another false positive - winrar sfx]

You try to silently run .vbs from self-extract RAR.. It is suspicious.

If you want to use it yourself just add it to exceptions, if you are going to make public - just don't do it, it will be flagged by more AVs I guess.

[another false positive - winrar sfx]

This is the second time you tell about FP doing something suspicious. Maybe there is some problem with you, not with ESET..

[Trojan found in memory scan and .net framework.]

You can check your RegSvcs.exe with VirusTotal but this is unlikely malicious.

Log form SysInspector and/or Sysinternals Autoruns could tell more.

[ESET still detectink Ask! toolbar]

How many users actively search for Ask! toolbar because they know it's cool software and want to have it on their own computer?

I think most of people searching internet for Ask toolbar want to find a way to get rid of it.

[ESET Nod32 fail when detect award keylogger?]

AwardKeylogger is detected as a potentially unsafe application.

Please check your settings - hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3204