Gualano Marco
-
Posts
21 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Gualano Marco
-
-
Hi,
although after updating ess db, advanced memory cleaner cannot clean the infected os with the new named trojan too:
-
Hi,
I made an advanced memory test to see if it is efficient or not ..
I launcehed a trojan while all eset module are disabled, then I enabled these modules and found that advanced memory scanner cannot clean the trojan (a variant of ..), also startup scanner cannot do the job.
I updated the security program, and whereupon startup scanner now can clean the same trojan after it has a new name (after db has been updated):
So, why advanced memory and startup scanners could't clean the trojan before updating the database in spite of the two scanners had detected it?
-
150MB is a little high, but not abnormal.
Can you open and close a few SSL sights and make it go higher ?
-
I can't determine the file that is responsible of this issue , and it is perhaps lsass file because its posture is the second after firefox.exe in memory column:
This may be another lsass issue.
Disable SSL scan and reboot. Try again.
Post back please.
-
1. Windows 7 ultimate 32 bit
2. FF v.24
3. firefox.exe (250 kb)
4. ESS 7.0.302.26
1. What OS do you use?
2. Internet explorer or some other browser?
3. Name of the process using that high amount of ram, and how high exactly?
4. What version of ESET do you use?
Just to give ESET some more details
-
NOTE:
Scan SSL protocol is ON.
-
and that especially occurs when openning the browser.
-
Hello,
it's better for searching and browsing malware names that the type of malware is to be available in 'ESET signature database' page, for example:
Win32/Dorkbot.B
"This is the the available information of update info in the current update info page".
Win32/Dorkbot.B worm
"The preffered formula of that information".
-
Hi,
these are mini-bugs that I found in ESS v. 7.0.302.26, hoping that will be fixed ..
1- When the mouse pointer moves from eset desktop notification to taskbar directly, it stays opaque and doesn't return to transparent situation:
2- When scanning autoit files 'and perhaps NSIS archives', number of infected files is not compatible with number of cleaned files!:
3- In the previous example, we can see the abnormal multiple logged item for the same scanned object!
'This problem can be found in archived objects only'
4- Bug in browsing logged items although optimizing logged files!:
And another bug when browsing the logged items in 'detected threats' and 'computer scan' sections:
5- Idle scanning log stays 'in progress' in spite of it stopped by 'log on system for example':
6- Watch activity tool pretends that the graph view covers 10 minutes, but in fact it covers only less than 3 minutes:
7- Desktop notification disappears when the ess main window closes!:
8- There are several options in the program that are useless and perhaps they must be removed:
I- This option is useless in real-time file system protection because in spite of setting it to make the real-time file system protection module scan archives, this module can't scan the archives at all! 'you can try it ..'
II- Although activating these two options, they still useless because you can't scan operating memory and boot sectors from context menu scan:
III- This option is useless in the following modules 'because this option can't log all items scanned by these modules':
real-time file system protection
document protection
web protection
IV- These two options are useless in document protection module; because this module scans Microsoft Office documents only:
-
Is there any explanation from eset moderators?
-
Do you have this problem when opening the page in Internet Exporer?
I have this problem too only with FF v.24, and these sites opens normally with IE.
-
The difference between the number of scanned and cleaned objects is most likely that your Autoit malware also contains some clean files inside. Try enabling logging of all scanned files so that you also see clean files in the scan log. The fact that the results are displayed doubled or tripled in the case of archives has been noted as a bug.
Hi Marcos,
the autoit malware has three clean files an only one malicious file:
So, can you now explain why eset claims that it had cleaned two files?
-
Marcos, can u now reproduce the problem?
-
Hi,
sometimes 'and with some files', I found a discrepancy between 'infected objects' number and 'cleaned object' number at the end of cleaning that file:
I have uploaded the two files and PMed Marcos with their link to reproduce this problem.
-
Hi Marcos,
you can reproduce the problem by choosing 'Scan with ESET smart security' option, because 'scanning without cleaning' option does'nt reproduce it.
-
Hi,
this problem that I had posted here has resolved for non-packed files:
And packed files:
But the problem is still for the multiple files that are packed in the same packer:
-
Hi,
when I navigate items logged in detected threats menu, I can't complete the whole items. The uploaded video shows that the bug is found with detected threats items only: -
.. and how eset detects them?
-
Hi,
after disabling protection -by right click on tray icon-, enabling option make all modules enabled except anti-phishing protection module! 'It stays disabled'
-
Strange ThreatSene engine behavior!
in Malware Finding and Cleaning
Posted
Hi,
I have a malware file that eset engine detects it as virut virus, but when the engine deletes it, name of that virus changes to autorun worm!!
Can eset moderators interpret this?