Jump to content

Tetranitrocubane

Members
  • Posts

    81
  • Joined

  • Last visited

About Tetranitrocubane

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thank you Marcos for confirming that it was a false positive! I very much appreciate it!
  2. It is, but that makes it currently inaccessible. Do you mean that I ought to restore the file? In the event that the file is truly malicious, won't that infect my system?
  3. Unfortunately (or fortunately?) the file was deleted by ESET and I cannot upload it to VT. I did submit the file for analysis via the quarantine tab, though. I've searched VirusTotal by the file hash listed in the log file, but this doesn't return any results. The file was updated at a date of about two days ago. It seems no one has submitted it to VT since.
  4. A bit of further investigation: Digging into the Steam DB entry for the latest Portal With RTX update reveals that Depot 2012842 (you need to advance to tab 2) DOES contain the file parsifal.dll, at an expected file size of 116.50 kb, which matches what my machine downloaded (According to the file being held in Quarantine). If nothing else, this seems to indicate that the file was delivered intentionally as a part of this update, and not the result of a trojan or infected component of Steam. I'm still uncertain as to the legitimacy of this file, but malware or no, Steam pushed this file as designed.
  5. I awoke this morning and launched the Steam client on my PC, and began auto-downloading a number of patches, as the software is designed to do. In the midst of the download, ESET popped up to alert me of a malware detection originating from Steam.exe. The details are as follows: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 3/16/2024 6:31:54 AM;Real-time file system protection;file;D:\Steam\steamapps\downloading\2012840\bin\parsifal.dll;ML/Augur potentially unwanted application;cleaned by deleting;[COMPUTER NAME REDACTED];Event occurred on a new file created by the application: D:\Steam\steam.exe (558403043F0288ABA3D9A43E9DFA7E109BC0B31A).;F68ECA3E557C9D55DC254054822225016429A4A3;3/16/2024 6:31:19 AM I responded by cleaning via deletion, and copied the file to Quarantine. I also submitted the file to ESET via the quarantine tab. A cursory search of the Steam ID associated with this file (2012840) reveals that this was downloaded as an update to "Portal With RTX". Further investigation of the Steam Download panel lists that the "Portal With RTX" game is showing "Missing Downloaded Files" as an error during the download, indicating that this file (parsifal.dll) was expected, and is now regarded as missing. As Steam.exe is scanning clean, and is fully clear via VirusTotal, I don't believe Steam.exe has been infected, and it looks as if this file was an expected one. Is this a legitimate detection, and if so, does this indicate a compromise of my system? Or is this a false positive? Thanks in advance for any help.
  6. Thanks much, Marcos. I appreciate your help and reassurance. I've updated the program and deleted the old one, so hopefully the vulnerability is eliminated. Out of curiosity, a cursory search of the forums after my post reveals that this has been an issue that others have encountered months ago - For some reason I only had this happen to me today, despite keeping ESET up to date for the last few years. I also launch Process Explorer with Admin privileges first thing on every boot. Is there a reason why this detection would occur so late for me? I haven't changed any options in ESET recently. I'm concerned that something else might be compromising ESETs effectiveness.
  7. So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable. Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised?
  8. I've run Process Explorer every single day for the last several years. It's the first program I launch on startup - ESET has never had an issue with it. Today it detected Process Explorer as malware for some startling reason. It's flagging a file "PROCEXP152.SYS", which I do not seen at location it specifies. I had to select "Clean" or "Ignore" so I selected "Clean" with the option to copy to quarantine selected - No file showed up in quarantine. It also specifies that this file was being accessed by Procexp64.exe - A file I purposefully launched. VT scan of Procexp64.exe turns it up clean. Can anyone help determine if this is a legitimate threat, or a false positive?
  9. Also observing this myself. I had it happen last night, and once again tonight.
  10. New unpackers do sound like they could be responsible here. One particular file, or kind of file, that I notice taking a LONG time are the self-extracting NVIDIA driver executables. Right now an old copy of the drivers I had downloaded, 471.68 For Win10, are taking an exceptionally long time to scan.
  11. Previously, I would perform a Full System scan and it would be completed in 4 or so hours. I have four different drives that get scanned in the process, three of which are SSDs, one of which is a traditional spinning HDD. The number of items scanned is roughly 9,100,000. Currently I have engaged a full system scan and even after 5 h, it is still scanning only the boot drive. Only 2,600,000 items have been scanned in this time. This represents a drastic reduction in performance and an incredible increase in scan time. I have not altered my settings in the least. The only thing I can think that has changed between these scans is upgrading to 16.2.13.0. What's going on here? Is this an indication of something nefarious having gotten into my system and chewing up the resources? Or did the update make ESET incredibly slow?
  12. Thank you for the prompt reply. I do indeed have the pre-release update channel selected, though I was unaware before you pointed it out, and I'm not sure why. This does explain things, though! Thank you very much.
  13. The knowledge base also indicates that 16.1.14.0 is the latest version. Has the ESET update delivery protocol been hijacked? Is this update legitimate, or suspicious?
  14. ESET Antivirus on Win10 recently pinged me to install version 16.2.11.0 - I do not see an announcement for that version release on this forum, nor do I see version 16.2.11.0 in the changelog on the manual download page. Is this in fact a legitimate download? It seems strange to me that an update of this nature would be pushed on a US Federal Holiday.
  15. For anyone else in the future who might have this issue and comes across this post: After doing some poking around myself, I actually got to the bottom of this this morning. This issue was cause by having the "Removable Media Access" option checked under "Scan on" in the "Files system protection" settings. After turning this off and rebooting, the system returned to normal operations. From what I could gather, having this option selected meant that at boot, the entirety of my external Time Machine drive was being scanned silently. When Time machine then attempted to launch a backup at the same time, the combination of these simultaneous scans and backups ground the system to a halt. Checking my backup logs, none of my iterative backups had completed since I upgraded to 7.3.3700.0, which is when I selected this option "on", foolishly assuming it'd target USB thumbdrives and the like - That's on me. I ought to have recalled that external USB backup drives count as removable media. Since turning this option off, the system is under less strain, scand is not out of control, and my backups are completing.
×
×
  • Create New...