Mr.Wong
-
Posts
30 -
Joined
-
Last visited
Posts posted by Mr.Wong
-
-
Download site for the app gui version: hxxps://deemix.app/gui/
Note: replace the xx with tt for https not hxxps.
homepage: hxxps://deemix.app/
Note: replace the xx with tt for https not hxxpsI ran this on my desktop with shadow defender on and I don't see any suspicious activity at all from basic analyzing like looking through task manager and control panel for any unknown program drop. From virustotal.com, it looks clean. Can anyone run this and do further analyzing if this file is safe?
Quotedeemix (lowercase) is a barebone deezer downloader library built from the ashes of Deezloader Remix.
-
18 minutes ago, itman said:
What do you mean by suspicious files? Did Eset detect these files as suspicious on attempted file download?
ESET did not but it is suspicious to me because I have never use and heard of it. I got these from reddit folks suggested to me for my question so yeah.
19 minutes ago, itman said:Note that only Eset moderators can view forum attachment files.
ESET mod and admin can't view files I attached?
-
-
Hello,
Are these two files safe? I need 2 opinions from professional view.
Suspicious 1 file site: https://github.com/yaronzz/Tidal-Media-Downloader-PRO
Suspicious 2 file site: https://www.audfree.com/
-
11 hours ago, Marcos said:
With default setting HIPS would not ask you about any action. I assume that you use HIPS smart mode, do you? In such case you should know how to respond. If not, you should use default (automatic) mode without any custom ask rules.
In this case since you've run a legitimate application you should allow the action and create a rule.
oh man, how do you know I use hips in smart mode? And yes I use HIPS in smart mode. I don't remember this popup in the old version 1.83 build 20 Windscribe. First time seeing this and it target host file so kinda make me nervous and scared a little bit like why does it need to target my pc Windows host file????
5 hours ago, Nightowl said:It seems that Windscribe are making changes in the folder that is in Target: , ESET doesn't like it when something touch the hosts folder/file
But as Macros said looks like a legitmate action by Windscribe
But make sure it's obtained from official website.
oh okay. I got it from official site here: https://windscribe.com/
I don't remember this notification or similar when I use Windscribe v1.83 Build 20. Kinda nervous and scared when I see this notification from Windscribe needs to write to my pc host file.
47 minutes ago, itman said:I would say responding properly to this Eset alert depends on where you downloaded Windscribe from: https://www.lowyat.net/2020/222527/backdoor-windscribe-vpn-installer/
I got it from official site here: https://windscribe.com/
And wow that is very scary. Thanks for that article you linked.
-
Should I allow this from Windscribe vpn v2.02 build 10? I can't use vpn unless I am allow it.
-
ESET Nod32 v14.0.22.0 compatible with Windows 10 Version 20H2? Wroking good? Where to find ESET article for it?
-
https://www.virustotal.com/gui/file/1d7f6ba0296d7f0682376dd4de02475b233cf52228f6fa578d115c6d95265b53/detection
-
1 hour ago, Rami said:
Lightshot installer has somekind of a toolbar that I never encountered , so you get a false positive only on the installer not on the application itself.
Weird. I never see any toolbar or bundle in the app. Is it try to stealth install them junks?
1 hour ago, Marcos said:It's not a false positive:
setup-lightshot.exe\INNO\{tmp}\downloader.exe Win32/Bundled.Toolbar.Yandex potentially unsafe application
Other files in the installer also show that there's a Yandex toolbar bundled:
elements-eula-tr.rtf
yandex_browser_setup_ru.bmp
downloader.exe
browser-page-ru.rtf
yandex_logo_en.bmp
elements-eula-ru.rtf
browser-elements-eula-tr.rtf
browser-page-tr.rtf
setupupdater.exe
yandex_logo_ru.bmp
browser-elements-eula-ru.rtf
browser-eula-tr.rtf
browser-eula-ru.rtf
yandex_browser_setup_tr.bmpPUsA detection is optional and is disabled by default. If one needs to use a particular application detected as PUsA, he or she should exclude it from detection by the detection name.
As for the CPU-Z driver, it's not detected at VT because VT doesn't use real-time protection but on-demand scanners to scan files. In this particular case it makes a difference.
May I ask where you find those files you listed? I am curious though because I used this tool in the past for more than a year and just reinstalled it on my secondary machine with ESET as well and got flagged too, but I don't see any toolbar or bundle in the installer app. Is it try to stealth install them junks?
-
7 hours ago, Marcos said:
The detection is correct, the said drivers are detected as a potentially unsafe application which is an optional detection and is disabled by default. CPU-Z had vulnerable drivers.
But VT on that CPU-Z file is clean, and even ESET confirmed clean on VT.
What about the lightshot app from the web url detection? Is it a false positive?
-
Hello. I think these two detections are false positives.
1) the file attached below and VT here: https://www.virustotal.com/gui/file/53fc9866b51dfbc0516436a1d6cc0789749f83fcd8ae84d6205595e7e20e1370/detection
It is file associate with CPU-Z app.
New Compressed (zipped) Folder.zip
2) The second is lightshot that I used in the past, and it is safe so why flagged as a threat now? I can't install lightshot app. Site VT here: https://app.prntscr.com/en/index.html
-
On 7/2/2019 at 2:24 PM, Marcos said:
JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.
So the second picture detection is correct, and what about the first picture detection? Is it a false positive?
-
On 6/30/2019 at 6:54 PM, itman said:
Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.
Eset's protection alone is adequate to protect you against web site Javascript malware.
Should I enable these two video players on the site or no?
-
14 hours ago, Rami said:
Did you try using an adblocker?
11 hours ago, SeriousHoax said:Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.
I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.
-
hxxps://animedao.com/
Click on one of the anime series, and I get two false positives detection for video players implemented on the site.
-
Please fix this false positive detection.
-
Website: https://gogoanimes.co/
In the past, ESET says is clean, but now ESET detect something on the site as a threat, and media cannot play any video at all?
-
On 10/17/2018 at 12:56 PM, Marcos said:
I don't see anything unusual in the log with access denied for files accessed by ekrn. All are typical files that are exclusively used by the OS and therefore are locked:
Oh okay.
-
21 hours ago, Marcos said:
Have the scanner scan only one specific folder with more files that could not be scanned. This way you'll reduce the size of the Procmon log.
Anything with the log?
-
5 minutes ago, Marcos said:
Have the scanner scan only one specific folder with more files that could not be scanned. This way you'll reduce the size of the Procmon log.
Send you mediafire download link.
-
8 hours ago, Marcos said:
A Procmon log created during a scan might shed more light. Start logging at least a couple of seconds before you run a scan.
I got the log and I let it log while running a scan, and stop it when the scan it finished. I will send you my log via PM. However, I can't send it to you because it is over 100MB. The log file size is 1.85GB.
-
6 hours ago, Marcos said:
A Procmon log created during a scan might shed more light. Start logging at least a couple of seconds before you run a scan.
How to do that?
1 hour ago, itman said:Do they?
I believe a number of AV vendors do not display files in their log file's they cannot scan due to OS file locking. This would give one the impression that the files Eset shows as non-scannable were indeed scanned. Personally, I don't know why Eset does not do likewise since this issue keeps appearing in the forum with regular frequency.
They scanned fine.
1 hour ago, Rami said:I think it's better in terms of monitoring the scan , what was scanned and what was not , whether it was locked or something else, maybe adding a feature to hide them from the scanlog by default might help.
Yeah....
-
50 minutes ago, itman said:
The simple answer to this scanning issue is certain files; OS based, certain Microsoft applications, etc.. are preventing read access to those files. The only way Eset could scan these files is if it changed file access permissions so it could access those files. This is something Eset and no other security vendor for that matter is going to do. Nor is it something they should do since the possibility of a "bork" in doing so is high not to say the impact on overall scanning times which would be considerable.
2 hours ago, Marcos said:If ESET cannot scan certain files, then any possible malware would not be able to modify them either,
I can't tell if my system is safe or not if I see more than 100 files that ESET skipped because it can't be open than there is something wrong with it. Kaspersky and Bitdefender scan them fine with no problem.
-
1 hour ago, TomFace said:
There is nothing to fix. Read the KB Marcos posted.
So ESET only scan like 95% of my drive and the rest 5% don't know if it safe or not? What?
Is this file safe?
in Malware Finding and Cleaning
Posted
I read the old subreddit that multiple users with their antivirus flagged and detected this application as a threat.
oh okay so it is safe to run and use this app right?