Tino

Hi, sorry for my late Reply and thank you for your efforts. I had done that already. To keep an overview, here's the full story: On January 1st I performed an in-depth scan of my entire computer. Then, to my surprise, A power manager.apk Was detected as a virus and hence a power manager.exe deleted. Testing ESET Scan behavior round #1, 1st. January: Right away, I did what you suggested now and downloaded a power manager.exe from the original source website again. Performing two scans with routine 18636 resulted in the above logs: Testing ESET Scan behavior round #2: When I started this thread on 15 January I again performed the scan that should have detected the file as a virus. It did not. I assume that is because the file was a false positive and ESET Has fixed this (new detection routine). That is why when you downloaded the file performed the two Scans, You could not replicate the behavior. If ESET behaved this way, it would be highly problematic I believe. A virus should always be detected whether I Did remove it before or not. And actually it was different: In " Testing ESET Scan behavior round #1" I first scanned the .exe file, no virus was detected, and then I scanned the download folder, and the virus was detected and removed. So to summarize: 1.) The file seems to be nonmalicious. 2.) It seems to me that a file that was believed by ESET to be a virus Was only detected at that time when scanning in a particular way (Folder scan, not the individual file). Which I still find rather troubling.

Hybrid Analysis results: whitelisted. but there were some malicious indicators. https://www.hybrid-analysis.com/sample/0ef232e127e0fbafb13db290e64cefb4025812ab307deaec69437fd480d1ab70 But this was not the file I used to actually install the program, that exact one was deleted by ESET back when I first found out about the apparent virus. I guess the one I submitted now is the same one though... Sorry but I still don't quite get what you said. First, you're talking about an "original archive". I believe that I did not even download an archive (i.e. zip file, correct?) but rather downloaded the exe file directly. Second, I'm not sure where apower-manager.apk comes from. Is it included in the exe? Third, you said that it appears that the (extracted) executable was clean, so it was not detected. My problem is: There was something detected (the .apk) when scanning the overarching Downloads-folder, which resulted in the deletion of the executable. So how come there is nothing wrong with the executable?

Only folder scanned: Only specific file scanned:

@itman: No, the folder was a regular one. The "Downloads" folder. I could post both logs if you want. @ Marcos: done, nothing was detected. I zipped the file to upload it.Here you go: possible false positive_apower-manager.zip

Hi, I recently posted this thread: And now I have a similar problem: I regularly scan individual downloaded files, and one specific file was not detected as a virus, but scanning the folder ESET detects it as a trojan. The thread above was resolved - because it was about running a in depth scan or not. But here scanning a .exe directly showed no virus, while scanning a folder (right click -> scan) did. I mailed ESET samples, but got no respones. I guess it was a false positive, now scanning the folder (new detection routine I guess) also yields no virus... but still. 1.) i'm still not sure whether it was a FP and 2) how come this scan behavior is so weird`?

Got it Rami! Thank you.

Rami, Marcos, makes total sense. Is it possible to schedule a custom-scan? I can only select "on-demand" scan when scheduling scans, which is a smart scan I suppose.

That's good to know...! I think I used a context-menu scan when the file was detected (I right clicked the folder and told eset to scan it). Well, I guess if only archives are excluded in the smart scan then it won't do much harm if malware isn't detected, since the malware isn't 'active'. Still, I find it a bit odd that archives are excluded in the first place.

Will do! Thank you for your help. But whether it is a false positive or not, shouldn't ESET detect it as malware regardless of the scope of the scan performed? How come it is only detected when scanning the respective folder directly? This makes me doubt ESET's ability to detect malware on a regular basis, performing broad scans regularly.

Perfect. Here it is:

Thank you for your quick answer. Do I just attach the file here or do I send it to you via pn?

Hi, I just randomly ran a scan of my "Download" folder (C:\Users\Tino\Downloads), just to find a trojan lurking in the bottom of the folder in a zip file. Been there since 2016, I guess it didn't do any damage yet. However, I regularly scan my PC, and just ran a custom scan of my entire C-disk again. Eset doesn't find that malware if I run the big scan, how is that possible? Unfortunately my ESET is in German, if you want me to post logs I can, but I guess they won't help much...