Duhan Orhan
-
Posts
31 -
Joined
-
Last visited
Posts posted by Duhan Orhan
-
-
4 minutes ago, itman said:
You keep asking the same question over and over again.
The answer again and again is that Eset is detecting the crack software being used in SolidWorks download; i.e. .iso file as a PUA; i.e. potentially unwanted application. If you don't want Eset to detect as such, you will have to manually create a PUA exclusion for whatever Eset is detecting.
As to if Eset sometime in the future might decide that this detection is no longer a PUA but actually malware, that obviously is unknown.
Sorry, my main question is, even if the crack we downloaded is clean, is there a possibility that the Trojan will settle here when the computer gets infected
-
35 minutes ago, itman said:
Since Eset is detecting a hack tool associated with license cracking, it can be assumed that this Solidworks Premium version is a cracked version.
Additionally unless your family is wealthy, it can be assumed this version is a cracked one. I came across a web posting that noted in 2016, a SolidWorks Premium one year license in the U.S. costs $8,000 with a one year maintenance cost of $2,000 for that license. I will also note that in the U.S. software theft in this value range would be considered a felony punishable by a sizable fine and possible jail time.
My understanding is SolidWorks does have arrangements with universities in the U.S. at least, where student version licenses can be purchased at considerable discount price.
Thank you all for sparing your precious time for me.
I live in Turkey will probably no longer bother him crack one last question and then I'll leave SolidWorks is a lot of time on your computer in there. My brother is a mechanical engineer, it is not up to me to delete it. Is there a possibility that this will cause problems in the future, and when I run a comprehensive scan with Eset, it only detects this now. Can I be sure that I deleted the Trojan?
Thank you so much again
-
9 minutes ago, peteyt said:
It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it
Thanks now i understand
I wish I knew if it was crack
-
5 minutes ago, peteyt said:
It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it
I am not using any broken files except Solidworks
I don't know if Solidworks is crack because my brother downloaded it, is there any way to tell if it's cracked, and if it's not crack I don't have to worry, right?
-
6 minutes ago, Marcos said:
I would exclude the tool from detection since it appears to be part of another legitimate application that you use.
Thanks for a advice but we realized it was hacktool I don't understand much. Would it be better if I exclude it from scanning?
-
5 minutes ago, itman said:
To be technically correct, hack tools like this are undesirable and potentially dangerous software. Again, read the Microsoft definition excerpt I posted.
Eset's stance on hack tools is they classify them as potentially unwanted software. In other words, it is the user's decision as to what to do about the software:
1. Ignore Eset's detection.
2. Exclude the software from being detected by Eset.
3. Manually remove the software if Eset is unable to do so.
Eset deleted 2 hacktools a week ago, but they also deleted it, but this one is back and this time not deleted. I will do a full scan with Eset once again, if not, I will manually delete it, my only fear is that the solid is malfunctioning and my files in the solit cannot work.
thank you all
-
2 minutes ago, Marcos said:
I didn't say that, I wrote that Win32/Elevate is a potentially unsafe application, not a trojan or another malware.
İtman says :
Based on your posted screenshots, Eset's off-line scan is detecting the Trojan in a .iso file. Unless the .iso file is actually mounted as a virtual drive, there is no way the Trojan can execute.
Mentioned that there might be trojans in it
-
3 minutes ago, Marcos said:
Win32/Elevate is a potentially unsafe application, not malware. Ie. a legit tool that can be bundled with other applications.
In your case it was detected in an iso image which is probably a quite big file. If ESET cleans the whole iso, it encrypts it and moves it to the quarantine folder which may take long if the file is more than 1 GB in size. I would recommend excluding Win32/Elevate from detection.
Thank you so much
The free version of Eset will expire after 4 days, you said it was a trojan, if I do nothing, will it cause problems in the future?
-
Just now, Duhan Orhan said:
Eset had detected and deleted win32 / elevate.exe with real-time protection, and when I performed a comprehensive scan yesterday, eset detected the same extension, there was only the delete option at the end of the scan.When I clicked delete, the computer froze and when I scanned again, I pressed delete again, and this time, although the scan was finished, it was an hour I waited, nothing happened, in short, eset cannot delete it win32 / elevate.exe it is a trojan virus? If I activate automatic deletion while browsing with eset, will it?
Most important Even though Eset erased this perception, how did the same perception come about again ?
The computer was infected with a trojan a month ago. I thought I deleted it if there is a possibility of it being a trojan.
-
Eset had detected and deleted win32 / elevate.exe with real-time protection, and when I performed a comprehensive scan yesterday, eset detected the same extension, there was only the delete option at the end of the scan.When I clicked delete, the computer froze and when I scanned again, I pressed delete again, and this time, although the scan was finished, it was an hour I waited, nothing happened, in short, eset cannot delete it win32 / elevate.exe it is a trojan virus? If I activate automatic deletion while browsing with eset, will it?
Most important Even though Eset erased this perception, how did the same perception come about again ?
-
4 minutes ago, itman said:
That's the date associated with first analysis of elevate.exe I assume.
Yes.
Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously.
Thank you very much, I will do a full scan again and if it finds it, I will delete it with eset. This virus was infected 20 days ago. When I deleted it, something new comes out. I want to be completely sure. I hope eset will not disappoint me.
-
6 minutes ago, itman said:
Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly.
It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it.
Well, it was first seen in 2018 at the bottom. Has it been on the computer since 2018 or is it related to the trojan?
-
3 minutes ago, Marcos said:
It's a potentially unsafe application, ie. legitimate tool that could be misused in the wrong hands. It's not detected by default.
2 weeks ago I deleted the trojan on the computer and now it detected as detection. There are 2 options at the end of the scan. Should I delete it or not?
-
When I did a full scan with eset, it found the same and cleaned it, but when I did a comprehensive scan again, it found the same software as detection, this is my virus and there is clean or delete in the actions option. And is this a virus?
-
13 hours ago, itman said:
Assuming you are running Win 10 and have a newer PC that uses UEFI versus BIOS, you can access UEFI settings via Win 10 Advanced Startup settings: https://www.wikihow.com/Enter-the-BIOS-on-a-Lenovo-Laptop . The article references Lenovo but this should work for most PCs with a UEFI.
Just be careful about any modifications done in the UEFI. Modifying the wrong one can bork your device unless you know what you are doing.
Thanks I entered, but there is no computrace setting. I need to update the BIOS but it is too risky. I have 2 questions. What is the seriousness of this vulnerability? Can you explain it a little bit and I did not activate the computrace, did it remain as a vulnerability since the computer was installed?
-
14 hours ago, Nightowl said:
When you restart your PC , right before it goes to load Windows , you should be able to get into BIOS settings by clicking the HOTKEY , each motherboard manufacturer has a different hotkey for the options , I found those might help :
- Acer: F2 or DEL
- ASUS: F2 for all PCs, F2 or DEL for motherboards
- Dell: F2 or F12
- HP: ESC or F10
- Lenovo: F2 or Fn + F2
- Lenovo (Desktops): F1
- Lenovo (ThinkPads): Enter + F1.
- MSI: DEL for motherboards and PCs
- Microsoft Surface Tablets: Press and hold volume up button.
- Origin PC: F2
- Samsung: F2
- Sony: F1, F2, or F3
- Toshiba: F2
Thanks I entered, but there is no computrace setting. I need to update the BIOS but it is too risky. I have 2 questions. What is the seriousness of this vulnerability? Can you explain it a little bit and I did not activate the computrace, did it remain as a vulnerability since the computer was installed?
-
7 hours ago, Nightowl said:
You are welcome , I hope it will help.
I follow the instructions in the videos I watch, but the BIOS option does not appear. I am using Windows 10. How can I enter the BIOS?
-
1 minute ago, Nightowl said:
You can just ignore it , exclude it from ESET detection if you don't want to keep it from coming up
Once disabled in BIOS it should be more safe that CompuTrace will not be able to run as it's disabled from the BIOS.
Thanks for a advice i understand
-
3 minutes ago, Nightowl said:
From BIOS settings there should be an option to turn off CompuTrace but there is a possibiltiy that ESET will keep detecting it no matter if you disable it or not , because it's still remains in the BIOS
If the PC manufacturers have a BIOS update that doesn't include CompuTrace , then you can get rid of it , but if not then there is nothing to do other than replace the PC or disable it from BIOS settings.
as far as I understand, I will close computrace and update bios if there is one, but if eSet finds it again, do I need to deal with it any more? Will it damage the computer? And thanks for a advice
-
Hi, first of all, I shared a similar topic and my goal is to get advice. In consultation with experts, this extension
a variant of EFI.CompuTrace.A
I understood that it is not a rootkit or cyber attack, do you think I should ignore it or disable the computrace and do bios updates and I do not know how to do it if I disable the compute, will it damage the system
\\Uefi Partition = UEFI = uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - EFI/CompuTrace.A
Not dangerous for sure, right ?
-
2 minutes ago, itman said:
You might want to also read this Eset article: https://www.eset.com/us/about/newsroom/corporate-blog/what-you-need-to-know-about-lojax-the-new-stealthy-malware-from-fancy-bear/ .
Lojax is the malicious malware associated with Computrace's Lojack firmware software. Lojax needs Lojack present to operate. If you receive an Eset alert related to Lojax malware present, then you have a real problem. The present alert you are receiving from Eset is a warning that Computrace's Lojack software exists. In other words, that you are vulnerable to a Lojax attack.
All of Eset's protection settings are active and I have not received any notifications. Could there be a wrong perception, should I focus on it more?
-
Just now, Marcos said:
It came pre-installed with your motherboard, it's not malware related.
If it's a self-loading kind of system, why does ESET detect it? And it is shown as dangerous malware in the articles I read, thank you so much for your time, the only thing I want to understand is is this problem for me?
-
13 minutes ago, Marcos said:
Please follow the instructions in https://support.eset.com/en/kb6567. If updating the UEFI firmware doesn't make any difference, exclude the pot. unsafe application from detection by adding it to detection exclusions. CompuTrace is not a virus not threat but a potentially unsafe application, ie. it's not detected with default settings.
Thanks for your advice, but the process is very complicated. Does this extension install itself on the computer or is it trojan related?
-
My computer got trojan emotet 1 week ago and I cleaned it, but today when I did a full scan with eset, it found 3 detections 2 of them were infected and cleaned but Uefi could not remove the extension named firmware how can I clean it ? if it is a virus and do another type of scan to make sure there are no other viruses
Win32/Elevate.A How can i remove him
in Malware Finding and Cleaning
Posted
Thanks, I better leave this decision to my brother