-
Posts
12,102 -
Joined
-
Last visited
-
Days Won
319
Everything posted by itman
-
If it was related to an Eset module, one would expect the same erratic Custom scan In-depth profile behavior to manifest when using the In-depth profile for a default scan which is not the case. Some other undisclosed scan behavior is occurring when a Custom scan is being used which needs to be fully disclosed. For example, the registry option should not be selected when performing a Custom scan.
-
On-Demand scan option is the default when you select "Scan my computer" via Eset GUI. If you wish to change it from the default Smart profile scan, you would first have to enter Advanced setup mode in the GUI. Then select Malware Scans option. At this point, the On-demand scan options are presented. Change Selected profile option to In-Depth and save your changes. Exit Advanced setup mode and now select Computer scan -> Scan my computer. Once the scan is completed, you can repeat the above and change profile option back to Smart mode if you so desire.
-
Below are the scan log entries from two test scans I ran today. Both scans ran for approximately the same time till I terminated then. Custom scan using In-depth profile - Eset still scanning registry entries at time of scan termination; Time;Scanned folders;Scanned;Detected;Cleaned;Status 10/24/2023 10:28:43 AM;Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\;E:\Boot sectors/UEFI;E:\;G:\Boot sectors/UEFI;G:\;H:\Boot sectors/UEFI;H:\;3990;0;0;Interrupted by user On-demand scan using In-depth profile - Registry scanning completed and Eset scanning WMI entries at time of scan termination; Time;Scanned folders;Scanned;Detected;Cleaned;Status 10/24/2023 2:27:42 PM;Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;E:\Boot sectors/UEFI;C:\;D:\;E:\;WMI database;System registry;16036;0;0;Interrupted by user Note the difference is scan parameters generated by Eset.
-
As far as I am concerned, I know what the issue is. First, a review of Smart and In-depth profile ThreatSense parameters as shown in the On-Demand scan option. The difference between the two profile options is; Smart scan - Archives are not scanned. Smart Optimization is enabled. In-depth scan - Archives are scanned. Smart Optimization is disabled. The registry scan time for both profile options is the same; approx. 2 min.. Now for the Custom scan option. The Smart scan profile results in regards to registry scan time is the same as that for On-Demand Smart scan - approx. 2 mins. The In-depth registry scan time is well, in hours. What Eset is doing in the registry scan is beyond me and I don't really care at this point. If you wish to perform an In-depth scan, do so from the On-demand scan option selecting the In-depth scan profile.
-
Web site is blacklisted by Eset. VirusTotal shows Eset only vendor to detect malware on the web site.
-
If its believed this is a false positive detection, you can submit it to Eset per instructions given under the first topic given in the forum FAQ section. I will say that Eset web site detection's are "right on spot" when it comes to detecting JavaScript based malware. Also if the are using WordPress Plugin YOP Poll 6.3.2, it is vulnerable to cross-site scripting attack: https://www.acunetix.com/vulnerabilities/web/yop-poll-cross-site-scripting-6-3-2/ .
-
Here's my test results. Registry scan using Smart scan profile scanned 191 objects took 123 secs. Registry scan using In-depth scan profile ran 37 mins at which time I terminated it. As previously noted, I couldn't terminate the scan from Eset GUI; it just grayed out the pause and "X" buttons and kept on running. A system restart did stop the scanning. During this time, Eset scanning did spend extended scan time (> 5 mins.) on System32 directory files that didn't make any sense. One file was bi.dll - Background Broker Infrastructure Windows Client Library; a 30 KB file. Another file was ping.exe. One possible explanation for the extended scan times was files were being submitted to Eset cloud servers, but I saw no evidence of that.
-
Malicious file PHP/TrojanDownloader.Agent.CZ was detected
itman replied to FTL's topic in Malware Finding and Cleaning
The Github link I posted was to the original WP plug-in. My above posted screen shots show that this plug-in was modified by someone named Mr. 7Mind. This same individual also has numerous other scripts posted at Github including reverse shell backdoors. So it appears this hack was very much "an off-the-shelf" one. The question is where was the modified WP plug-in acquired from? -
nod32 - access was blocked
itman replied to a topic in Quick questions by guests (registration not required)
I get the same detection's using Firefox; minus the WDF.exe detection's. Don't know if this is Chrome related or not. Also, the venom.network detection is a PUA one. This means it's the user option if they wish to proceed to the web site at their own risk. -
Other recent postings in the forum have noted similar manual scan behavior in ver. 16.2.15. That is the scan stopping early in the scan. It appears to only affect some Eset installations and the cause has yet to be identified. In any case, the above is the reason for your laptop entering sleep mode. The Eset scan appears to be entering idle mode. Windows sees no active tasks are running and then initiates normal sleep mode per existing configured power saving settings. Also power saving battery mode only applies to when the laptop is not connected to an electrical outlet. You might try resetting Windows power & sleep settings to default Balanced values and see if this stops the behavior you are observing.
-
Malicious file PHP/TrojanDownloader.Agent.CZ was detected
itman replied to FTL's topic in Malware Finding and Cleaning
Believe I found the original code at Github: https://gist.github.com/kosinix/52c13666c5632dae559910dbfe180df2 -
Malicious file PHP/TrojanDownloader.Agent.CZ was detected
itman replied to FTL's topic in Malware Finding and Cleaning
Eset now finally blocking the domain; Also of interest is this domain won't scan at Sucuri. It displays the web site doesn't contain any data - go figure. -
Malicious file PHP/TrojanDownloader.Agent.CZ was detected
itman replied to FTL's topic in Malware Finding and Cleaning
My FF 118.0.2 showed code in plain text format. Note the modification author even stated who he is. Since this person has multiple scripts posted at Github, I assume this is where it originated from. -
Malicious file PHP/TrojanDownloader.Agent.CZ was detected
itman replied to FTL's topic in Malware Finding and Cleaning
Access ndot.us/za in a browser on Windows and see what happens. https://www.virustotal.com/gui/url/df38f83fac1af3dcc1a8c5380d99083d6ffa43ec6470c3bd433ed12541d1dc59/detection Interestingly, Eset didn't block the code from being displayed.