josh_bdn

Okay so I ran the sample again and the dropped file was quickly detected as Win32/Packed.Obsidium.LG So as far as I can tell Eset now blocks the file before it does any damage. Thanks for the quick implementation of the detection. The only thing that bothers me is: Why didnt Eset block the sample automatically before? I mean it adds exceptions to Defender to evade detection, it breaks and deletes Windows Update. Arent that actions that should be prevented by HIPS/Behavioral Detection?

I sent the logs to you via DM

On my system I constantly get the detection Win64/CoinMiner.IZ Every few seconds a file gets dropped C:\ProgramData\fmtjrnlncwpn\diltklqafxsg.exe Eset deletes the file and then it gets created again. Cmd.exe is constantly running with about 800 MB of RAM use. Still happens even after full scan and reboot. But I think this is the same file as WeAura.exe

Thanks for the reply. Yes these are the two submissions I mean. About the first one: The exe didnt run without the other files on my end so I just kept them in the zip file just in case. The second one: When I last checked on my mac Eset didnt detect the file. Maybe this is an issue on my end I will check later. Then I said that there were two samples missed when I tested yesterday. The other one was a large files (800 MB). Eset has a detection for it but still lets it execute. I reduced the file size and uploaded it to VT. 9ff1ca0678c81ef0cd6bef34c76fb73ed5bcd571dc3c3de356422f1859072720 Even for this file: When I manually scan the file it blocks it. When I download it and execute it it isnt blocked. Eset detects RedLine stealer in memory after execution and then continues to detect a CoinMiner every few seconds but isnt able to remove it.

My personal experience with Eset also got worse during this year. I was not pleased with the protection and because of that I used another product for the past few months. Yesterday I tried Eset again and tested it with a few samples. I tested with just 5 files (mostly infostealers) and it didnt detect 2 of them. Both were successful at stealing the information and one installed a Coin Miner that Eset wasnt able to remove. Also I sent an undetected sample to Eset a month ago and I still have no response and it is still undetected. In the past it normaly took under 24 hours for them to add a detection.