Jump to content

An issue with advanced and startup scanners


Recommended Posts

Hi,

I made an advanced memory test to see if it is efficient or not ..

I launcehed a trojan while all eset module are disabled, then I enabled these modules and found that advanced memory scanner cannot clean the trojan (a variant of ..), also startup scanner cannot do the job.

I updated the security program, and whereupon startup scanner now can clean the same trojan after it has a new name (after db has been updated):



So, why advanced memory and startup scanners could't clean the trojan before updating the database in spite of the two scanners had detected it?

post-0-0-92894500-1387529557_thumb.png

Link to comment
Share on other sites

Hello Gualano Marco

Out of curiosity, did you also tried to launch the " specialized cleaners" that you find under "Help and support". If your trojan is a new variant (they are unfortunately quite often updated by the malware writer) then please submit it, so all of the Eset's community can benefit of your finding: How do I submita virus, website or potential false positive sample to ESET's lab?

Regards Janus.

post-65-0-32690700-1387531529_thumb.png

Edited by Janus
Link to comment
Share on other sites

  • Administrators

It could be that the malware was already injected in another running process and the path to the file couldn't be determined until a signature was created and the file could be recognized on the disk, too. Please upload the malware in a password-protected archive to a safe location and pm me the download link so that I can test it myself.

Link to comment
Share on other sites

  • Administrators

Hello Gualano Marco

Out of curiosity, did you also tried to launch the " specialized cleaners" that you find under "Help and support". If your trojan is a new variant (they are unfortunately quite often updated by the malware writer) then please submit it, so all of the East community can benefit of your finding: How do I submita virus, website or potential false positive sample to ESET's lab?

Regards Janus.

 

The specialized cleaner doesn't clean MSIL/Bladabindi malware so it wouldn't help in this case.

Link to comment
Share on other sites

A question: MSIL/Bladabindi is a advanced infection/trojan, which create a backdoor and have keylogging features. So, should the tool " specialised cleaners"not be able to handle a situation like this? and how does the user know what infections "specialised cleaners" covers? Is it possible in the future to implement a feature, so when you hover your cursor over the tool " specialized cleaner" then you will be able to see what it, at present time, covers. Or the information could be found in a updated Knowledge base article?

Regards Janus :-))

Edited by Janus
Link to comment
Share on other sites

  • ESET Moderators

Is it possible in the future to implement a feature, so when you hover your cursor over the tool " specialized cleaner" then you will be able to see what it, at present time, covers. Or the information could be found in a updated Knowledge base article?

Regards Janus :-))

 

I will look into the option for a pop-up window for the "Specialized cleaner" link in the product GUI (it's possible to add the pop-up, we'll just have to see how efficient it will be to make sure the information displayed is always the most current).

 

There is an ESET Knowledgebase article, that afaik, contains the most up-to-date information regarding the ESET Specialized Cleaner:

 

How do I use the ESET Specialized Cleaner?

Edited by foneil
confirmed that KB article SOLN3322 contains up-to-date information
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...