Gualano Marco 2 Posted December 20, 2013 Share Posted December 20, 2013 Hi,I made an advanced memory test to see if it is efficient or not ..I launcehed a trojan while all eset module are disabled, then I enabled these modules and found that advanced memory scanner cannot clean the trojan (a variant of ..), also startup scanner cannot do the job.I updated the security program, and whereupon startup scanner now can clean the same trojan after it has a new name (after db has been updated):So, why advanced memory and startup scanners could't clean the trojan before updating the database in spite of the two scanners had detected it? Link to comment Share on other sites More sharing options...
Janus 210 Posted December 20, 2013 Share Posted December 20, 2013 (edited) Hello Gualano MarcoOut of curiosity, did you also tried to launch the " specialized cleaners" that you find under "Help and support". If your trojan is a new variant (they are unfortunately quite often updated by the malware writer) then please submit it, so all of the Eset's community can benefit of your finding: How do I submita virus, website or potential false positive sample to ESET's lab?Regards Janus. Edited December 20, 2013 by Janus Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted December 20, 2013 Administrators Share Posted December 20, 2013 It could be that the malware was already injected in another running process and the path to the file couldn't be determined until a signature was created and the file could be recognized on the disk, too. Please upload the malware in a password-protected archive to a safe location and pm me the download link so that I can test it myself. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted December 20, 2013 Administrators Share Posted December 20, 2013 Hello Gualano Marco Out of curiosity, did you also tried to launch the " specialized cleaners" that you find under "Help and support". If your trojan is a new variant (they are unfortunately quite often updated by the malware writer) then please submit it, so all of the East community can benefit of your finding: How do I submita virus, website or potential false positive sample to ESET's lab? Regards Janus. The specialized cleaner doesn't clean MSIL/Bladabindi malware so it wouldn't help in this case. Link to comment Share on other sites More sharing options...
Janus 210 Posted December 20, 2013 Share Posted December 20, 2013 (edited) A question: MSIL/Bladabindi is a advanced infection/trojan, which create a backdoor and have keylogging features. So, should the tool " specialised cleaners"not be able to handle a situation like this? and how does the user know what infections "specialised cleaners" covers? Is it possible in the future to implement a feature, so when you hover your cursor over the tool " specialized cleaner" then you will be able to see what it, at present time, covers. Or the information could be found in a updated Knowledge base article?Regards Janus :-)) Edited December 20, 2013 by Janus Link to comment Share on other sites More sharing options...
Gualano Marco 2 Posted December 20, 2013 Author Share Posted December 20, 2013 Hi, although after updating ess db, advanced memory cleaner cannot clean the infected os with the new named trojan too: Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted December 26, 2013 ESET Moderators Share Posted December 26, 2013 (edited) Is it possible in the future to implement a feature, so when you hover your cursor over the tool " specialized cleaner" then you will be able to see what it, at present time, covers. Or the information could be found in a updated Knowledge base article? Regards Janus :-)) I will look into the option for a pop-up window for the "Specialized cleaner" link in the product GUI (it's possible to add the pop-up, we'll just have to see how efficient it will be to make sure the information displayed is always the most current). There is an ESET Knowledgebase article, that afaik, contains the most up-to-date information regarding the ESET Specialized Cleaner: How do I use the ESET Specialized Cleaner? Edited December 27, 2013 by foneil confirmed that KB article SOLN3322 contains up-to-date information Link to comment Share on other sites More sharing options...
Recommended Posts