Tino 0 Posted October 15, 2018 Share Posted October 15, 2018 Hi, I just randomly ran a scan of my "Download" folder (C:\Users\Tino\Downloads), just to find a trojan lurking in the bottom of the folder in a zip file. Been there since 2016, I guess it didn't do any damage yet. However, I regularly scan my PC, and just ran a custom scan of my entire C-disk again. Eset doesn't find that malware if I run the big scan, how is that possible? Unfortunately my ESET is in German, if you want me to post logs I can, but I guess they won't help much... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 15, 2018 Administrators Share Posted October 15, 2018 Please gather logs with ELC and provide me with the generated archive for perusal. Threats in archives do not pose any risk unless the malicious file are extracted at which point they are scanned by real-time protection. Also web access protection scans inside archives, therefore any such threats should be detected and removed upon download. Link to comment Share on other sites More sharing options...
Tino 0 Posted October 15, 2018 Author Share Posted October 15, 2018 Thank you for your quick answer. Do I just attach the file here or do I send it to you via pn? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 15, 2018 Administrators Share Posted October 15, 2018 You can post it here. Only moderators have access to attachments. Link to comment Share on other sites More sharing options...
Tino 0 Posted October 15, 2018 Author Share Posted October 15, 2018 (edited) Perfect. Here it is: Edited October 18, 2018 by Tino Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 15, 2018 Administrators Share Posted October 15, 2018 C:\Users\Tino\Downloads\savilerow-1.6.4-windows.zip » ZIP » savilerow-1.6.4-windows/bin/minion.exe - a variant of Win32/Kryptik.AI trojan - action selection postponed until scan completion The Kryptik.AI detection is from 2008 so it could be a false positive. Please submit the zip file to ESET as per the instructions at https://support.eset.com/kb141/. If too big to email it, upload it to Dropbox, OneDrive, etc. and provide only a download link. Link to comment Share on other sites More sharing options...
Tino 0 Posted October 16, 2018 Author Share Posted October 16, 2018 Will do! Thank you for your help. But whether it is a false positive or not, shouldn't ESET detect it as malware regardless of the scope of the scan performed? How come it is only detected when scanning the respective folder directly? This makes me doubt ESET's ability to detect malware on a regular basis, performing broad scans regularly. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted October 16, 2018 Most Valued Members Share Posted October 16, 2018 16 minutes ago, Tino said: Will do! Thank you for your help. But whether it is a false positive or not, shouldn't ESET detect it as malware regardless of the scope of the scan performed? How come it is only detected when scanning the respective folder directly? This makes me doubt ESET's ability to detect malware on a regular basis, performing broad scans regularly. Indeed ESET should detect it whether you told ESET to scan the whole computer or just the folder that contains the threat , there is something wrong here. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 16, 2018 Administrators Share Posted October 16, 2018 "Smart scan" doesn't scan inside archives by default. Maybe you used a custom or context-menu scan with archives enabled when the file was detected. Link to comment Share on other sites More sharing options...
Tino 0 Posted October 16, 2018 Author Share Posted October 16, 2018 28 minutes ago, Marcos said: "Smart scan" doesn't scan inside archives by default. Maybe you used a custom or context-menu scan with archives enabled when the file was detected. That's good to know...! I think I used a context-menu scan when the file was detected (I right clicked the folder and told eset to scan it). Well, I guess if only archives are excluded in the smart scan then it won't do much harm if malware isn't detected, since the malware isn't 'active'. Still, I find it a bit odd that archives are excluded in the first place. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted October 16, 2018 Most Valued Members Share Posted October 16, 2018 1 hour ago, Tino said: That's good to know...! I think I used a context-menu scan when the file was detected (I right clicked the folder and told eset to scan it). Well, I guess if only archives are excluded in the smart scan then it won't do much harm if malware isn't detected, since the malware isn't 'active'. Still, I find it a bit odd that archives are excluded in the first place. Do a custom scan and set it to scan everything including the archives. Scanning archives will make the scan take longer time. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 16, 2018 Administrators Share Posted October 16, 2018 2 hours ago, Tino said: Still, I find it a bit odd that archives are excluded in the first place. Smart scan is meant to be fast and to detect malicious files that can be executed right away. On the other hand, if one needs to scan the machine thoroughly he or she can use the In-depth scan profile which has scanning of archives enabled. Link to comment Share on other sites More sharing options...
Tino 0 Posted October 16, 2018 Author Share Posted October 16, 2018 Rami, Marcos, makes total sense. Is it possible to schedule a custom-scan? I can only select "on-demand" scan when scheduling scans, which is a smart scan I suppose. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted October 16, 2018 Most Valued Members Share Posted October 16, 2018 34 minutes ago, Tino said: Rami, Marcos, makes total sense. Is it possible to schedule a custom-scan? I can only select "on-demand" scan when scheduling scans, which is a smart scan I suppose. It's explained here : https://support.eset.com/kb3207/?viewlocale=en_US You could make custom scan with your prefered settings and then add it to the Scheduler. Link to comment Share on other sites More sharing options...
Tino 0 Posted October 17, 2018 Author Share Posted October 17, 2018 Got it Rami! Thank you. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted October 17, 2018 Most Valued Members Share Posted October 17, 2018 7 minutes ago, Tino said: Got it Rami! Thank you. You are welcome Link to comment Share on other sites More sharing options...
Recommended Posts