Jump to content

Windows 7


fidelius2
 Share

Recommended Posts

Hello,

Nod32 warned the user of a PUA when it first saw the executable (on a USB key) allowing to alter the MBR. Fine.

But it was not able to see that the MBR of Windows 7 had been altered by a loader. The scan was made from a bootable cdrom with Eset Sysrescue in order not to be fooled by a rootkit or another bad thing deeply hidden. The scanning of MBR has been also asked.

Is it Eset policy or is it too difficult to detect ?

Link to comment
Share on other sites

Hi,

 

Was this a laptop or desktop ?

What version of virus database was used?

I have seen non-malicous loaders for windows 7, that is not detected as a threat or found by ESET software, simply because it is a rare pirated crack that has possibly not been seen by many computers around the world.

There are some loaders that also do not remain resident. They make the changes needed, and then delete themselves, leaving no traces behind to even be caught by scanners or software, simply because Windows appears to be acting normal.

Do you know which loader this was or can locate it manually ? You could also submit the data to ESET for study and future detections if possible.

 

Thanks for your posting.

Link to comment
Share on other sites

  • Administrators

Potentially unwanted applications don't perform modifications of mbr, such software would be classified as malware. I'd suggest submitting it to ESET's Malware research lab for analysis and possible reclassification if it's confirmed that it modifies mbr.

Link to comment
Share on other sites

Nod32 says it is Win32/HackTool.WinActivator.I

On Virust*t*l 21 out of 50 AV flag it us such.

What I do not understand is why the the file EXE is flagged and once it has been run from a USB stick, an outside scan of the mbr returns nothing. I guess it modifies the mbr because it is loaded before Windows is started.

Link to comment
Share on other sites

  • ESET Moderators

Hello,

Some hacking tools are classified as Potentially Unsafe Applications.

If you would like to submit the Win32/HackTool.WinActivator.I file to ESET's researchers for further examination, you can do so by following the instructions ESET Knowledgebase Article #141, "How do I submit a virus, website or potential false positive sample to ESET's lab?."

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...