Jump to content

Latest Adobe Flash update flagged with Win32/Kryptik.KGY trojan variant


opti1

Recommended Posts

34 minutes ago, itman said:

Obviously it is impossible to determine what actually happened.

Review your Eset Detections log for entries related to this incident. It might actually show what file/s were deleted.

Barring further Eset like malware detection or abnormal PC behavior, I would say this detected threat has been removed.

My ESET Detections log, shown below, has only four entries, all associated with this incident.

I assume that is one entry for each of the four times I clicked on the Delete button (instead of the 'Allow to proceed' button) because the window was slow to close.

I cannot find anywhere that specifically shows which files were deleted, only that Delete was the action taken.

Thanks again for all of your input into my trying to understand this incident.

 

 

 

eset_log_detections_trojan.JPG

Link to comment
Share on other sites

There is another possibility here and it's an ugly one.

Eset's detection was memory based. That is it detected a code signature for Win32/Kryptik.KGY in the memory space used by the Adobe FlashPlayer installer that had loaded and is currently executing. It is possible that there is some other resident malware present that performed the code injection.

However, there are a couple of problems with this. The first is installers run with System privileges, the highest available. The malware therefore would require like privileges to perform the code injection. Whereas its not impossible for malware to acquire System privileges, it is a rare occurrence. Next is if malware is performing memory code injection, it is doubtful it would be doing so for just a single process; especially for one that was just downloaded.

Therefore, anyone affected by this should submit the FlashPlayer download to Eset under the False Positive category. Include a link to this forum thread in your submission.

 

Link to comment
Share on other sites

39 minutes ago, itman said:

There is another possibility here and it's an ugly one.

Eset's detection was memory based. That is it detected a code signature for Win32/Kryptik.KGY in the memory space used by the Adobe FlashPlayer installer that had loaded and is currently executing. It is possible that there is some other resident malware present that performed the code injection.

However, there are a couple of problems with this. The first is installers run with System privileges, the highest available. The malware therefore would require like privileges to perform the code injection. Whereas its not impossible for malware to acquire System privileges, it is a rare occurrence. Next is if malware is performing memory code injection, it is doubtful it would be doing so for just a single process; especially for one that was just downloaded.

Therefore, anyone affected by this should submit the FlashPlayer download to Eset under the False Positive category. Include a link to this forum thread in your submission.

 

Ugh.

Unfortunately I no longer have the Flash Player download I ran that caused trouble on the laptop. I asked ESET to delete it.

I still have the one I downloaded to the desktop, and also the one from last month, but I don't know that they would help since both ran without issues.

By the way, it seems that I have the current updated version of the Flash Player on the laptop so it appears that the update installer completed its task.

Thanks again for all of your input into my trying to understand this incident.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...