Masamunnex 0 Posted July 30, 2020 Share Posted July 30, 2020 So for some reason Eset detected SteelSeries software as a virus and i have no idea why, iv had the software since day 1 with eset and only now it detected it as a virus C:\Documents and Settings\All Users\SteelSeries\SteelSeries Engine 3\engineApps\system-stats\SysStatsGo.dll it says "suspicious file" is there any reason it started now to detect it ? i need to mention i didnt re-download this program it was downloaded from the official site 2 years ago Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 Please provide logs collected with ESET Log Collector. It sounds like a false positive but without logs we can't tell for sure. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 Just now, Marcos said: Please provide logs collected with ESET Log Collector. It sounds like a false positive but without logs we can't tell for sure. how do i give logs ? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 Please follow these instructions: How do I use ESET Log Collector? Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 2 minutes ago, Marcos said: Please follow these instructions: How do I use ESET Log Collector? can i provide a log without downloading the log collector ? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 It should be enough to upload "C:\ProgramData\ESET\ESET Security\Logs\virlog.dat" Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 (edited) 7 minutes ago, Marcos said: It should be enough to upload "C:\ProgramData\ESET\ESET Security\Logs\virlog.dat" i have a file called "virlog.dat" but it was modified on 19 of march 2019 is that the file you want ? and if so i tried to upload it but the site wont let me Edited July 30, 2020 by Masamunnex Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 Yes, that's the file I asked for. ZIP and RAR archives can be uploaded and now you should be able to upload DAT files too. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 There you go mate virlog.dat Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 I see it's 56 bytes in size, ie. empty. Let's upload all DAT files from that folder then. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 Just now, Marcos said: I see it's 56 bytes in size, ie. empty. Let's upload all DAT files from that folder then. devctrllog.dat hipslog.dat lasthit.dat urllog.dat virlog.dat warnlog.dat Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 Couldn't it be that the files were detected by the on-demand or startup scanner? Could you upload the file that was detected? If detected by real-time protection, pause it temporarily while you upload the file (compress it into a zip or rar archive, if possible). With ELC logs we would have all necessary information at once. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 (edited) 3 minutes ago, Marcos said: Couldn't it be that the files were detected by the on-demand or startup scanner? Could you upload the file that was detected? If detected by real-time protection, pause it temporarily while you upload the file (compress it into a zip or rar archive, if possible). With ESET Log Collector logs we would have all necessary information at once. The file was detected by an on-demand scan to be honest, the file is currently in quarantine, do i need to restore it to upload it ? Edited July 30, 2020 by Masamunnex Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 6 minutes ago, Masamunnex said: The file was detected by an on-demand scan to be honest, the file is currently in quarantine, do i need to restore it to upload it ? Yes please. Most likely it was just a false positive. We'll check it out and fix it, if a FP is confirmed. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 (edited) 6 minutes ago, Marcos said: Yes please. Most likely it was just a false positive. We'll check it out and fix it, if a FP is confirmed. There you go friend SysStatsGo.zip Edited July 30, 2020 by Masamunnex Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 Thanks, it appears to be FP made by Augur the machine-learning system which blocked the file in LiveGrid. The file has now been removed from the blacklist. We're investigating why it happened to prevent such FP in the future. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 2 minutes ago, Marcos said: Thanks, it appears to be FP made by Augur the machine-learning system which blocked the file in LiveGrid. The file has now been removed from the blacklist. We're investigating why it happened to prevent such FP in the future. Great to hear that Marcos, is it safe to restore the file to its original location ? Another question if you will, if Eset blocked a site by internal blacklist, that means my PC is safe right ? Eset blocked the attemp to access that site in the first place ? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted July 30, 2020 Administrators Share Posted July 30, 2020 1, Yes, it's safe to restore this file. 2, Correct. If access to a website has been blocked, the connection was terminated to protect your computer. There was a website in your log that was blocked on June 29. We've re-checked it and the malware was no longer there so we've unblocked it as well. Link to comment Share on other sites More sharing options...
Masamunnex 0 Posted July 30, 2020 Author Share Posted July 30, 2020 6 minutes ago, Marcos said: 1, Yes, it's safe to restore this file. 2, Correct. If access to a website has been blocked, the connection was terminated to protect your computer. Thank you very much Link to comment Share on other sites More sharing options...
Recommended Posts