Win32/Elevate.A İt is a virus?

[Duhan Orhan 0]

When I did a full scan with eset, it found the same and cleaned it, but when I did a comprehensive scan again, it found the same software as detection, this is my virus and there is clean or delete in the actions option. And is this a virus?

[Marcos 5,074]

It's a potentially unsafe application, ie. legitimate tool that could be misused in the wrong hands. It's not detected by default.

[Duhan Orhan 0]

3 minutes ago, Marcos said:

It's a potentially unsafe application, ie. legitimate tool that could be misused in the wrong hands. It's not detected by default.

2 weeks ago I deleted the trojan on the computer and now it detected as detection. There are 2 options at the end of the scan. Should I delete it or not?

[itman 1,659]

Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html  to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly.

It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it. 

Edited February 24, 2021 by itman

[Duhan Orhan 0]

6 minutes ago, itman said:

Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html  to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly.

It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it. 

Well, it was first seen in 2018 at the bottom. Has it been on the computer since 2018 or is it related to the trojan?

[itman 1,659]

1 minute ago, Duhan Orhan said:

Well, it was first seen in 2018 at the bottom.

That's the date associated with first analysis of elevate.exe I assume.

2 minutes ago, Duhan Orhan said:

is it related to the trojan?

Yes.

Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously.

[Duhan Orhan 0]

4 minutes ago, itman said:

That's the date associated with first analysis of elevate.exe I assume.

Yes.

Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously.

Thank you very much, I will do a full scan again and if it finds it, I will delete it with eset. This virus was infected 20 days ago. When I deleted it, something new comes out. I want to be completely sure. I hope eset will not disappoint me.

[itman 1,659]

Here's how I would recommend an Eset PUA detection be evaluated.

If the PUA detection source is from a download or installed software, first assess the source. If it was from a trusted publisher's associated web site, it is probably safe to exclude the detection. If the source is a cracked software download or from an untrusted download source, I would delete the download and/or uninstall the cracked software.

The easiest way to get malware currently is to use cracked software.