Duhan Orhan 0 Posted February 24, 2021 Share Posted February 24, 2021 When I did a full scan with eset, it found the same and cleaned it, but when I did a comprehensive scan again, it found the same software as detection, this is my virus and there is clean or delete in the actions option. And is this a virus? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted February 24, 2021 Administrators Share Posted February 24, 2021 It's a potentially unsafe application, ie. legitimate tool that could be misused in the wrong hands. It's not detected by default. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted February 24, 2021 Author Share Posted February 24, 2021 3 minutes ago, Marcos said: It's a potentially unsafe application, ie. legitimate tool that could be misused in the wrong hands. It's not detected by default. 2 weeks ago I deleted the trojan on the computer and now it detected as detection. There are 2 options at the end of the scan. Should I delete it or not? Link to comment Share on other sites More sharing options...
Solution itman 1,789 Posted February 24, 2021 Solution Share Posted February 24, 2021 (edited) Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly. It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it. Edited February 24, 2021 by itman Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted February 24, 2021 Author Share Posted February 24, 2021 6 minutes ago, itman said: Appears one of your apps, Solidworks cam editor, or something similar is using elevate.exe described here: https://www.processchecker.com/file/Elevate.exe.html to perform hidden process privilege elevation. Also appear elevate.exe is the equal to the Windows runas command. If you delete elevate.exe in its associated directory, whatever Solidworks app you're using might no longer work properly. It's your decision here how to proceed. Delete elevate.exe or create an Eset PUA exclusion for it. Well, it was first seen in 2018 at the bottom. Has it been on the computer since 2018 or is it related to the trojan? Link to comment Share on other sites More sharing options...
itman 1,789 Posted February 24, 2021 Share Posted February 24, 2021 1 minute ago, Duhan Orhan said: Well, it was first seen in 2018 at the bottom. That's the date associated with first analysis of elevate.exe I assume. 2 minutes ago, Duhan Orhan said: is it related to the trojan? Yes. Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted February 24, 2021 Author Share Posted February 24, 2021 4 minutes ago, itman said: That's the date associated with first analysis of elevate.exe I assume. Yes. Again, Eset is detecting this a PUA. In other words, it could be abused for malicious purposes. Not that it is actually being used maliciously. Thank you very much, I will do a full scan again and if it finds it, I will delete it with eset. This virus was infected 20 days ago. When I deleted it, something new comes out. I want to be completely sure. I hope eset will not disappoint me. Link to comment Share on other sites More sharing options...
itman 1,789 Posted February 24, 2021 Share Posted February 24, 2021 Here's how I would recommend an Eset PUA detection be evaluated. If the PUA detection source is from a download or installed software, first assess the source. If it was from a trusted publisher's associated web site, it is probably safe to exclude the detection. If the source is a cracked software download or from an untrusted download source, I would delete the download and/or uninstall the cracked software. The easiest way to get malware currently is to use cracked software. Link to comment Share on other sites More sharing options...
Recommended Posts