Duhan Orhan 0 Posted March 2, 2021 Share Posted March 2, 2021 Eset had detected and deleted win32 / elevate.exe with real-time protection, and when I performed a comprehensive scan yesterday, eset detected the same extension, there was only the delete option at the end of the scan.When I clicked delete, the computer froze and when I scanned again, I pressed delete again, and this time, although the scan was finished, it was an hour I waited, nothing happened, in short, eset cannot delete it win32 / elevate.exe it is a trojan virus? If I activate automatic deletion while browsing with eset, will it? Most important Even though Eset erased this perception, how did the same perception come about again ? Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 2, 2021 Author Share Posted March 2, 2021 Just now, Duhan Orhan said: Eset had detected and deleted win32 / elevate.exe with real-time protection, and when I performed a comprehensive scan yesterday, eset detected the same extension, there was only the delete option at the end of the scan.When I clicked delete, the computer froze and when I scanned again, I pressed delete again, and this time, although the scan was finished, it was an hour I waited, nothing happened, in short, eset cannot delete it win32 / elevate.exe it is a trojan virus? If I activate automatic deletion while browsing with eset, will it? Most important Even though Eset erased this perception, how did the same perception come about again ? The computer was infected with a trojan a month ago. I thought I deleted it if there is a possibility of it being a trojan. Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 2, 2021 Share Posted March 2, 2021 Based on your posted screenshots, Eset's off-line scan is detecting the Trojan in a .iso file. Unless the .iso file is actually mounted as a virtual drive, there is no way the Trojan can execute. If that .iso is mounted, you need to remove it. As far as eliminating future Eset detections of the same, manually delete the .iso file. Also if this SolidWorks software you're using is a cracked version, uninstall it and manually delete any leftover remnants of it. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,408 Posted March 2, 2021 Administrators Share Posted March 2, 2021 Win32/Elevate is a potentially unsafe application, not malware. Ie. a legit tool that can be bundled with other applications. In your case it was detected in an iso image which is probably a quite big file. If ESET cleans the whole iso, it encrypts it and moves it to the quarantine folder which may take long if the file is more than 1 GB in size. I would recommend excluding Win32/Elevate from detection. Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 2, 2021 Share Posted March 2, 2021 (edited) I couldn't find Eset's definition of Win32/Elevate.A. But here's Microsoft's definition of it: Quote HackTool:Win32/Elevate.A Hacktools can be used to patch or "crack" some software so it will run without a valid license or genuine product key. Beware of running hacktools because they can be associated with malware or unwanted software. We often see malware on PCs where hacktools are detected. You can read more about hacktools in Volume 13 of the Security Intelligence Report. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool%3aWin32%2fElevate.A Edited March 2, 2021 by itman Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 2, 2021 Author Share Posted March 2, 2021 3 minutes ago, Marcos said: Win32/Elevate is a potentially unsafe application, not malware. Ie. a legit tool that can be bundled with other applications. In your case it was detected in an iso image which is probably a quite big file. If ESET cleans the whole iso, it encrypts it and moves it to the quarantine folder which may take long if the file is more than 1 GB in size. I would recommend excluding Win32/Elevate from detection. Thank you so much The free version of Eset will expire after 4 days, you said it was a trojan, if I do nothing, will it cause problems in the future? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,408 Posted March 2, 2021 Administrators Share Posted March 2, 2021 6 minutes ago, Duhan Orhan said: The free version of Eset will expire after 4 days, you said it was a trojan, if I do nothing, will it cause problems in the future? I didn't say that, I wrote that Win32/Elevate is a potentially unsafe application, not a trojan or another malware. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 2, 2021 Author Share Posted March 2, 2021 2 minutes ago, Marcos said: I didn't say that, I wrote that Win32/Elevate is a potentially unsafe application, not a trojan or another malware. İtman says : Based on your posted screenshots, Eset's off-line scan is detecting the Trojan in a .iso file. Unless the .iso file is actually mounted as a virtual drive, there is no way the Trojan can execute. Mentioned that there might be trojans in it Link to comment Share on other sites More sharing options...
Solution itman 1,790 Posted March 2, 2021 Solution Share Posted March 2, 2021 (edited) 19 minutes ago, Duhan Orhan said: Mentioned that there might be trojans in it To be technically correct, hack tools like this are undesirable and potentially dangerous software. Again, read the Microsoft definition excerpt I posted. Eset's stance on hack tools is they classify them as potentially unwanted software. In other words, it is the user's decision as to what to do about the software: 1. Ignore Eset's detection. 2. Exclude the software from being detected by Eset. 3. Manually remove the software if Eset is unable to do so. Edited March 2, 2021 by itman Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 2, 2021 Author Share Posted March 2, 2021 5 minutes ago, itman said: To be technically correct, hack tools like this are undesirable and potentially dangerous software. Again, read the Microsoft definition excerpt I posted. Eset's stance on hack tools is they classify them as potentially unwanted software. In other words, it is the user's decision as to what to do about the software: 1. Ignore Eset's detection. 2. Exclude the software from being detected by Eset. 3. Manually remove the software if Eset is unable to do so. Eset deleted 2 hacktools a week ago, but they also deleted it, but this one is back and this time not deleted. I will do a full scan with Eset once again, if not, I will manually delete it, my only fear is that the solid is malfunctioning and my files in the solit cannot work. thank you all Link to comment Share on other sites More sharing options...
Administrators Marcos 5,408 Posted March 2, 2021 Administrators Share Posted March 2, 2021 I would exclude the tool from detection since it appears to be part of another legitimate application that you use. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 2, 2021 Author Share Posted March 2, 2021 6 minutes ago, Marcos said: I would exclude the tool from detection since it appears to be part of another legitimate application that you use. Thanks for a advice but we realized it was hacktool I don't understand much. Would it be better if I exclude it from scanning? Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted March 3, 2021 Most Valued Members Share Posted March 3, 2021 17 hours ago, Duhan Orhan said: Thanks for a advice but we realized it was hacktool I don't understand much. Would it be better if I exclude it from scanning? It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 3, 2021 Author Share Posted March 3, 2021 5 minutes ago, peteyt said: It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it I am not using any broken files except Solidworks I don't know if Solidworks is crack because my brother downloaded it, is there any way to tell if it's cracked, and if it's not crack I don't have to worry, right? Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 3, 2021 Author Share Posted March 3, 2021 9 minutes ago, peteyt said: It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it Thanks now i understand I wish I knew if it was crack Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted March 3, 2021 Most Valued Members Share Posted March 3, 2021 44 minutes ago, Duhan Orhan said: Thanks now i understand I wish I knew if it was crack You'd be best asking your brother. If it's a paid for program that he bought it will be fine. If it's a paid for software that he downloaded for free torrent wise or something it will need something like a crack to work. Again you can exclude it. The problem is as cracks make a paid program work without paying for it they are illegal so are not made by the company so you can never truly know what they could be doing to that program. The program may seem to work fine but they could have hidden stuff In to. For this reason cracks tend to automatically get flagged and it's down to the user to decide if the risks are worth it Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 3, 2021 Share Posted March 3, 2021 3 hours ago, Duhan Orhan said: I don't know if Solidworks is crack because my brother downloaded it, is there any way to tell if it's cracked, and if it's not crack I don't have to worry, right? Since Eset is detecting a hack tool associated with license cracking, it can be assumed that this Solidworks Premium version is a cracked version. Additionally unless your family is wealthy, it can be assumed this version is a cracked one. I came across a web posting that noted in 2016, a SolidWorks Premium one year license in the U.S. costs $8,000 with a one year maintenance cost of $2,000 for that license. I will also note that in the U.S. software theft in this value range would be considered a felony punishable by a sizable fine and possible jail time. My understanding is SolidWorks does have arrangements with universities in the U.S. at least, where student version licenses can be purchased at considerable discount price. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 3, 2021 Author Share Posted March 3, 2021 35 minutes ago, itman said: Since Eset is detecting a hack tool associated with license cracking, it can be assumed that this Solidworks Premium version is a cracked version. Additionally unless your family is wealthy, it can be assumed this version is a cracked one. I came across a web posting that noted in 2016, a SolidWorks Premium one year license in the U.S. costs $8,000 with a one year maintenance cost of $2,000 for that license. I will also note that in the U.S. software theft in this value range would be considered a felony punishable by a sizable fine and possible jail time. My understanding is SolidWorks does have arrangements with universities in the U.S. at least, where student version licenses can be purchased at considerable discount price. Thank you all for sparing your precious time for me. I live in Turkey will probably no longer bother him crack one last question and then I'll leave SolidWorks is a lot of time on your computer in there. My brother is a mechanical engineer, it is not up to me to delete it. Is there a possibility that this will cause problems in the future, and when I run a comprehensive scan with Eset, it only detects this now. Can I be sure that I deleted the Trojan? Thank you so much again Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 3, 2021 Share Posted March 3, 2021 16 minutes ago, Duhan Orhan said: s there a possibility that this will cause problems in the future, and when I run a comprehensive scan with Eset, it only detects this now. Can I be sure that I deleted the Trojan? You keep asking the same question over and over again. The answer again and again is that Eset is detecting the crack software being used in SolidWorks download; i.e. .iso file as a PUA; i.e. potentially unwanted application. If you don't want Eset to detect as such, you will have to manually create a PUA exclusion for whatever Eset is detecting. As to if Eset sometime in the future might decide that this detection is no longer a PUA but actually malware, that obviously is unknown. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 3, 2021 Author Share Posted March 3, 2021 4 minutes ago, itman said: You keep asking the same question over and over again. The answer again and again is that Eset is detecting the crack software being used in SolidWorks download; i.e. .iso file as a PUA; i.e. potentially unwanted application. If you don't want Eset to detect as such, you will have to manually create a PUA exclusion for whatever Eset is detecting. As to if Eset sometime in the future might decide that this detection is no longer a PUA but actually malware, that obviously is unknown. Sorry, my main question is, even if the crack we downloaded is clean, is there a possibility that the Trojan will settle here when the computer gets infected Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 3, 2021 Share Posted March 3, 2021 1 minute ago, Duhan Orhan said: Sorry, my main question is, even if the crack we downloaded is clean, is there a possibility that the Trojan will settle here when the computer gets infected It's impossible to determine that. For example, the cracked download can contain a unknown backdoor. The backdoor can lie dormant for days, weeks, and months and then activated by an attacker. They have been backdoors that have been discovered that have laid dormant on devices for years. When Eset detects cracker software as a PUA it is warning you there is a chance that something else malicious may exist in the download although it presently has not detected anything. Also, refer to my posting here: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-to-read-this/ . The gist of the current situation in regards to cracked software is it is actively being deployed by malware developers as a stealth method to infect devices. Link to comment Share on other sites More sharing options...
Duhan Orhan 0 Posted March 3, 2021 Author Share Posted March 3, 2021 3 minutes ago, itman said: It's impossible to determine that. For example, the cracked download can contain a unknown backdoor. The backdoor can lie dormant for days, weeks, and months and then activated by an attacker. They have been backdoors that have been discovered that have laid dormant on devices for years. When Eset detects cracker software as a PUA it is warning you there is a chance that something else malicious may exist in the download although it presently has not detected anything. Also, refer to my posting here: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-to-read-this/ . The gist of the current situation in regards to cracked software is it is actively being deployed by malware developers as a stealth method to infect devices. Thanks, I better leave this decision to my brother Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 3, 2021 Share Posted March 3, 2021 Also read this: https://www.bleepingcomputer.com/news/security/pirated-software-is-all-fun-and-games-until-your-data-s-stolen/ Link to comment Share on other sites More sharing options...
itman 1,790 Posted March 3, 2021 Share Posted March 3, 2021 You also need to employ a bit of "deductive logic" in situations like this. You are using cracked high valued software normally used in commercial environments. Malware development these days is monetary based. Therefore, malware developers will target software sources used by commercial environments where the possibility of monetary gain is greatest. Bottom line - cracked commercially used software fulfills this objective. Link to comment Share on other sites More sharing options...
Recommended Posts