Jump to content

Win32/Elevate.A How can i remove him


Go to solution Solved by itman,

Recommended Posts

Eset had detected and deleted win32 / elevate.exe with real-time protection, and when I performed a comprehensive scan yesterday, eset detected the same extension, there was only the delete option at the end of the scan.When I clicked delete, the computer froze and when I scanned again, I pressed delete again, and this time, although the scan was finished, it was an hour I waited, nothing happened, in short, eset cannot delete it win32 / elevate.exe it is a trojan virus? If I activate automatic deletion while browsing with eset, will it?

  Most important Even though Eset erased this perception, how did the same perception come about again ?

 

IMG20210302003257.jpg

IMG20210302003228.jpg

Link to post
Share on other sites
Just now, Duhan Orhan said:

Eset had detected and deleted win32 / elevate.exe with real-time protection, and when I performed a comprehensive scan yesterday, eset detected the same extension, there was only the delete option at the end of the scan.When I clicked delete, the computer froze and when I scanned again, I pressed delete again, and this time, although the scan was finished, it was an hour I waited, nothing happened, in short, eset cannot delete it win32 / elevate.exe it is a trojan virus? If I activate automatic deletion while browsing with eset, will it?

  Most important Even though Eset erased this perception, how did the same perception come about again ?

 

IMG20210302003257.jpg

IMG20210302003228.jpg

The computer was infected with a trojan a month ago. I thought I deleted it if there is a possibility of it being a trojan.

Link to post
Share on other sites

Based on your posted screenshots, Eset's off-line scan is detecting the Trojan in a .iso file. Unless the .iso file is actually mounted as a virtual drive, there is no way the Trojan can execute. If that .iso is mounted, you need to remove it. As far as eliminating future Eset detections of the same, manually delete the .iso file.

Also if this SolidWorks software you're using is a cracked version, uninstall it and manually delete any leftover remnants of it.

Link to post
Share on other sites
  • Administrators

Win32/Elevate is a potentially unsafe application, not malware. Ie. a legit tool that can be bundled with other applications.

In your case it was detected in an iso image which is probably a quite big file. If ESET cleans the whole iso, it encrypts it and moves it to the quarantine folder which may take long if the file is more than 1 GB in size. I would recommend excluding Win32/Elevate from detection.

Link to post
Share on other sites

I couldn't find Eset's definition of Win32/Elevate.A. But here's Microsoft's definition of it:

Quote

HackTool:Win32/Elevate.A

Hacktools can be used to patch or "crack" some software so it will run without a valid license or genuine product key.

Beware of running hacktools because they can be associated with malware or unwanted software.

We often see malware on PCs where hacktools are detected. You can read more about hacktools in Volume 13 of the Security Intelligence Report.

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool%3aWin32%2fElevate.A

 

Edited by itman
Link to post
Share on other sites
3 minutes ago, Marcos said:

Win32/Elevate is a potentially unsafe application, not malware. Ie. a legit tool that can be bundled with other applications.

In your case it was detected in an iso image which is probably a quite big file. If ESET cleans the whole iso, it encrypts it and moves it to the quarantine folder which may take long if the file is more than 1 GB in size. I would recommend excluding Win32/Elevate from detection.

Thank you so much

The free version of Eset will expire after 4 days, you said it was a trojan, if I do nothing, will it cause problems in the future?

Link to post
Share on other sites
  • Administrators
6 minutes ago, Duhan Orhan said:

The free version of Eset will expire after 4 days, you said it was a trojan, if I do nothing, will it cause problems in the future?

I didn't say that, I wrote that Win32/Elevate is a potentially unsafe application, not a trojan or another malware.

Link to post
Share on other sites
2 minutes ago, Marcos said:

I didn't say that, I wrote that Win32/Elevate is a potentially unsafe application, not a trojan or another malware.

İtman says :

Based on your posted screenshots, Eset's off-line scan is detecting the Trojan in a .iso file. Unless the .iso file is actually mounted as a virtual drive, there is no way the Trojan can execute.

Mentioned that there might be trojans in it

Link to post
Share on other sites
  • Solution
Posted (edited)
19 minutes ago, Duhan Orhan said:

Mentioned that there might be trojans in it

To be technically correct, hack tools like this are undesirable and potentially dangerous software. Again, read the Microsoft definition excerpt I posted.

Eset's stance on hack tools is they classify them as potentially unwanted software. In other words, it is the user's decision as to what to do about the software:

1. Ignore Eset's detection.

2. Exclude the software from being detected by Eset.

3. Manually remove the software if Eset is unable to do so.

Edited by itman
Link to post
Share on other sites
5 minutes ago, itman said:

To be technically correct, hack tools like this are undesirable and potentially dangerous software. Again, read the Microsoft definition excerpt I posted.

Eset's stance on hack tools is they classify them as potentially unwanted software. In other words, it is the user's decision as to what to do about the software:

1. Ignore Eset's detection.

2. Exclude the software from being detected by Eset.

3. Manually remove the software if Eset is unable to do so.

Eset deleted 2 hacktools a week ago, but they also deleted it, but this one is back and this time not deleted. I will do a full scan with Eset once again, if not, I will manually delete it, my only fear is that the solid is malfunctioning and my files in the solit cannot work.

thank you all 

 

Link to post
Share on other sites
  • Administrators

I would exclude the tool from detection since it appears to be part of another legitimate application that you use.

Link to post
Share on other sites
6 minutes ago, Marcos said:

I would exclude the tool from detection since it appears to be part of another legitimate application that you use.

Thanks for a advice but we realized it was hacktool I don't understand much. Would it be better if I exclude it from scanning?

Link to post
Share on other sites
  • Most Valued Members
17 hours ago, Duhan Orhan said:

Thanks for a advice but we realized it was hacktool I don't understand much. Would it be better if I exclude it from scanning?

It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it

Link to post
Share on other sites
5 minutes ago, peteyt said:

It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it

I am not using any broken files except Solidworks

I don't know if Solidworks is crack because my brother downloaded it, is there any way to tell if it's cracked, and if it's not crack I don't have to worry, right?

Link to post
Share on other sites
9 minutes ago, peteyt said:

It depends on the risks. As it itman has mentioned if you have any cracked software there is always a risk that the cracks could actually contain some malware hidden. If you want to continue using it and take the risk you can exclude it. If you don't want to take the risk you can remove it

Thanks  now i understand 

I wish I knew if it was crack

Link to post
Share on other sites
  • Most Valued Members
44 minutes ago, Duhan Orhan said:

Thanks  now i understand 

I wish I knew if it was crack

You'd be best asking your brother. If it's a paid for program that he bought it will be fine. If it's a paid for software that he downloaded for free torrent wise or something it will need something like a crack to work. Again you can exclude it. The problem is as cracks make a paid program work without paying for it they are illegal so are not made by the company so you can never truly know what they could be doing to that program. The program may seem to work fine but they could have hidden stuff In to. For this reason cracks tend to automatically get flagged and it's down to the user to decide if the risks are worth it

Link to post
Share on other sites
3 hours ago, Duhan Orhan said:

I don't know if Solidworks is crack because my brother downloaded it, is there any way to tell if it's cracked, and if it's not crack I don't have to worry, right?

Since Eset is detecting a hack tool associated with license cracking, it can be assumed that this Solidworks Premium version is a cracked version.

Additionally unless your family is wealthy, it can be assumed this version is a cracked one. I came across a web posting that noted in 2016, a SolidWorks Premium one year license in the U.S. costs $8,000 with a one year maintenance cost of $2,000 for that license. I will also note that in the U.S. software theft in this value range would be considered a felony punishable by a sizable fine and possible jail time.

My understanding is SolidWorks does have arrangements with universities in the U.S. at least, where student version licenses can be purchased at considerable discount price.

Link to post
Share on other sites
35 minutes ago, itman said:

Since Eset is detecting a hack tool associated with license cracking, it can be assumed that this Solidworks Premium version is a cracked version.

Additionally unless your family is wealthy, it can be assumed this version is a cracked one. I came across a web posting that noted in 2016, a SolidWorks Premium one year license in the U.S. costs $8,000 with a one year maintenance cost of $2,000 for that license. I will also note that in the U.S. software theft in this value range would be considered a felony punishable by a sizable fine and possible jail time.

My understanding is SolidWorks does have arrangements with universities in the U.S. at least, where student version licenses can be purchased at considerable discount price.

Thank you all for sparing your precious time for me.

 

I live in Turkey will probably no longer bother him crack one last question and then I'll leave SolidWorks is a lot of time on your computer in there. My brother is a mechanical engineer, it is not up to me to delete it. Is there a possibility that this will cause problems in the future, and when I run a comprehensive scan with Eset, it only detects this now. Can I be sure that I deleted the Trojan?

Thank you so much again

 

Link to post
Share on other sites
16 minutes ago, Duhan Orhan said:

s there a possibility that this will cause problems in the future, and when I run a comprehensive scan with Eset, it only detects this now. Can I be sure that I deleted the Trojan?

You keep asking the same question over and over again.

The answer again and again is that Eset is detecting the crack software being used in SolidWorks download; i.e. .iso file as a PUA; i.e. potentially unwanted application. If you don't want Eset to detect as such, you will have to manually create a PUA exclusion for whatever Eset is detecting.

As to if Eset sometime in the future might decide that this detection is no longer a PUA but actually malware, that obviously is unknown.

Link to post
Share on other sites
4 minutes ago, itman said:

You keep asking the same question over and over again.

The answer again and again is that Eset is detecting the crack software being used in SolidWorks download; i.e. .iso file as a PUA; i.e. potentially unwanted application. If you don't want Eset to detect as such, you will have to manually create a PUA exclusion for whatever Eset is detecting.

As to if Eset sometime in the future might decide that this detection is no longer a PUA but actually malware, that obviously is unknown.

Sorry, my main question is, even if the crack we downloaded is clean, is there a possibility that the Trojan will settle here when the computer gets infected

Link to post
Share on other sites
1 minute ago, Duhan Orhan said:

Sorry, my main question is, even if the crack we downloaded is clean, is there a possibility that the Trojan will settle here when the computer gets infected

It's impossible to determine that.

For example, the cracked download can contain a unknown backdoor. The backdoor can lie dormant for days, weeks, and months and then activated by an attacker. They have been backdoors that have been discovered that have laid dormant on devices for years.

When Eset detects cracker software as a PUA it is warning you there is a chance that something else malicious may exist in the download although it presently has not detected anything. Also, refer to my posting here: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-to-read-this/ . The gist of the current situation in regards to cracked software is it is actively being deployed by malware developers as a stealth method to infect devices.

Link to post
Share on other sites
3 minutes ago, itman said:

It's impossible to determine that.

For example, the cracked download can contain a unknown backdoor. The backdoor can lie dormant for days, weeks, and months and then activated by an attacker. They have been backdoors that have been discovered that have laid dormant on devices for years.

When Eset detects cracker software as a PUA it is warning you there is a chance that something else malicious may exist in the download although it presently has not detected anything. Also, refer to my posting here: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-to-read-this/ . The gist of the current situation in regards to cracked software is it is actively being deployed by malware developers as a stealth method to infect devices.

Thanks, I better leave this decision to my brother

Link to post
Share on other sites

You also need to employ a bit of "deductive logic" in situations like this.

You are using cracked high valued software normally used in commercial environments. Malware development these days is  monetary based. Therefore, malware developers will target software sources used by commercial environments where the possibility of monetary gain is greatest. Bottom line - cracked commercially used software fulfills this objective.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...