Jump to content

Continuous submission of suspicious files


Recommended Posts

  • ESET Insiders
21 hours ago, itman said:

I posted a year; not 6 years.

Also the source code for this keylogger was posted in clear text on a pen-tester web site since 2016.

Finally, Eset only starting detecting it after it finally flagged something suspicious in the code and uploaded it to LiveGrid servers for a full sandbox scan and full sig. creation.

Itman you misunderstood something, not you posted 6 years, but I have been using Muli for 6 years and of course Eset then already knows eMule, or do you see it differently, because your opinion interests me most, because you know what you are talking about. Probably because of the translation you misunderstood!

Link to comment
Share on other sites

15 minutes ago, SlashRose said:

Itman you misunderstood something, not you posted 6 years, but I have been using Muli for 6 years and of course Eset then already knows eMule

Yes, looks last time eMule was updated at SourceForge was 2016.

Can eMule generate internal dynamic code on-the-fly when running? Perhaps a change in sensitivity in one of Eset behavior detection mechanisms is now triggering on this activity resulting in the submissions.

Link to comment
Share on other sites

  • ESET Insiders
2 minutes ago, itman said:

Yes, looks last time eMule was updated at SourceForge was 2016.

Can eMule generate internal dynamic code on-the-fly when running? Perhaps a change in sensitivity in one of Eset behavior detection mechanisms is now triggering on this activity resulting in the submissions.

No, because this eMule was rewritten for me personally in 2016 and has some more functions than the normal official eMule.

Link to comment
Share on other sites

6 minutes ago, SlashRose said:

No, because this eMule was rewritten for me personally in 2016 and has some more functions than the normal official eMule.

Simple solution here is just exclude this eMule .exe from Eset file submission if the submissions bother you this much.

Link to comment
Share on other sites

  • Administrators

I would also add that emule was not being continually submitted as the title of the topic may suggest. It was submitted just once because of a suspicious network communication that has been detected just recently.

Link to comment
Share on other sites

47 minutes ago, Marcos said:

I would also add that emule was not being continually submitted as the title of the topic may suggest. It was submitted just once because of a suspicious network communication that has been detected just recently.

Which verifies what I originally posted here: https://forum.eset.com/topic/29068-continuous-submission-of-suspicious-files/?do=findComment&comment=136767

Link to comment
Share on other sites

  • ESET Insiders
Posted (edited)
20 hours ago, itman said:

Simple solution here is just exclude this eMule .exe from Eset file submission if the submissions bother you this much.

No, the eMule was only submitted once, everything is only submitted once, only if the same eMule has been running on the PC for 6 years, then Eset already knows it.

And if I then scan the files with Eset (also offline) and then also scan the submitted files online via https://www.virustotal.com/gui/, the submitted files are also classified as clean and that is again all files that are submitted that I have had on the PC for years, so Eset already knows them.

Itman doesn't bother me, I just wonder why, since like I said Eset already knows her.

 

@Marcos, what kind of suspicious network communication?

Edited by SlashRose
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...