Jump to content

Recommended Posts

  • ESET Insiders
Posted
21 hours ago, itman said:

I posted a year; not 6 years.

Also the source code for this keylogger was posted in clear text on a pen-tester web site since 2016.

Finally, Eset only starting detecting it after it finally flagged something suspicious in the code and uploaded it to LiveGrid servers for a full sandbox scan and full sig. creation.

Itman you misunderstood something, not you posted 6 years, but I have been using Muli for 6 years and of course Eset then already knows eMule, or do you see it differently, because your opinion interests me most, because you know what you are talking about. Probably because of the translation you misunderstood!

Posted
15 minutes ago, SlashRose said:

Itman you misunderstood something, not you posted 6 years, but I have been using Muli for 6 years and of course Eset then already knows eMule

Yes, looks last time eMule was updated at SourceForge was 2016.

Can eMule generate internal dynamic code on-the-fly when running? Perhaps a change in sensitivity in one of Eset behavior detection mechanisms is now triggering on this activity resulting in the submissions.

  • ESET Insiders
Posted
2 minutes ago, itman said:

Yes, looks last time eMule was updated at SourceForge was 2016.

Can eMule generate internal dynamic code on-the-fly when running? Perhaps a change in sensitivity in one of Eset behavior detection mechanisms is now triggering on this activity resulting in the submissions.

No, because this eMule was rewritten for me personally in 2016 and has some more functions than the normal official eMule.

Posted
6 minutes ago, SlashRose said:

No, because this eMule was rewritten for me personally in 2016 and has some more functions than the normal official eMule.

Simple solution here is just exclude this eMule .exe from Eset file submission if the submissions bother you this much.

  • Administrators
Posted

I would also add that emule was not being continually submitted as the title of the topic may suggest. It was submitted just once because of a suspicious network communication that has been detected just recently.

Posted
47 minutes ago, Marcos said:

I would also add that emule was not being continually submitted as the title of the topic may suggest. It was submitted just once because of a suspicious network communication that has been detected just recently.

Which verifies what I originally posted here: https://forum.eset.com/topic/29068-continuous-submission-of-suspicious-files/?do=findComment&comment=136767

  • ESET Insiders
Posted (edited)
20 hours ago, itman said:

Simple solution here is just exclude this eMule .exe from Eset file submission if the submissions bother you this much.

No, the eMule was only submitted once, everything is only submitted once, only if the same eMule has been running on the PC for 6 years, then Eset already knows it.

And if I then scan the files with Eset (also offline) and then also scan the submitted files online via https://www.virustotal.com/gui/, the submitted files are also classified as clean and that is again all files that are submitted that I have had on the PC for years, so Eset already knows them.

Itman doesn't bother me, I just wonder why, since like I said Eset already knows her.

 

@Marcos, what kind of suspicious network communication?

Edited by SlashRose
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...