ESET Insiders SlashRose 25 Posted July 16, 2021 Author ESET Insiders Posted July 16, 2021 21 hours ago, itman said: I posted a year; not 6 years. Also the source code for this keylogger was posted in clear text on a pen-tester web site since 2016. Finally, Eset only starting detecting it after it finally flagged something suspicious in the code and uploaded it to LiveGrid servers for a full sandbox scan and full sig. creation. Itman you misunderstood something, not you posted 6 years, but I have been using Muli for 6 years and of course Eset then already knows eMule, or do you see it differently, because your opinion interests me most, because you know what you are talking about. Probably because of the translation you misunderstood!
itman 1,924 Posted July 16, 2021 Posted July 16, 2021 15 minutes ago, SlashRose said: Itman you misunderstood something, not you posted 6 years, but I have been using Muli for 6 years and of course Eset then already knows eMule Yes, looks last time eMule was updated at SourceForge was 2016. Can eMule generate internal dynamic code on-the-fly when running? Perhaps a change in sensitivity in one of Eset behavior detection mechanisms is now triggering on this activity resulting in the submissions.
ESET Insiders SlashRose 25 Posted July 16, 2021 Author ESET Insiders Posted July 16, 2021 2 minutes ago, itman said: Yes, looks last time eMule was updated at SourceForge was 2016. Can eMule generate internal dynamic code on-the-fly when running? Perhaps a change in sensitivity in one of Eset behavior detection mechanisms is now triggering on this activity resulting in the submissions. No, because this eMule was rewritten for me personally in 2016 and has some more functions than the normal official eMule.
itman 1,924 Posted July 16, 2021 Posted July 16, 2021 6 minutes ago, SlashRose said: No, because this eMule was rewritten for me personally in 2016 and has some more functions than the normal official eMule. Simple solution here is just exclude this eMule .exe from Eset file submission if the submissions bother you this much.
Administrators Marcos 5,739 Posted July 16, 2021 Administrators Posted July 16, 2021 I would also add that emule was not being continually submitted as the title of the topic may suggest. It was submitted just once because of a suspicious network communication that has been detected just recently.
itman 1,924 Posted July 16, 2021 Posted July 16, 2021 47 minutes ago, Marcos said: I would also add that emule was not being continually submitted as the title of the topic may suggest. It was submitted just once because of a suspicious network communication that has been detected just recently. Which verifies what I originally posted here: https://forum.eset.com/topic/29068-continuous-submission-of-suspicious-files/?do=findComment&comment=136767
ESET Insiders SlashRose 25 Posted July 17, 2021 Author ESET Insiders Posted July 17, 2021 (edited) 20 hours ago, itman said: Simple solution here is just exclude this eMule .exe from Eset file submission if the submissions bother you this much. No, the eMule was only submitted once, everything is only submitted once, only if the same eMule has been running on the PC for 6 years, then Eset already knows it. And if I then scan the files with Eset (also offline) and then also scan the submitted files online via https://www.virustotal.com/gui/, the submitted files are also classified as clean and that is again all files that are submitted that I have had on the PC for years, so Eset already knows them. Itman doesn't bother me, I just wonder why, since like I said Eset already knows her. @Marcos, what kind of suspicious network communication? Edited July 17, 2021 by SlashRose
Recommended Posts