Jump to content

ESET will not catch a memory malwares or trojans !!!


Go to solution Solved by itman,

Recommended Posts

First i want to clarify that i am ESET user and not care about Kaspersky or promoting it. 

Last time i was hacked and my Facebook was compromised. After long time of scanning and using different malware, spyware i discover SW called KVRT, That KVRT solved my problem,  From that day i am periodically scanning my PC with KVRT while ESET is Active and Installed.

 

Head of conversation : ESET not detecting a virus in memory while Kaspersky will. ESET should take this in consideration

2023-01-19_123906.jpg

Link to comment
Share on other sites

  • Administrators

Without getting the files and analyzing them it's impossible to tell if they are subject to detection, if they are malware or PUA/PUsA or simply false positives by the said scanner. Please provide the files or files from quarantine for perusal. I'd recommend emailing them to samples[at]eset.com in an archive encrypted with the password "infected" and a link to this topic enclosed.

1, The uninstall executables marked as High risk - probably false alarms.
2, The apk file - an application for Android, doesn't run on Windows
3, KMSAuto - Windows activator, should be detected by ESET with PUsA detection enabled.
4, GenAutorun task - sounds like a Scheduler task that was detected. The name doesn't tell anything about the task, could be FP.

Link to comment
Share on other sites

1 hour ago, Marcos said:

Without getting the files and analyzing them it's impossible to tell if they are subject to detection, if they are malware or PUA/PUsA or simply false positives by the said scanner. Please provide the files or files from quarantine for perusal. I'd recommend emailing them to samples[at]eset.com in an archive encrypted with the password "infected" and a link to this topic enclosed.

1, The uninstall executables marked as High risk - probably false alarms.
2, The apk file - an application for Android, doesn't run on Windows
3, KMSAuto - Windows activator, should be detected by ESET with PUsA detection enabled.
4, GenAutorun task - sounds like a Scheduler task that was detected. The name doesn't tell anything about the task, could be FP.

The rest files are ok and tested online by ESET and others. Those are EXE Compressed and false positive.

Problem Remains at MultiGen AutoRun task Trojan at system memory, its second time thats happen and ESET didn't notify at all. Over all i am very satisfier by ESET. I have huge protection online, offline etc but this part concern me , 
How on the earth it get into memory and ESET wont catch it ? What should i provide so ESET Team can analyze this ?

Link to comment
Share on other sites

  • Solution

This might shed some light on the Trojan.Multi.Gen.Autorun.Task.c detection by KVRT tool;

Quote

When I try to create a manual task to open a specific webpage daily at a specific time in Windows 10 Task Scheduler. KTS pops up and tells me I am infected with Trojan.Multi.Gen.Autorun.Task.c

https://forum.kaspersky.com/topic/manual-task-detected-as-trojanmultigenautoruntaskc-11308/

As noted in the posting, even Kaspersky real-time AV version gives no indication that in this instance, the source of the detection is a user created scheduled task.

I would say that what KVRT is detecting here is a false positive.

You could always download SysInternals Autoruns utility. Then configure it to submit all generated existing autoruns entries to VirusTotal for any detections there. However if the detection is when a scheduled task is created, the related task entry would not show in Autoruns output.

Link to comment
Share on other sites

  • Administrators

Please provide the content of C:\KVRT2020_Data\Quarantine so that we can check what was detected.

Link to comment
Share on other sites

  • Most Valued Members

I'd also like to point out that KMSAuto is a crack tool.

This may have ended up on there accidently but please note if you do download cracked programs there is a high risk that these could could contain malware.

ITMan has posted a few stuff in the past in regards to this

 

 

 

Link to comment
Share on other sites

42 minutes ago, Marcos said:

Please provide the content of C:\KVRT2020_Data\Quarantine so that we can check what was detected.

Its empty, strange. What i did was Cure Trojan not quarantine, is this changing things ?

 

 

2023-01-20_213009.jpg

Link to comment
Share on other sites

36 minutes ago, peteyt said:

I'd also like to point out that KMSAuto is a crack tool.

This may have ended up on there accidently but please note if you do download cracked programs there is a high risk that these could could contain malware.

ITMan has posted a few stuff in the past in regards to this

 

 

 

Fair enough, but KMS is hacking tool, i am concerned about System memory Trojan, last time i get my Facebook Hacked and after i scan i found same thing with KVRT

Link to comment
Share on other sites

48 minutes ago, itman said:

This might shed some light on the Trojan.Multi.Gen.Autorun.Task.c detection by KVRT tool;

https://forum.kaspersky.com/topic/manual-task-detected-as-trojanmultigenautoruntaskc-11308/

As noted in the posting, even Kaspersky real-time AV version gives no indication that in this instance, the source of the detection is a user created scheduled task.

I would say that what KVRT is detecting here is a false positive.

You could always download SysInternals Autoruns utility. Then configure it to submit all generated existing autoruns entries to VirusTotal for any detections there. However if the detection is when a scheduled task is created, the related task entry would not show in Autoruns output.

This is most possible explanation, thanks 

Link to comment
Share on other sites

1 hour ago, formingus said:

Its empty, strange. What i did was Cure Trojan not quarantine, is this changing things ?

Cure in KVRT is the same as the clean option in Eset scanning. Two possibilities here. Either KVRT just terminated and removed what was running in memory, or it performed the aforementioned and also deleted what was the source of the memory detection. If it did the later, I assumed it would have quarantined whatever the source process was.

KMSAuto creates a scheduled task as noted here: https://pc-mike.weebly.com/uploads/1/1/3/6/113632303/kmsauto_net_instructions.txt . If this task was removed by KVRT, don't be surprised if whatever software you're cracking won't auto activate again.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...