formingus 2 Posted January 20, 2023 Posted January 20, 2023 First i want to clarify that i am ESET user and not care about Kaspersky or promoting it. Last time i was hacked and my Facebook was compromised. After long time of scanning and using different malware, spyware i discover SW called KVRT, That KVRT solved my problem, From that day i am periodically scanning my PC with KVRT while ESET is Active and Installed. Head of conversation : ESET not detecting a virus in memory while Kaspersky will. ESET should take this in consideration
Administrators Marcos 5,462 Posted January 20, 2023 Administrators Posted January 20, 2023 Without getting the files and analyzing them it's impossible to tell if they are subject to detection, if they are malware or PUA/PUsA or simply false positives by the said scanner. Please provide the files or files from quarantine for perusal. I'd recommend emailing them to samples[at]eset.com in an archive encrypted with the password "infected" and a link to this topic enclosed. 1, The uninstall executables marked as High risk - probably false alarms. 2, The apk file - an application for Android, doesn't run on Windows 3, KMSAuto - Windows activator, should be detected by ESET with PUsA detection enabled. 4, GenAutorun task - sounds like a Scheduler task that was detected. The name doesn't tell anything about the task, could be FP. notimportant 1
formingus 2 Posted January 20, 2023 Author Posted January 20, 2023 1 hour ago, Marcos said: Without getting the files and analyzing them it's impossible to tell if they are subject to detection, if they are malware or PUA/PUsA or simply false positives by the said scanner. Please provide the files or files from quarantine for perusal. I'd recommend emailing them to samples[at]eset.com in an archive encrypted with the password "infected" and a link to this topic enclosed. 1, The uninstall executables marked as High risk - probably false alarms. 2, The apk file - an application for Android, doesn't run on Windows 3, KMSAuto - Windows activator, should be detected by ESET with PUsA detection enabled. 4, GenAutorun task - sounds like a Scheduler task that was detected. The name doesn't tell anything about the task, could be FP. The rest files are ok and tested online by ESET and others. Those are EXE Compressed and false positive. Problem Remains at MultiGen AutoRun task Trojan at system memory, its second time thats happen and ESET didn't notify at all. Over all i am very satisfier by ESET. I have huge protection online, offline etc but this part concern me , How on the earth it get into memory and ESET wont catch it ? What should i provide so ESET Team can analyze this ?
Solution itman 1,806 Posted January 20, 2023 Solution Posted January 20, 2023 This might shed some light on the Trojan.Multi.Gen.Autorun.Task.c detection by KVRT tool; Quote When I try to create a manual task to open a specific webpage daily at a specific time in Windows 10 Task Scheduler. KTS pops up and tells me I am infected with Trojan.Multi.Gen.Autorun.Task.c https://forum.kaspersky.com/topic/manual-task-detected-as-trojanmultigenautoruntaskc-11308/ As noted in the posting, even Kaspersky real-time AV version gives no indication that in this instance, the source of the detection is a user created scheduled task. I would say that what KVRT is detecting here is a false positive. You could always download SysInternals Autoruns utility. Then configure it to submit all generated existing autoruns entries to VirusTotal for any detections there. However if the detection is when a scheduled task is created, the related task entry would not show in Autoruns output.
Administrators Marcos 5,462 Posted January 20, 2023 Administrators Posted January 20, 2023 Please provide the content of C:\KVRT2020_Data\Quarantine so that we can check what was detected.
Most Valued Members peteyt 396 Posted January 20, 2023 Most Valued Members Posted January 20, 2023 I'd also like to point out that KMSAuto is a crack tool. This may have ended up on there accidently but please note if you do download cracked programs there is a high risk that these could could contain malware. ITMan has posted a few stuff in the past in regards to this
formingus 2 Posted January 20, 2023 Author Posted January 20, 2023 42 minutes ago, Marcos said: Please provide the content of C:\KVRT2020_Data\Quarantine so that we can check what was detected. Its empty, strange. What i did was Cure Trojan not quarantine, is this changing things ?
formingus 2 Posted January 20, 2023 Author Posted January 20, 2023 36 minutes ago, peteyt said: I'd also like to point out that KMSAuto is a crack tool. This may have ended up on there accidently but please note if you do download cracked programs there is a high risk that these could could contain malware. ITMan has posted a few stuff in the past in regards to this Fair enough, but KMS is hacking tool, i am concerned about System memory Trojan, last time i get my Facebook Hacked and after i scan i found same thing with KVRT
formingus 2 Posted January 20, 2023 Author Posted January 20, 2023 48 minutes ago, itman said: This might shed some light on the Trojan.Multi.Gen.Autorun.Task.c detection by KVRT tool; https://forum.kaspersky.com/topic/manual-task-detected-as-trojanmultigenautoruntaskc-11308/ As noted in the posting, even Kaspersky real-time AV version gives no indication that in this instance, the source of the detection is a user created scheduled task. I would say that what KVRT is detecting here is a false positive. You could always download SysInternals Autoruns utility. Then configure it to submit all generated existing autoruns entries to VirusTotal for any detections there. However if the detection is when a scheduled task is created, the related task entry would not show in Autoruns output. This is most possible explanation, thanks
itman 1,806 Posted January 20, 2023 Posted January 20, 2023 (edited) 1 hour ago, formingus said: Its empty, strange. What i did was Cure Trojan not quarantine, is this changing things ? Cure in KVRT is the same as the clean option in Eset scanning. Two possibilities here. Either KVRT just terminated and removed what was running in memory, or it performed the aforementioned and also deleted what was the source of the memory detection. If it did the later, I assumed it would have quarantined whatever the source process was. KMSAuto creates a scheduled task as noted here: https://pc-mike.weebly.com/uploads/1/1/3/6/113632303/kmsauto_net_instructions.txt . If this task was removed by KVRT, don't be surprised if whatever software you're cracking won't auto activate again. Edited January 20, 2023 by itman
Recommended Posts