el el amiril 0 Posted January 30 Share Posted January 30 hello eset community and respective administrator i am having trouble analyzing my dashost.exe file it was not tag by any antivirus as malware but when i run it on hybrid analysis.com it was tagged as rootkit and suspicious also it does not have any digital signature in it is this fine or is my pc got infiltrated i am sending a sample to eset of the file hoping i will get a response. here is the file @ https://file.io/9aS5vWwaQwPo Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 here is the report Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted January 30 Administrators Share Posted January 30 The file is no longer available. Please do not post link to potentially malicious files which could harm users if downloaded and run. Instead submit suspicious files to samples[at]eset.com in an archive protected with the password "infected". Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 im sorry i will abide rules next time can you please check my dashost.exe file as seen in the screenshot? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted January 30 Administrators Share Posted January 30 If you submit the sample to ESET, we can check it out. A screenshot is not enough and manually transcribing the SHA256 would be tedious. Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 9 minutes ago, Marcos said: If you submit the sample to ESET, we can check it out. A screenshot is not enough and manually transcribing the SHA256 would be tedious. i wonder why my pc dashost is not digitaly signed? Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 is it ok?😔 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted January 30 Administrators Share Posted January 30 Microsoft's file C:\Windows\System32\dasHost.exe is not digitally signed. Did you check its reputation? Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 yes sir Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 now my regidit is detected as malware by filescan.io Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted January 30 Administrators Share Posted January 30 Please either submit those files to samples[at]eset.com or provide hashes of the files or links to the above pages. Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 can filescan.io be trusted? Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 its very wierd i think my pc got infected with malware that is not seen by all anti virus i am sending samples Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 running sfc in normal boot did not find any integrity violation but when on startup repair it found violation that it cant fix ? Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 i think it has software virtual machine packing to protect its code can eset even managed to scan this type of concealment? Quote Link to comment Share on other sites More sharing options...
itman 1,510 Posted January 30 Share Posted January 30 To get to the bottom of this, I submitted dashost.exe from my Win 10 x(64) build to Hybrid-Analysis. I received the same suspicious detection as shown in the previous posted screen shot. In other words, it is a false positive detection. As far as the regedit.exe detection by filescan.io, I have no idea what file you actually submitted, or if the file was actually submitted to the legit filescan.io web site. Unwarranted software paranoia I believe is being manifested here. Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 357 Posted January 30 Most Valued Members Share Posted January 30 I'm curious why you are scanning these on multiple sites in the first place. The problem is anything has the potential to flag as suspicious, but the fact no AVs are detecting them looks like these suspicious flags are false positives Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 30 Author Share Posted January 30 @itman i run and want to test my windows files after a html trojan is detected by my eset and after checking that my pc windows files has no digital signature by the way i am running a crack game/program that i set my eset hips to block modification. Quote Link to comment Share on other sites More sharing options...
el el amiril 0 Posted January 31 Author Share Posted January 31 i think its false positive Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.