el el amiril 0 Posted February 20, 2023 Share Posted February 20, 2023 hello respective admin and community is there an option in eset scan settings to scan the whole code of an app i am worried since the news that there are fake obs notepad++ and vlc circulating in google result i've seen a youtube video the pc security channel in which they got the fake installer but all AV programs failed to detect it on virustotal result he explains it that those fake ones has 0000's in there code in the beginning and the middle thats why many AV fail to detect it once he removes all the zero using hex editor and save it the fake app size was reduced and he uploads it to virustotal and many AV now detects it for this particular reason is there a settings in eset to scan all code even if its zero or does the in depth scan had this function?? advanced thank you.. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted February 20, 2023 Administrators Share Posted February 20, 2023 Please provide an actual sample so that we can check if it's malicious or not. If you have one, submit it to samples[at]eset.com an archive encrypted with the password "infected" and a link to this topic. Merely zeroes do not make any file malicious. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 i've got one im pretty sure its fake can i send it privately? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 i dont see any option here Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 sending now Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 dear admin can eset still scan for zero's? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 done please kindly update me i need this app. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted February 20, 2023 Administrators Share Posted February 20, 2023 I can't access it. Please upload it to https://www.virustotal.com and post the link here. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 33 minutes ago, Marcos said: I can't access it. Please upload it to https://www.virustotal.com and post the link here. i have included the password as esettest sorry for the wrong input. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 31 minutes ago, Marcos said: I can't access it. Please upload it to https://www.virusttotal.com and post the link here. the file has been sended to sample@eset.com Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 there were two vlc wbesite one is blue and the other is yellow Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted February 20, 2023 Administrators Share Posted February 20, 2023 Nothing has changed: You need access Request access, or switch to an account with access. Please upload the file to VT and post a link here as instructed. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 its very hard to notice this webiste are this even real they have the same website name Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 i will try to send without zip and password Link to comment Share on other sites More sharing options...
itman 1,755 Posted February 20, 2023 Share Posted February 20, 2023 (edited) Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s . Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size. The insertion of binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique. The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection shelf life" by AV's with most detecting it fairly quickly. Edited February 20, 2023 by itman peteyt 1 Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 3 minutes ago, Marcos said: Nothing has changed: You need access Request access, or switch to an account with access. Please upload the file to VT and post a link here as instructed. wait im adjusting my gmail settings 1 minute ago, el el amiril said: i will try to send without zip and password Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 2 minutes ago, itman said: Here's a link to the PC Security Channel video: https://www.youtube.com/watch?v=e6o2afben0s . Leo does note that many of these fake installers are huge; the one he analyzed was 300 MB+. As such, it won't be scanned by many of the web based malware detection sites since they have restrictions on file upload size. The insertion on binary zeros in various portions of the executable is a clever trick. Assumed here is the malware creator went to some lengths to test what AVs he could bypass their scanning using this technique. The most important thing to note in the video is Leo's statement that this type of malware does have a short "un-detection shelf life" by AV's with most detecting it fairly quickly/ i wonder if eset can still scan this or is the in depth scan can?? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 7 minutes ago, Marcos said: Nothing has changed: You need access Request access, or switch to an account with access. Please upload the file to VT and post a link here as instructed. i am sending a link to the file on sample@eset.com Link to comment Share on other sites More sharing options...
itman 1,755 Posted February 20, 2023 Share Posted February 20, 2023 (edited) 6 minutes ago, el el amiril said: i wonder if eset can still scan this or is the in depth scan can?? A good test here is if you are using Smart Security Premium is if; 1 The large download is submitted to the Eset cloud. It should be. 2. If Eset's cloud scanner detects the malware. Edited February 20, 2023 by itman Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 Sir @Marcos i have updated my drive it should be visbile now. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 4 minutes ago, itman said: A good test here is if you are using Smart Security Premium is is if; 1 The large download is submitted to the Eset cloud. It should be. 2. If Eset's cloud scanner detects the malware. Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security Link to comment Share on other sites More sharing options...
itman 1,755 Posted February 20, 2023 Share Posted February 20, 2023 4 minutes ago, el el amiril said: Oww😨 i am using genuine internet security version there was no payment option to buy the Smart Security Premium eset shop on shopee does not sell it only the basic eset and internet security PM me a link where I can download your malware sample. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 3 minutes ago, itman said: PM me a link where I can download your malware sample. can't you cannot recieved message i wonder why?? Link to comment Share on other sites More sharing options...
itman 1,755 Posted February 20, 2023 Share Posted February 20, 2023 1 minute ago, el el amiril said: can't you cannot recieved message i wonder why?? There should be no issue sending me a PM. Others do it w/o issue. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted February 20, 2023 Author Share Posted February 20, 2023 5 minutes ago, itman said: There should be no issue sending me a PM. Others do it w/o issue. cannot? Link to comment Share on other sites More sharing options...
Recommended Posts