Jump to content

Does Eset protects against ViperSoftX?


Recommended Posts

Good question since the TrendMicro article states that the malware checks for;

Quote

Lastly, ViperSoftX checks for a few installed and active antivirus products, namely:

  • Windows Defender
  • ESET

If all checks pass, the malware proceeds to decrypt the PowerShell code and starts downloading the main ViperSoftX routine. From there, the routine is its standard multistage download and execution routine.

https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html

This implies it can bypass either. -EDIT- Also, the above statement is ambiguous. It could also mean that the malware won't run if either Eset or MD is installed.

I checked a few IOCs here: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/vipersoftx-updates-encryption-steals-data/IOCs_ViperSoftX-updates-encryption-steals-data.txt including the PowerShell script and Eset didn't detect any of them at VirusTotal.

Edited by itman
Link to comment
Share on other sites

Would have helped if I read the entire bleepingcomputer.com article first.

The malware won't execute if Eset is installed;

Quote

Upon arrival, the malware also checks for specific virtualization and monitoring tools like VMWare or Process Monitor and antivirus products like Windows Defender and ESET before it proceeds with the infection routine.

Link to comment
Share on other sites

@itman Thank you for the link to Trentmicro. I read the article and it seems it comes in a crack/patch/keygen. I don't use these sort of things. So that's quite reassuring.

 

I find it interesting that the malware don't proceed if only Eset or Defender is installed. Now it looks that no other AV package can detect/stop this malware. Not a long time ago i was using KeepassXC, but that did not feel good. So i switch to Bitwarden.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...