Strange file in operating memory of the computer

[AlSky 4]

3 hours ago, Marcos said:

Since the SysInspector log didn't yield any suspicious files, I don't find any reason to be concerned about the safety of the machine. As for the error scanning the boot sector of the removable medium (e:), this would need further investigation if the scan was actually run with administrator rights, e.g. if the error occurs when the device/medium is connected to another machine with Windows 11 and scanned, or if it occurs if another similar medium is connected, if it also occurs on other systems, etc.

Hello and thank you for the answer. I think there's a confusion. I have not sent a SysInspector log, either to you or to ESET Spain technical support because they have not asked or wanted anything. I sent you the logs of Process Monitor (bootlog and logfile) and ESET Log Collector. If you need a SysInspector log, tell me.

Personally I have logged SysInspector and a multitude of "unknown" (almost a thousand) processes appear. I don't know if it's normal or not. I remember that in Windows 7 and 8 there were few "unknown" processes. And that this computer is new and I have installed very few programs (ESET, Microsoft Office, two browsers, Telegram Desktop, qBittorrent, VLC player, Adobe Acrobat for PDF and GonVisor for CBR files), most of programs were pre-installed when I bought it.

In relation to external hard disks. I can only test it with this computer, with Windows 11. I have no other, I gave it away the previous one because it was old and useless. I have tried to do the analysis as an administrator and normally. The result is the same.

ESET Spain technical support told me like that .dll: we don't know if it is malware or not. Solution? Formatting and so solves the problem, be it a disk problem or malware problem. What happens if you format external hard disks? That you lose all the information.

If the cause was malware, there is only one way that external hard drives could have been infected: through the computer. Format hard disks using an infected computer, the same infected computer that infected previously the same external hard disks... Well, it's not the best idea.

To check if this same boot sector problem happens on another computer, I would need to ask someone else for help. None that I know uses Windows 11, I don't know what validity the test would have with another operating system. I would have to install the ESET product on the computer of other person (troubles, desinstalal his own antivirus, install new one) and I would have to inform the owner of the computer that from the technical support of ESET Spain I have been told that they cannot guarantee the absence of malware. I think we all imagined the answer. It's the same as I would give: no, because one thing is to do a test to see if it works and another to put my devices in risk.

[AlSky 4]

14 hours ago, itman said:

That decision is up to you my friend.

It's a semi-rhetorical question. I find myself in the unpleasant situation where ESET technical service does not know what the origin of the .dll is, cannot rule out the existence of malware but delegate to the user, that you don have to have computer skills, that you decide what to do, how to deal with the problem and if I have doubts seek help from a specialist malware technician to analyze my computer, a response from ESET Spain's technical service which is not admissible in any form. Especially since ESET Spain never asked me for any log or wanted to investigate the matter.

Let's remember that it's not just the existence of that mysterious .dll that we don't know what its origin is, it's the disappearance of the restore points after the first appearance of that .dll, the Files Explorer that opens automatically every night at 22.13. Now the boot sector of external hard disks, last analyzed in May (before changing computer) being correct. If it were just the .dll and nothing more, I wouldn't worry especially. But it's more and for ESET Spain this is up to me.

If you go to Windows answers (or any other computer forum) with a problem like this the first thing they tell you is: make sure your computer is free of malware. Should I explain in a public forum that ESET Spain's technical service has told me that it cannot guarantee the absence of malware but I must seek help from a specialist malware technician to analyze my computer? It would be a "nice" ad for ESET.

[Marcos 5,085]

3 hours ago, AlSky said:

I find myself in the unpleasant situation where ESET technical service does not know what the origin of the .dll is,

Unfortunately it's still not clear to me what dll you are referring to. If that mem*.dll, then it's not a dll file but an internal virtual stream and you should ignore the error. In a couple of day we'll release a module update that will stop reporting it.

Quote

cannot rule out the existence of malware

It's impossible to guarantee a machine to be 100% malware free. Normally if a malware is found, it's enough to clean it. In order to analyze what happened, on mission critical systems a forensic analysis has to be performed. It takes dozens of manhours at least and cost thousands of $. Also on mission critical systems it's recommended to restore the system from a 100% clean backup than just simply clean the malware since nobody would know what the malware could have done.

What we do for free is a basic analysis of logs that you have collected with ESET Log Collector and provided for perusal. They also contained a SysInspector log with information about files, operating system, autostart locations, system logs, etc. These logs were analyzed and no symptoms of malware were found.

[AlSky 4]

6 hours ago, Marcos said:

Unfortunately it's still not clear to me what dll you are referring to. If that mem*.dll, then it's not a dll file but an internal virtual stream and you should ignore the error. In a couple of day we'll release a module update that will stop reporting it.

It's impossible to guarantee a machine to be 100% malware free. Normally if a malware is found, it's enough to clean it. In order to analyze what happened, on mission critical systems a forensic analysis has to be performed. It takes dozens of manhours at least and cost thousands of $. Also on mission critical systems it's recommended to restore the system from a 100% clean backup than just simply clean the malware since nobody would know what the malware could have done.

What we do for free is a basic analysis of logs that you have collected with ESET Log Collector and provided for perusal. They also contained a SysInspector log with information about files, operating system, autostart locations, system logs, etc. These logs were analyzed and no symptoms of malware were found.

Hello, Marcos. Thank you for answering.

Launching a new module that simply hides this kind of "files" or internal virtual stream is not a bit like fooling oneself by hiding a result you don't know how to interpret? I say it with all due respect, because we don't know the origin. You asked me for the ESET log collector to know what programs I have installed and if it was possible to replicate the result to find out what caused it. If ESET can tell "the cause is this, it's not serious" then I will not complaine.

I don't know what a virtual internal stream is, English is not my mother tongue, but in any case that wasn't there before, nobody knows what the cause is that since mid-June began to appear that.dll. And since it is not only the .dll, but coinciding with its appearance strange things are happening in the operation of the computer (spontaneous opening of the Files Explorer every night at 22.13, disappearance of the previous restore points) is what motivated and motivates my concern. If it were just the appearance of that .dll on the on-demand scan I wouldn't worry much. The appearance along with these other failures, I think it is normal that it is cause for concern, especially if no one knows how to explain the cause.

I understand that sometimes it is impossible to remove malware and you have to restore the system from a 100% clean backup. But ESET Spain has shown no interest in helping me know if that .dll and other operating problems that have appeared since then are caused by malware or not. You're the only one who requested logs to see if it was possible to find the cause. Try to imagine my uneasiness when ESET Spain told me that they can't tell me whether or not it's malware, but that instead of helping me I should look for the solution on my own looking for help in other place. It may not be malware, perhaps it is, but manage it yourself and seek help elsewhere, This is the meaning of ESET Spain answer. The client reads that and feels helpless. That is why I came to this forum and I'm grateful for the help received.

If you believe that the virtual internal streame and other problems that have arisen since then are not the cause of malware, then tell me and we can close the thread.

Waiting answer.

[AlSky 4]

So nothing to say? Ok, the same that ESET Spain thech support, that who refused to respond to this, but also to another open incident since May 30.

[Marcos 5,085]

As I have already mentioned, the error message shown during a memory scan will be fixed soon via an automatic module update.

[AlSky 4]

2 hours ago, Marcos said:

As I have already mentioned, the error message shown during a memory scan will be fixed soon via an automatic module update.

I asked if it is just an error or a possible symptom of malware.

Plus I have this problem a few minutes ago: "the eset live grid servers cannot be reached". Why? I hace internet connection, I restarted the computer, but nothing, it keeps showing this message.

I tried to check if ESET LiveGrid is enabled, but in the Detection engine, where ESET LiveGrid used to be, you only see what appears in the second screenshot. Where is ESET LiveGrid now?

Edited July 27, 2023 by AlSky