Advice Request Did Shadow Defender failed me?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
WinXPert

WinXPert

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
I was testing the Annabelle ransomware in Shadow Mode. Everything went fine until I decided to allow the execution of the malware to see how it attacks. It was blocked by 360TS on execution even though it wasn't detected by static scan. I got a BSOD 0x0F4. So I had to shut down and restart the PC by pressing the power button.

Booting with Shadow Mode off, what greeted me next is "Server execution failed" when I ran Explorer. This doesn't look good.

I did some troubleshooting and found out that my secondary drive is no longer detected. Not sure but I guess the malware trashed the MBR.

sx2kr8.jpg

Why this thing happened? I don't know. I should be protected while in shadow mode.

Containment: Shadow Defender v1.4.0.665
Guest/OS: Windows 7 Ultimate 32 bit SP1
Product: 360 TS 9.6.0.1245 (Balanced setting)

Note: I've recovered all files in the HDD after about 10 minutes.
2.jpg
 
  • Like
Reactions: silversurfer, upnorth, XhenEd and 3 others
Mahesh Sudula

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
I see sometimes virtualization fails in most complicated malwares...thats the reason for this massacre..
and even some AV have a peculiar problem of working inside a VM..(Up and down) with same samples...
Its not Qihoo ..for most of the AV i tested specifically EMSI AVG ...its a common issue
may be a background hardware or a driver conflict....BB some times blocks other times no alert..:confused:

Even f secure has this illness...Kaspersky Quickheal G data seem to like to work inside the VM..
Personal opinion though
 
  • Like
Reactions: Faybert, frogboy and harlan4096
erreale

erreale

Level 9
Verified
Content Creator
Malware Hunter
Well-known
Oct 22, 2016
409
It would be interesting to send the sample and/or reports of your "glitch" to the SD developer to see if he can replicate and then figure out what happened.
 
  • Like
Reactions: Faybert, WinXPert and silversurfer
Status
Not open for further replies.

Similar threads

ShenguiTurmi
    • Like
    • +Reputation
    • Applause
Serious Discussion Turtle‘s Enhanced Realworld Tests ( updated )
Replies
82
Views
6,536
General Security Discussions
Xeno1234
Xeno1234
Nikos751
    • Like
    • Wow
    • +Reputation
Question Testing security software in a rush with some samples - what do you think?
Replies
12
Views
1,082
General Security Discussions
a090
A
Anthony Qian
    • +Reputation
    • Like
    • Thanks
New Update Avira expands its APC to support script malware
Replies
4
Views
1,283
Avira
Anthony Qian
Anthony Qian

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top