- Jan 29, 2013
- 221
This thread was spitted from another discussion.
Why i have the feeling Emsisoft static detection is worse than before? As Emsisoft user i'm a bit concerned about this
Containment: Shadow Defender v1.4.0.648
Guest/OS: Windows 10 Home v1607 - build 14393.222
Product: Emsisoft Internet Security @ Default settings v11.10.1.6763
Static (On-demand scan): 0/4
Dynamic (On execution): 3/4
Total: 3/4
SUD: Everything, to be done by @Solarquest after testing EIS 12 BETA.
System Status: infected (running service + dropped files)
1d66c564036651b6f24921ac9213b437.exe is intercepted on run by EIS BB (cloud confirmed), autoquarantined, process terminated. HIT.
Bank Slip.exe sleeps in memory for a minute. It then creates a subprocess of same name, just in that second is intercepted by EIS BB (cloud confirmed), autoquarantined, process terminated. HIT.
BitLocker.exe is able to run in memory for seconds, seconds after it is intercepted by EIS BB (cloud confirmed), autoquarantined, process terminated. HIT.
st1.exe runs in memory without doing anything, it seems as if the malware is aware of either ShadowDefender or the Antivirus software. No EIS action. Source of infection. MISS.
There is still a false positive for ZAM.exe (Zemana Anti Malware, VT 1/57).
HaoZip entry in GetSusp is of no harm, the other 2 are not.
Unless otherwise indicated above, no malicious entries in SysInternals ProcessExplorer, TCPView or AutoRuns.
BB stands for Behavior Blocker.
As previously announced, I will manually close all processes whose malicious payload has been intercepted by EIS, but the AV was not able to remove the source file due to the process still running (restart is not possible using ShadowDefender). I will only do so if I can confirm it is no active malware, doing so by SysInternals AutoRuns, TCPView and Process Explorer, I may emphasize especially the "Suspended" status in Process Explorer regarding that. Reason is to be able to clearly show real infections, not the source malware.
Thank you @Daniel Hidalgo for the pack! System is infected.
Why i have the feeling Emsisoft static detection is worse than before? As Emsisoft user i'm a bit concerned about this
Last edited by a moderator: