Joined
Dec 20, 2014
Messages
616
#1
Hi everyone,
I want to tell my story about protection of ESS on my computer. Today, when my friend plug in his USB into my computer, I noticed that his USB shows only 1 USB shorcut in explorer. Before, my previous machine is infected by this malware type (malware creates USB shorcut) so I have experience with it. And when he plug his USB in, I run ESS Smart Scan but it found nothing. This afternoon, when I plug my USB in my machine, I saw that all things in my USB turn into 1 USB shorcut, I run Smart Scan again with my USB and found nothing, too (I also run a scan by Zemana AntiMalware, and it found nothing, too). After that, I installed MCShield AntiMalware Tool, and scan my USB with it. Magically, It found .ink malware in my USB and cleaned it sucessfully! This is screenshot about log of MCShield:

And now, I'm very disapointed with my ESET :(. It makes me got infected easily! :mad:. How do you think about my problem, please share with me.
 
Joined
Dec 20, 2014
Messages
616
#3
ESET protects against malware coming from USB devices.
Probably did not recognize the malware that caused the problem.
You have done well to use McShield.
You mean this malware can't harm my computer so ESET can't find it?
 

Enju

New Member
Joined
Jul 16, 2014
Messages
444
#5
You can get infected with every security setup, there is no such thing as perfect security or 100% protection! The most important part to reduce the likelihood of an infection is your brain ;). You should also get your system checked since MCShield only deleted the folder and file on your USB drive but not the infection.
You mean this malware can't harm my computer so ESET can't find it?
Eset hasn't added the needed signatures into their database yet so they can't detect it, the malware is harmful no question about that, otherwise there would be no need to spread.
 

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#7
No product can detect everything... Expecting this would be unreasonable.

MCShield is good. But let's remember: ESET will detect malicious objects which MCShield may miss. It's normal - each vendor obtains and manages their own database and engine (unless they bought one and engineered it into their product).

Please do what @Cch123 requested above. If possible, put it onto the Malware Hub in the Virus Exchange so it can be looked at and tested against other scanners.

For all you know it could have been a False Positive and not harmful at all...

Cheers. ;)
 
Joined
Dec 20, 2014
Messages
616
#8
You can get infected with every security setup, there is no such thing as perfect security or 100% protection! The most important part to reduce the likelihood of an infection is your brain ;). You should also get your system checked since MCShield only deleted the folder and file on your USB drive but not the infection.

Eset hasn't added the needed signatures into their database yet so they can't detect it, the malware is harmful no question about that, otherwise there would be no need to spread.
I think malware that creates USB shorcut is very popular, because I saw it long time ago (several years). Still now, ESET can't detect it. I know that no AV program has 100% protection but missing popular malware cannot acceptable.
 

Enju

New Member
Joined
Jul 16, 2014
Messages
444
#9
I think malware that creates USB shorcut is very popular, because I saw it long time ago (several years). Still now, ESET can't detect it. I know that no AV program has 100% protection but missing popular malware cannot acceptable.
How do you know it's widespread?
 

kram7750

New Member
Joined
Apr 12, 2014
Messages
993
#10
Still now, ESET can't detect it. I know that no AV program has 100% protection but missing popular malware cannot acceptable.
Every sample can be different and may do different things.

You can get a sample identical to others, you can get a sample different but similar to others and you can get a sample completely different.

1 miss does not make the product bad. Out of interest, have you experienced any symptons such as: system slowdown, excessive CPU/RAM usage, disk usage increase (unusual amounts), suspicious processes, unexplained BSOD crashes, installations you were unaware of, system boot issues, missing files, or anything which can be considered suspicious or a malicious trait?

For all you know it was a False Positive and your system is fine. If you are worried that malicious software may be currently active on your system or you are still left with actions of a previous malware infection, post a thread in the MRA with the requested logs of your system: http://malwaretips.com/forums/malware-removal-assistance.10/

Cheers. ;)
 
Joined
Dec 20, 2014
Messages
616
#12
I just restore it from MCShield quarantine, and upload it to virustotal. 0/57

It means MCShield has false positive? And this is some information about this file

I think this file is a malware because before I've been infected by it
 

Enju

New Member
Joined
Jul 16, 2014
Messages
444
#15
Because before I've been infected by it many times. And my friend too
Tiere are a lot of different USB spreading malware, also you have to upload the file on the stick, not rundll! It's most likely in a hidden folder.
 
Joined
Dec 20, 2014
Messages
616
#16
A shortcut on your USB doesn't automatically represent a malware infection.

May I ask, how do you know you are infected? Seeing 1 file does not mean you are infected. Any symptons/unusual behaviour?...

Can you post the full VT link here please.
This is virustotal link: https://www.virustotal.com/en/file/...15a9fc001ff5a6bcb6650393/analysis/1431945170/

Before, malware creates USB shorcut when I plug USB in and lots of my documents when I try to access it, it also turn to USB shorcut and I cannot access it as usual
 
Joined
Dec 20, 2014
Messages
616
#17
Tiere are a lot of different USB spreading malware, also you have to upload the file on the stick, not rundll! It's most likely in a hidden folder.
I've check all file (include hidden file).and there's no suspicious file on my USB stick. I restored file that MCShield moves it to quarantine and upload it to virustotal
 

Enju

New Member
Joined
Jul 16, 2014
Messages
444
#18
I've check all file (include hidden file).and there's no suspicious file on my USB stick. I restored file that MCShield moves it to quarantine and upload it to virustotal
Have you tried another USB stick to see if the same happens? I can't imagine that MCShield put Rundll (which is a Windows file) into quarantine, I think it quarantined the lnk file which launches the malware through rundll via the argument ~$aqnsoymqn(...), your best bet is running Hitman Pro to see if it detects any anomalies and then getting help through the Malware Removal Subforum as kram7750 already said.
 
Joined
Dec 20, 2014
Messages
616
#19
Have you tried another USB stick to see if the same happens? I can't imagine that MCShield put Rundll (which is a Windows file) into quarantine, I think it quarantined the lnk file which launches the malware through rundll via the argument ~$aqnsoymqn(...), your best bet is running Hitman Pro to see if it detects any anomalies and then getting help through the Malware Removal Subforum as kram7750 already said.
I also run full scan with Emsisoft Emergency Kit and Zemana AntiMalware but they found nothing. I don't have license of Hitman Pro. Thanks for your guide! And now, I don't have any USB to make a test