ESET Smart Security can't protect me from .lnk malware

Status
Not open for further replies.
Khairul

Khairul

Level 2
Verified
Feb 3, 2015
90
Hi the sample that you uploaded are not the virus, it just a shortcut, i have face it before, with bitdefender. Which bitdefender remove the core of the malware, but did not remove the shortcut created by the malware, but it does kill the malware. when you click the shortcut, it wont gave any effect to your PC as the main core files already been destroy by those av.

Anyway hope you can try to recover back the malware, as the one you remove using mac shield, is the "Left over" of the malware and not the malware it self. Thats why when you uploaded it to virus total it shows fully clean, as it is clean.

And if possible, please recitify your ESET database. Is it the latest version of it?
 
  • Like
Reactions: Deleted member 21043 and Maxxx58
Maxxx58

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Khairul said:
Hi the sample that you uploaded are not the virus, it just a shortcut, i have face it before, with bitdefender. Which bitdefender remove the core of the malware, but did not remove the shortcut created by the malware, but it does kill the malware. when you click the shortcut, it wont gave any effect to your PC as the main core files already been destroy by those av.

Anyway hope you can try to recover back the malware, as the one you remove using mac shield, is the "Left over" of the malware and not the malware it self. Thats why when you uploaded it to virus total it shows fully clean, as it is clean.

And if possible, please recitify your ESET database. Is it the latest version of it?
Click to expand...
Yes, my ESET virus database always up-to-date. I didn't see any notification about ESET detects malware on my computer
 
Maxxx58

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Enju said:
Sure it's exactly the same one.
Click to expand...
Only find that after scan
WdEMSMB.png
 
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Maxxx58 said:
Only find that after scan
Click to expand...
That's odd, normally Hitman Pro is quite good at detecting USB spreading malware. Maybe I assumed the worst or missread something.
So let me go throug this again: First you plugged in a friend's USB stick, did you open or run anything on it or is autoplay enabled? Did anything suspicious happen after plugging in?
After some time you plugged in your USB stick and all your files were "gone" (hidden) and only this shortcut was on the stick, so you downloaded MCShield to scan your USB drive and it deleted the .lnk and restored the files. Has anything happened in the meantime? Did you see any abnormal behaviour?
 
  • Like
Reactions: Maxxx58
L

LabZero

The file uploaded on VT is rundll32, running the DLL files and puts their libraries into the memory of your system.

It's a legitimate Windows file and it is certainly not a malware.

We must understand what is the infected file, if it exists, or if it's a FP.

It may have been removed by Mcshield but if it did damage, these have not been repaired.
 
Last edited by a moderator:
  • Like
Reactions: FireShootSK, frogboy and Maxxx58
Maxxx58

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Enju said:
That's odd, normally Hitman Pro is quite good at detecting USB spreading malware. Maybe I assumed the worst or missread something.
So let me go throug this again: First you plugged in a friend's USB stick, did you open or run anything on it or is autoplay enabled? Did anything suspicious happen after plugging in?
After some time you plugged in your USB stick and all your files were "gone" (hidden) and only this shortcut was on the stick, so you downloaded MCShield to scan your USB drive and it deleted the .lnk and restored the files. Has anything happened in the meantime? Did you see any abnormal behaviour?
Click to expand...
After my friend's USB pluged in, I found nothing except 1 USB shorcut in that drive (autoplay enabled). After that, I pluged in my USB, and I saw all of my files like copy to 1 shorcut of USB, I have to click to this shorcut to show my files. And I download MCShield, scan it with and it quarantined that .ink file
 
L

LabZero

  • Like
Reactions: FireShootSK and Maxxx58
Maxxx58

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
UPDATE:
I've just pluged in my USB and ESET detects lots of threats (same threats). ESET can't totally clean threats, I try to eject my USB and plug in it again, ESET shows the same notification about cleaning this threat
5gZO7M0.png

And my USB drive goes blank
tx3mESr.png

It means ESET only can detect threats after scan by MCShield. How to sure my machine does not get infected?
 
Last edited:
  • Like
Reactions: LabZero
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Maxxx58 said:
UPDATE:
I've just pluged in my USB and ESET detects lots of threats (same threats). ESET can't totally clean threats, I try to eject my USB and plug in it again, ESET shows the same notification about cleaning this threat
It means ESET only can detect threats after scan by MCShield. How to sure my machine does not infected?
Click to expand...
Eset could just have added signatures for the malware (yup was just added http://www.eset.com/us/threat-center/threatsense-updates/ v.11644 (May 18, 2015)). To make sure there is nothing shady going on open a thread in http://malwaretips.com/forums/malware-removal-assistance.10/ .
 
  • Like
Reactions: LabZero, frogboy and Maxxx58
S

SkyLambert

New Member
Nov 16, 2014
5
That shortcut leads to the legit rundll32 file from microsoft. As Klipsh says above, it runs dll files in its process. For example, it hosts control panel applets. To evade detection malware will sometimes hide inside processes like rundll32 and svchost as a dll. That way if you look through task manager, rundll32.exe won't look out of place at all. The shortcut target is intriguing however. This looks suspicious, "rundll32.exe \~$aqnsoymqn". It looks like this shortcut is trying to launch a rundll process to host the malicious file that your AV keeps detecting.
 
  • Like
Reactions: LabZero and Maxxx58
omidomi

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
sud your files to vendor( dr.web,kaspersky,avira)
they said the file is safe or no :D
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
McShield mainly focus on all USB-based detection even the leftovers from viruses, .lnk are shortcut file extensions which links to the main file however possibility its considered dead after quarantine/deletion process. ESET and other AV's sometimes no need to detect any leftovers (mainly shortcut) when its out of criteria for possible infection behavior.
 
Status
Not open for further replies.

Similar threads

Morro
    • Like
Serious Discussion Trying out ESET Smart security Premium Trial version.
Replies
7
Views
760
ESET
CyberDevil
CyberDevil
cartaphilus
Serious Discussion What USB boot style scanners besides ESET still exist and is there still a multiscanner USB tool?
Replies
13
Views
692
General Security Discussions
ForgottenSeer 114834
F
R
My computer is being hacked and remotely access and no one can detect it
Replies
3
Views
469
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top