ESET Smart Security can't protect me from .lnk malware

Status
Not open for further replies.

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Hi everyone,
I want to tell my story about protection of ESS on my computer. Today, when my friend plug in his USB into my computer, I noticed that his USB shows only 1 USB shorcut in explorer. Before, my previous machine is infected by this malware type (malware creates USB shorcut) so I have experience with it. And when he plug his USB in, I run ESS Smart Scan but it found nothing. This afternoon, when I plug my USB in my machine, I saw that all things in my USB turn into 1 USB shorcut, I run Smart Scan again with my USB and found nothing, too (I also run a scan by Zemana AntiMalware, and it found nothing, too). After that, I installed MCShield AntiMalware Tool, and scan my USB with it. Magically, It found .ink malware in my USB and cleaned it sucessfully! This is screenshot about log of MCShield:
XLsdt9T.png

And now, I'm very disapointed with my ESET :(. It makes me got infected easily! :mad:. How do you think about my problem, please share with me.
 
  • Like
Reactions: omidomi and LabZero

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
ESET protects against malware coming from USB devices.
Probably did not recognize the malware that caused the problem.
You have done well to use McShield.
You mean this malware can't harm my computer so ESET can't find it?
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
You can get infected with every security setup, there is no such thing as perfect security or 100% protection! The most important part to reduce the likelihood of an infection is your brain ;). You should also get your system checked since MCShield only deleted the folder and file on your USB drive but not the infection.
You mean this malware can't harm my computer so ESET can't find it?
Eset hasn't added the needed signatures into their database yet so they can't detect it, the malware is harmful no question about that, otherwise there would be no need to spread.
 
D

Deleted member 21043

No product can detect everything... Expecting this would be unreasonable.

MCShield is good. But let's remember: ESET will detect malicious objects which MCShield may miss. It's normal - each vendor obtains and manages their own database and engine (unless they bought one and engineered it into their product).

Please do what @Cch123 requested above. If possible, put it onto the Malware Hub in the Virus Exchange so it can be looked at and tested against other scanners.

For all you know it could have been a False Positive and not harmful at all...

Cheers. ;)
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
You can get infected with every security setup, there is no such thing as perfect security or 100% protection! The most important part to reduce the likelihood of an infection is your brain ;). You should also get your system checked since MCShield only deleted the folder and file on your USB drive but not the infection.

Eset hasn't added the needed signatures into their database yet so they can't detect it, the malware is harmful no question about that, otherwise there would be no need to spread.
I think malware that creates USB shorcut is very popular, because I saw it long time ago (several years). Still now, ESET can't detect it. I know that no AV program has 100% protection but missing popular malware cannot acceptable.
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
I think malware that creates USB shorcut is very popular, because I saw it long time ago (several years). Still now, ESET can't detect it. I know that no AV program has 100% protection but missing popular malware cannot acceptable.
How do you know it's widespread?
 
D

Deleted member 21043

Still now, ESET can't detect it. I know that no AV program has 100% protection but missing popular malware cannot acceptable.
Every sample can be different and may do different things.

You can get a sample identical to others, you can get a sample different but similar to others and you can get a sample completely different.

1 miss does not make the product bad. Out of interest, have you experienced any symptons such as: system slowdown, excessive CPU/RAM usage, disk usage increase (unusual amounts), suspicious processes, unexplained BSOD crashes, installations you were unaware of, system boot issues, missing files, or anything which can be considered suspicious or a malicious trait?

For all you know it was a False Positive and your system is fine. If you are worried that malicious software may be currently active on your system or you are still left with actions of a previous malware infection, post a thread in the MRA with the requested logs of your system: http://malwaretips.com/forums/malware-removal-assistance.10/

Cheers. ;)
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
I just restore it from MCShield quarantine, and upload it to virustotal. 0/57
3a37jt8.png

It means MCShield has false positive? And this is some information about this file
BjTIou9.png

I think this file is a malware because before I've been infected by it
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Because before I've been infected by it many times. And my friend too
Tiere are a lot of different USB spreading malware, also you have to upload the file on the stick, not rundll! It's most likely in a hidden folder.
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
A shortcut on your USB doesn't automatically represent a malware infection.

May I ask, how do you know you are infected? Seeing 1 file does not mean you are infected. Any symptons/unusual behaviour?...

Can you post the full VT link here please.
This is virustotal link: https://www.virustotal.com/en/file/...15a9fc001ff5a6bcb6650393/analysis/1431945170/

Before, malware creates USB shorcut when I plug USB in and lots of my documents when I try to access it, it also turn to USB shorcut and I cannot access it as usual
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Tiere are a lot of different USB spreading malware, also you have to upload the file on the stick, not rundll! It's most likely in a hidden folder.
I've check all file (include hidden file).and there's no suspicious file on my USB stick. I restored file that MCShield moves it to quarantine and upload it to virustotal
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
I've check all file (include hidden file).and there's no suspicious file on my USB stick. I restored file that MCShield moves it to quarantine and upload it to virustotal
Have you tried another USB stick to see if the same happens? I can't imagine that MCShield put Rundll (which is a Windows file) into quarantine, I think it quarantined the lnk file which launches the malware through rundll via the argument ~$aqnsoymqn(...), your best bet is running Hitman Pro to see if it detects any anomalies and then getting help through the Malware Removal Subforum as kram7750 already said.
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Have you tried another USB stick to see if the same happens? I can't imagine that MCShield put Rundll (which is a Windows file) into quarantine, I think it quarantined the lnk file which launches the malware through rundll via the argument ~$aqnsoymqn(...), your best bet is running Hitman Pro to see if it detects any anomalies and then getting help through the Malware Removal Subforum as kram7750 already said.
I also run full scan with Emsisoft Emergency Kit and Zemana AntiMalware but they found nothing. I don't have license of Hitman Pro. Thanks for your guide! And now, I don't have any USB to make a test
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top