have a file that is over a week old

Status
Not open for further replies.
boredog

boredog

Level 9
Thread author
Verified
Jul 5, 2016
416
I have a malware file that is over a week old and Emsisoft AM will not detect it.

38 other AV's on VT do. Are they all saying it is a false positive or what?
VirusTotal
 
  • Like
Reactions: bribon77
I

insanity

Level 5
Verified
Oct 9, 2016
216
Based on the descriptions, it could be a crack/patch (not malicious, but still a riskware) or some kind of test file. However, no one can be 100% sure, it can be a real malware. Also, Kaspersky, Bitdefender and F-Secure are not detecting the file either. Have you SUD-ed the file to Emsisoft and other vendors? Ideally, it would be good if someone could test the file to see if it's blocked on execution.
 
  • Like
Reactions: bribon77, Handsome Recluse, brambedkar59 and 1 other person
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
668
https://www.isthisfilesafe.com/
38 other AV's on VT do. Are they all saying it is a false positive or what?
VirusTotal
Click to expand...
What is this exe file? Is this file safe? Check here
1647.png
 
  • Like
Reactions: brambedkar59, mlnevese and Deleted member 65228
D

Deleted member 65228

insanity said:
Ideally, it would be good if someone could test the file to see if it's blocked on execution.
Click to expand...
I agree. :)

The engines used on VirusTotal are not always the same as the ones implemented into the actual software solutions. VirusTotal is not a complete solution to scanning files and seeing if a vendors' product will really flag it or not due to this. It is still helpful though.

@boredog You can try submitting it to Emsisoft and see what the response is, maybe they already detect it even if it doesn't appear as flagged on VT.
 
  • Like
Reactions: bribon77, insanity, brambedkar59 and 2 others
D

Deleted member 178

Remember that some "crack/hack tools" or even legit software are classified as "riskware" but are in fact, just tools.
They are, by default, not inherently malicious even if they can be modified to be.
For example some big names keep flagging all the excellent tools made by Nirsoft, none of them are malicious but if used maliciously they are indeed effective.

Basically it depends of the stance of the vendors, some may look for 100% detection and so flag every "non-deemed-as-100%-safe" files to get the best score...I know one very very popular vendor flagging all cracks/hack tools and even banning their users to access some legit non-malicious sites that allow sharing of clean hack/cracks tools.
Is it right to do so? depend the user...
 
Last edited by a moderator:
  • Like
Reactions: Handsome Recluse, brambedkar59, insanity and 4 others
D

Deleted member 178

Serious malware testing is not something you do by picking some malware in some sites and scanning them right away with every antiviruses you have under the hands and then say "hey this AV score low, it suxx"...
You have to reverse engineering it, analyzing its code first to know what it is supposed to do, in what context, etc.... .

Not the kind of task everybody can do.
 
  • Like
Reactions: Nevi, XhenEd, Handsome Recluse and 4 others
kev216

kev216

Level 21
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 6, 2014
1,044
boredog said:
I have a malware file that is over a week old and Emsisoft AM will not detect it.

38 other AV's on VT do. Are they all saying it is a false positive or what?
VirusTotal
Click to expand...
No offense to Emsisoft, it's great, but based on the way you say it, it sounds like you think that Emsisoft is like 'the holy grail' in terms of security. Not speaking of this particular file, but in general if Emsisoft is not detecting a file, it doesn't mean it is not malware when multiple other products do detect it. Every antivirus is not 100% bulletproof + the signatures engine is not the only kind of defense of most security products.
Hacks and cracks are always questionable if they are really need to considered malware or not, surely when they are not really malicious itself in terms of code, but if you don't know what they exactly do, I think it's better that the user will be notified by the security product about the risks of the particular tool.
 
  • Like
Reactions: Sunshine-boy
D

Deleted member 178

kev216 said:
No offense to Emsisoft, it's great, but based on the way you say it, it sounds like you think that Emsisoft is like 'the holy grail' in terms of security. Not speaking of this particular file, but in general if Emsisoft is not detecting a file, it doesn't mean it is not malware when multiple other products do detect it. Every antivirus is not 100% bulletproof + the signatures engine is not the only kind of defense of most security products.
Click to expand...
I never said so, it is your , not mine :)
And everybody knows that RT scanners are not the sole defense of modern security products against 0-days and other malware.

Hacks and cracks are always questionable if they are really need to considered malware or not, surely when they are not really malicious itself in terms of code, but if you don't know what they exactly do, I think it's better that the user will be notified by the security product about the risks of the particular tool.
Click to expand...
Normally users shouldn't look for hack and crack tools...
 
Last edited by a moderator:
  • Like
Reactions: bribon77 and Handsome Recluse
boredog

boredog

Level 9
Thread author
Verified
Jul 5, 2016
416
Opcode said:
The engines used on VirusTotal are not always the same as the ones implemented into the actual software solutions. VirusTotal is not a complete solution to scanning files and seeing if a vendors' product will really flag it or not due to this. It is still helpful though.
Click to expand...

Yes I agree. I have seen it where Emsisoft does not detect the file but does setect it on VT. None of the files I test would even get past Windows. any of them I click on Windows kicks up a warning and when I click run anyway , then Voodooshield runs it's VT scan. That is how I have my VM setup at present. You are probably right that the files not detected are crack files . No, I have not submitted the file yet. Also some files I submit have never been scanned by VT and so the detections are fresh for the ones that do detect them as malware.
 
  • Like
Reactions: shmu26
boredog

boredog

Level 9
Thread author
Verified
Jul 5, 2016
416
How about this one? does it look like crapware or a PUP. never before posted on VT.
VirusTotal

I thought all new detections were reported to all VT AV's
 
I

insanity

Level 5
Verified
Oct 9, 2016
216
boredog said:
How about this one? does it look like crapware or a PUP. never before posted on VT.
VirusTotal

I thought all new detections were reported to all VT AV's
Click to expand...

It is detected by the cloud (EAM network): 67f626c8798b1efc9bf34eaafb3d5bbc8adf974d6dd34a3737f111892091cc0d.exe Details. Is this file safe? Check the directory

I'm not defending Emsisoft, which I agree it is not the holy grail of malware protection, but I think it would make more sense to SUD this file and any other to Emsisoft. Since there are millions of malicious files being created every hour, any AV vendor will eventually miss some samples. Looking at the VT score, I see that Bitdefender, Avira and Symantec also missed this sample. It doesn't make sense to pick some samples based on VT score and then keeping reporting it on a thread, as if this were enough to make a case that the AV is failing on malware detection.
 
Last edited:
  • Like
Reactions: Deleted member 178 and Handsome Recluse
D

Deleted member 178

@insanity he just tried his combo against some samples but was unaware of the driver's altitude effect but you are right in your statements above.

Samples should have been submitted and the issue reported before making a misinforming thread...
 
  • Like
Reactions: insanity
Status
Not open for further replies.

Similar threads

Slerion
    • Like
Hot Take Windows Defender and their "Biased" detections.
Replies
5
Views
348
Microsoft Defender
Slerion
Slerion
M
Could I possibly solicit a more experience pair of eyes??
Replies
1
Views
120
Malware Analysis
Bot
Bot
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
697
Windows Malware Removal Help & Support
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top