Advice Request Is computer safe if my av detected a malware during installation in Shadow defender shadow mode?

Please provide comments and solutions that are helpful to the author of this topic.

SumTingWong

SumTingWong

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
So i ran shadow defender and put all my drives into shadow mode. I then installed aimersoft imusic and upon installation, eset detected javascript password stealer malware. I then click clean, open up shadow defender then click exit shadow mode and reboot. After exit shadow defender shadow mode and reboot, i ran hitmanpro, malwarebytes, norton power eraser and eset and no malware detected. So am i safe???
 
  • Like
Reactions: Cortex, Nevi, ZeePriest and 2 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
SumTingWong said:
I think i did but dont remember well
Click to expand...
From Shadow Defender website:
Shadow Defender can run your system in a virtual environment called 'Shadow Mode'. 'Shadow Mode' redirects each system change to a virtual environment with no change to your real environment. If you experience malicious activities and/or unwanted changes, perform a reboot to restore your system back to its original state, as if nothing happened.
Click to expand...
Whatever changes or alterations this program did into your system, was actually written into a virtual enviroment, a.k.a Shadow Mode. When you rebooted your system, all changes were rollbacked and deleted. Therefore there's no need even for a malware scan. You're safe.
 
  • Like
  • +Reputation
  • Applause
Reactions: Gandalf_The_Grey, Cortex, cambell7 and 10 others
SomeRandomCat

SomeRandomCat

Level 3
Well-known
Dec 23, 2020
124
Been a while since I played around with Shadow Defender.

Does 'exit shadow mode and reboot' discard changes on reboot, or keep them? I think it discards them, but I'm sure someone here knows for sure.

Edit: It depends on whether he choose to Discard or Commit changes?
 
Last edited:
  • Like
Reactions: Cortex, Venustus, Nevi and 1 other person
ichito

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
542
SumTingWong said:
So i ran shadow defender and put all my drives into shadow mode. I then installed aimersoft imusic and upon installation, eset detected javascript password stealer malware. I then click clean, open up shadow defender then click exit shadow mode and reboot. After exit shadow defender shadow mode and reboot, i ran hitmanpro, malwarebytes, norton power eraser and eset and no malware detected. So am i safe???
Click to expand...
Actually no way to get infected using Shadow Mode (basically on system disk). Everything depends on what disk/disks are out off virtualization and it's hard to explain a lot of possible configuration. Here is my review about SD so you can probably get useful information
malwaretips.com

Shadow Defender - An Unobjective Review :)

This review is based on my review originaly published on Polish forum SG.pl ca 5 years ago. I decided post it here because SD after such period is still efficient and strong at the same level as in the past. Of cource SD was updated few time since those times but there was rather minor changes...
malwaretips.com malwaretips.com
 
  • Like
  • +Reputation
Reactions: roger_m, Venustus, SumTingWong and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510

SumTingWong,​

You cannot be maximally safe when using ShadowDefender in this way. If you are infected while being in Shadow Mode then after reboot the malware will be wiped out from the protected disks. But, your system could be compromised anyway if the malware called home and transferred personal data:
  1. Passwords used in web browsers.
  2. User and Admin credentials.
  3. Personal files.
  4. Information about the system, local network, installed applications, etc.
Furthermore, other devices in your home network could be compromised too, for example:
  1. Network drives.
  2. Other computers.
So, you have to use an offline application installer and disconnect your computer from the local network (not only from the Internet).(y)

If the file from OP was downloaded from the developer website (imusic-win_setup_full2400.exe ) then it is safe. It is an application downloader:
VirusTotal
This downloader downloads and executes the offline installer imusic-win_full2400.exe:
VirusTotal
 
Last edited:
  • Like
  • +Reputation
  • Applause
Reactions: ichito, SumTingWong, roger_m and 6 others
amirr

amirr

Level 27
Verified
Top Poster
Well-known
Jan 26, 2020
1,628
Maybe off-topic, but I thought to ask. Do we need a program like ShadowDefender if we have Kaspersky Internet Security or Eset Internet Security?
Thank you.
 
SumTingWong

SumTingWong

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
Andy Ful said:

SumTingWong,​

You cannot be maximally safe when using ShadowDefender in this way. If you are infected while being in Shadow Mode then after reboot the malware will be wiped out from the protected disks. But, your system could be compromised anyway if the malware called home and transferred personal data:
  1. Passwords used in web browsers.
  2. User and Admin credentials.
  3. Personal files.
  4. Information about the system, local network, installed applications, etc.
Furthermore, other devices in your home network could be compromised too, for example:
  1. Network drives.
  2. Other computers.
So, you have to use an offline application installer and disconnect your computer from the local network (not only from the Internet).(y)

If the file from OP was downloaded from the developer website (imusic-win_setup_full2400.exe ) then it is safe. It is an application downloader:
VirusTotal
This downloader downloads and executes the offline installer imusic-win_full2400.exe:
VirusTotal
Click to expand...

But ESET detected something during installation from the installer, and the thread is Javascript Password stealer malware.
 

Similar threads

tracker
  • Locked
I am infected with a hijack loader that has never been detected by any antivirus software, and I cannot remove it.
Replies
7
Views
821
Windows Malware Removal Help & Support
nasdaq
nasdaq
romy
    • Like
Advice Request Shadow Defender in Shadow Mode : Why does my laptop hang/frozen?
Replies
16
Views
3,958
Other security for Windows, Mac, Linux
Frib004
Frib004
M
    • Like
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Replies
0
Views
689
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top