Solved This is not detected by Kaspersky for some strange reason...

Status
Not open for further replies.

Xeno1234

Level 14
Jun 12, 2023
696
Hi, everyone! I've been testing this particular malware (VirusTotal) vs. kaspersky for some time now, always in a virtual machine environment, and I've come to this conclusion. This malware, for some really weird reason, is never properly detected via kaspersky signatures. However, it is detected by their system watcher. But, not for long...'cause if you keep launching it, even after reboot required by kaspersky, then sooner or later, all of your files end up encrypted (just try it...). Which brings me to my next point - maybe, just maybe, this particular malware is, for some unknown reason, is a part of some covert cyber operation. I mean, c'mon, just how f...ing hard can it be to properly analyse this very obvious malware (which is detected by your own systemwatcher) and to simply add it to your signature database. I mean, to me personally, this whole situation looks pretty ridiculous. If you wanna try it, just go ahead and download this batch: (removed). And then find, and keep launching the file I've been talking about.
Kaspersky is just an antivirus, its not perfect. I can give instances of Bitdefender and ESET having the same thing happen to it.
Its also detected by Kaspersky through System Watcher, so why are you complaining? Its still detected.
 
  • Like
Reactions: vtqhtr413

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,018
Well, first of all, if You just wait for a bit longer, then the Portal detection result strangely disappears, and, for some mysterious reason, in the end, the detection outcome always comes up as perfectly clean. I've done that several times, and I've seen it enough times to claim what I've just said. How can You even say that it's detected by kaspersky portal, when, in fact, it isn't, and that the actual kaspersky application installed on a PC is not handling this obvious threat?
The portal is just their online analysis which checks it against signatures and does on the fly analysis. The VirusTotal just uses the AV basic detection engine. Of course, the full KIS product installed on your PC would protect you but it's not a product I use so I advise requesting their technical support or see if it's discussed in their forum. I was merely pointing out that it was showing as detected in their portal.
 

Xeno1234

Level 14
Jun 12, 2023
696
The portal is just their online analysis which checks it against signatures and does on the fly analysis. The VirusTotal just uses the AV basic detection engine. Of course, the full KIS product installed on your PC would protect you but it's not a product I use so I advise requesting their technical support or see if it's discussed in their forum. I was merely pointing out that it was showing as detected in their portal.
I did put the hash in and its a clean verdict now. But they said it was detected by System Watcher, so its still detected anyway.
It wouldnt matter if it was missed either. Its an anti-virus, one file missed isnt the end of the world.
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,286
I sent links. Thank you

Indeed, when downloading, a BMP is downloaded, Avast did not react on it.
I had fun analyzing it on VT... 0/70...

I've sent the links to Avast, thanks :)

Capture d'écran 2024-01-13 194911.png
 

Pilot777

Level 1
Thread author
Apr 25, 2022
29
The portal is just their online analysis which checks it against signatures and does on the fly analysis. The VirusTotal just uses the AV basic detection engine. Of course, the full KIS product installed on your PC would protect you but it's not a product I use so I advise requesting their technical support or see if it's discussed in their forum. I was merely pointing out that it was showing as detected in their portal.
Understood. Thank You. I was also simply pointing out that this malware analysis by Kaspersky Portal somehow always results as a clean sheet, even though it briefly shows the malware just as the exact detection You posted. Which is really weird...Briefly detected, and then gone for no apparent reason
 
  • Like
Reactions: ErzCrz

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,655
I shared links in private. These files are stated be privateloader and some of them loads malwares like vidar loader, redline stealer, risepro stealer etc. These malware files are not detected almost any antivirus. Avast blocks some of the links but some links. Kaspersky doesnt know about them. When i exposed smilar bmp files to bitdefender telemetry they started to get detected by bitdefender. Norton finds them suspicious. They are not detected by antivirus companies. I have found some research related to these files.
These bmp files are mentioned in the below links that i shared. They are dangerous.

About those very suspicious BMPs files, Kaspersky verdict in this question is:

We do not define this file as malware since it does not pose a threat to the computer since it is encrypted and does not have the ability to decrypt itself.

I think that's a pretty reasonable verdict. It does not make sense that the files victimized by the ransomware attack are detected as malware 🤷‍♂️
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top