Question virus scan results meaning and is the data safe?

[Parkinsond]

I can restore a C:\ image in just over a minute, it takes days to set an install up - You must have an extremely simple install

Yes, it is very simple.
I can remeber restoring back up image by Paragon was consuming a long period of time, longer than Windows fresh install and installing a couple of programs.
Did not try it recently.

 

[Sorrento]

Hasleo sorts it well & for free, the most useful program on this & other systems since the advent of sliced bread.

 

[Trident]

I download samples not older than 24 hours age.
I use scripts mainly; executables are usually detected by AV; even Panda can detect them
I care more about pre-execution detection; if detected on-execution or post-exectution, it is over; I will reinstall Windows.

You think you are downloading samples no older than 24 hours but when these samples were created, when were they distributed first and when exactly someone decided to upload them, these are 3 different dates/times.

Using scripts usually is a viable way to test indeed, but you have very little information whether or not they really did something malicious, or the process just launched, detected something and did nothing.
Sometimes you’d think that “executables are detected” but it will be an executable (specially if signed or inflated) that will evade detection.

Furthermore, not everything on these portals is malicious. Often, some riskware/testware is uploaded.

To really draw some viable conclusions, you need various portals and malware types.

 

[Parkinsond]

Hasleo sorts it well & for free, the most useful program on this & other systems since the advent of sliced bread.

How long it takes for Hasleo to make and image and restore it back?

 

[Fan-of-spyshelter]

@Parkinsond

You can be infected even you don't download a program by your self, or even you don't execute it by your self.
you just need to go even on a legitimate website.



Solution :

use a no JS script, : What is it? - NoScript: Own Your Browser!

-> it prevent from XSS injections by third party websites. (you need first to delete all trusted website, and one by one give an exception)

use a ManInTheMiddle certificate (for u browser) THAT YOU KNOW REALLY (for example BurpSuite (the community version) -> portswigger.net)

-> it filtrate all the HTTPS traffic -> even there is an HSTS in the backend side

 

[waens]

Hi, a few days ago I already asked about some virus scanning results about a launcher, today I found the new launcher and I scanned it.
These are the results: VirusTotal
should I be concerned? kaspersky etc didn’t detect something but 4 other scanners did.
Looking forward to your answers!

 

[roger_m]

Hi, a few days ago I already asked about some virus scanning results about a launcher, today I found the new launcher and I scanned it.
These are the results: VirusTotal
should I be concerned? kaspersky etc didn’t detect something but 4 other scanners did.
Looking forward to your answers!

It's clearly a false positive. It's now only detected by three antiviruses and they are all ones using AI detections. AI/ML based antiviruses give plenty of false positives. As well as that, it was first scanned at VirusTotal in February. If it was actually malicious, then other antiviruses would detect it, as samples uploaded to VT get shared with AV vendors.

 

[Parkinsond]

@Parkinsond

You can be infected even you don't download a program by your self, or even you don't execute it by your self.
you just need to go even on a legitimate website.



Solution :

use a no JS script, : What is it? - NoScript: Own Your Browser!

-> it prevent from XSS injections by third party websites. (you need first to delete all trusted website, and one by one give an exception)

use a ManInTheMiddle certificate (for u browser) THAT YOU KNOW REALLY (for example BurpSuite (the community version) -> portswigger.net)

-> it filtrate all the HTTPS traffic -> even there is an HSTS in the backend side

You have my word; when I get infected by downloading, but not exectuing, malware samples, I will stop doing such a thing.