danb

From VoodooShield
Verified
Developer
And I am sure you have scanned with many different scanners (especially K as CS recommended) by now, so I won't even ask about that. The thing is, you have multiple layers of amazing protection and are extremely aware when it comes to security, so the odds of this being malware is probably very small.

Maybe you can try to run FRST and have one of the malware removal experts on MT take a look just for the heck of it. I can look at the FRST results as well, but we certainly would want another opinion since I am not familiar with FRST at all.
 

ticklemefeet

Level 24
And I am sure you have scanned with many different scanners (especially K as CS recommended) by now, so I won't even ask about that. The thing is, you have multiple layers of amazing protection and are extremely aware when it comes to security, so the odds of this being malware is probably very small.

Maybe you can try to run FRST and have one of the malware removal experts on MT take a look just for the heck of it. I can look at the FRST results as well, but we certainly would want another opinion since I am not familiar with FRST at all.

Yes Dan I do have good protection but I was not in shadow mode when this occurred. I still can go back to an image before all this but at this point , I am waiting. I have a strict policy about allowing scripts to run, even if they may be an update, which I have never seen before. I am not your average target. What is your email again? I will explain more in private

Meg thanks for your ideas but all are from sys32.
 

ticklemefeet

Level 24
Today, while in shadow mode, I tried to install Eset IS. The installer failed with the splash screen it fail because I might have malware. There was a button to try a special scanner. I clicked on that and another splash screen came up saying malware was found and removed. I still have no idea what is going on. Eset never mentioned anymore, but once I reboot, it will be back. And so far I am not getting any more script blocks.
 

SeriousHoax

Level 32
Verified
Today, while in shadow mode, I tried to install Eset IS. The installer failed with the splash screen it fail because I might have malware. There was a button to try a special scanner. I clicked on that and another splash screen came up saying malware was found and removed. I still have no idea what is going on. Eset never mentioned anymore, but once I reboot, it will be back. And so far I am not getting any more script blocks.
That ESET scanner should've shown the name and location of the detected malware. Didn't it? Did you put your whole PC (all drives) in shadow mode or just a particular drive? If the whole PC then the malware should still be there after exiting shadow mode. In that case you may try installing ESET again but this time on your main system or just scan with ESET Online scanner to find out the culprit.
 

danb

From VoodooShield
Verified
Developer
Interesting, it might be malware after all. Now that we know that ESET is aware of the potential malware, maybe try my original suggestion again, that way VS can see the block before it is blocked by AG, and is able to provide further file insight.


BTW, I have not tested VS in shadow mode yet, I am working on some other stuff. But I have a hunch that it probably does not work all that well in shadow mode, simply because it had an issue writing to one of the databases. Just something to keep in mind.

BTW, is there a chance that this block is a component of Shadow Defender?
 

shmu26

Level 85
Verified
Trusted
Content Creator
When I really want to know what is happening on my system I install this NVT tool
This logging service is incorporated into Exe Radar Pro (the new version)
 

ticklemefeet

Level 24
When I really want to know what is happening on my system I install this NVT tool
This logging service is incorporated into Exe Radar Pro (the new version)

I will give it a try, thanks
Just tried this and service won't start for some reason. And so no logs are formed. ok figured it out. had to be moved to c root. working now
 
Last edited:

ticklemefeet

Level 24
So who all owes me a beer? ;). Just playing, I am just happy that the issue is resolved.

That info should be in VS's DeveloperLog.log too, but it is probably easier to read in the Process Logger Service.

Dan I do owe a beer. Thanks. I still wonder what Eset found. Their online scanner finds nothing but their IS found malware, maybe. From what I posted, it would not even install in shadow mode, saying I had malware. It is a scratching head moment