I sunmitted a known malicious file. I've read about PUP which don't do any damage but if this renders your browser useless, I wouldn't call it a PUP.
I might explain that I'm on a dual-boot with W7 and W10TP. WRSA won't install on the current W10TP build. MS Defender allowed the install but I can't be sure what WRSA would have done, allow the install and stop it once it executes?
MBAM found lots of problems but didn't fix the browser. I did a quick scan with Defender which didn't find anything. Since I had a recent VHD backup, I restored knowing how many hours Defender would take to "maybe" fix the problem.
WRSA scans the file and finds nothing. I submitted the file and it just came back with no info on the file so is that as far as it goes or do they actually look into it more?.
Page 1 / 1
Submitted files are evaluated by our threat team. How do you know it's a malicious file? Is there documentation elsewhere about it?
Because the executed file installed a browser hijacker, etc. onto the W10TP HD which at the present time I can't install WRSA on. MBAM found 39 objects none of which removed the problem. MS Defender the only choice found nothing on a quick scan. Two choices, run a full scan with Defender taking hours which "might" find the malware, try to manually remove it or restore a VHD backup. I restored the backup. Just wonder if WRSA would have caught the malware when the file was executed?
No info elsewhere on the file.
No info elsewhere on the file.
Without more info we cant say, looking at the submitted files on Friday I just see a lot of zipped samples sets. Can you give us the link/file via a filedropper site,MD5 or scan logs?
Here's a link to the file on Dev-Host:http://d-h.st/W2A. No scan logs because it wasn't executed from my W7 PC which has WRSA installed but on my W10TP which WRSA won't install on.@ wrote:
Without more info we cant say, looking at the submitted files on Friday I just see a lot of zipped samples sets. Can you give us the link/file via a filedropper site,MD5 or scan logs?
That program is not PUA (PUP) if anything its borderline hack tool. Its used to decrypt Windows ISO's. A user would really know what they are doing to run it successfully. I can see that file in our Friday uploads, its not what I expected hence why I didnt see it originally.
It's supposed to be a utility to convert MS ESD files to ISO and I now know where to get one from a legit site. Some sort-of downloader appeared on my desktop when I executed it. IIRC, I tried it again but don't remember exactly what happened but when I opened Chrome, I started to get pop ups, same with IE and it got worse with a full window opened with audio directing one to a site to help you with your PC problems! Yes, the ones they just created for you.@ wrote:
That program is not PUA (PUP) if anything its borderline hack tool. Its used to decrypt Windows ISO's. A user would really know what they are doing to run it successfully. I can see that file in our Friday uploads, its not what I expected hence why I didnt see it originally.
That program didnt do anything unusual, you may have got a different version than the one you submitted. I am guessing you went to a popular file hosting site and clicked there downloader version of the program. I wont take a guess at what site but there a couple of popular tech sites that used to be really good that now push there own crapware on users.
No guessing, I first Google'd "How to convert ESD to ISO" and in a "How to" which had two links where the files were removed or whatever. I then search for "esd-decrypter-v3.7z decryption tool" and a hit comes up at Dev-Host. It's possible that the file got cleaned up. I had made a backup with the original file just before I tried to install but have since deleted it.@ wrote:
That program didnt do anything unusual, you may have got a different version than the one you submitted. I am guessing you went to a popular file hosting site and clicked there downloader version of the program. I wont take a guess at what site but there a couple of popular tech sites that used to be really good that now push there own crapware on users.
CNET if full of malware infected software these days.
I see there is another thread on malware with links to some good info so I saved that link for later.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.