Skip to main content
Please see VT report: Virus Total report

 

So I found and file and scanned it with VT and it came up nasty. Wanting to test WSA I decided to run it and it did execute then the file disappeared from desktop. Nothing seemed to happen so I figured WSA was monitoring the program. I recall watching a video by WSA employees talking about how WSA will monitor a file it doesnt know and wait till it does something bad. Anyway, I decided to scan with HitMan Pro just for the heck of it, HitMan Pro did detect 3 Trojan temp files. I did not do anything about the detections. I rebooted the PC and it locked into an endless boot cycle, typical symptom of malware.

 

Now here is the part I don't understand. I had WSA heuristics set to the highest level, I also had the firewal set to prompt for any file it doesnt recognize, not just when infected. WSA did not make a peep at all, not a single things as far as  could see. So did this file get past WSA? What did exactly happen? I have the file URl or I can send ot zipped to anyone that wants it. I really want to know why WSA failed, if it did in fact fail.

 

Thank you for your help.
So Hitmanpro removed the infection and now the PC wont boot? The file isnt too common and has only been seen on two PC`s with one of those being a malware sample PC (guessing the other one is your PC). 
No, Hitman Pro only detected the infection, which is why i ran it. I did not have it clean or quarantine anything.

 

The PC would not boot, correct. I reimaged it.

 

 

even with the virus being new, is it strange that not a single warning came or anything? Let alone the boot issue
To be honest I can say as I have no idea what hitman pro did (or tried to do). Looking at the behaviour of the dropper I dont see anything that would really cause a boot issue. 
I am no expert on HitMan Pro, but all i did was use it to scan, i never had it perform any tasts, do you really think it was HitMan that caused the boot issue?
Without data from the PC I cant tell, since its been re-imaged we will never know what exactly happened. I could test the malware but since its in a completely different enviroments its not going to have the same results.
oky thats understandable. Can you tell me why WSA didnt detect anything or even prompt when i executed it? Is that normal?
The file wasnt marked bad in the database so on your PC it was montioring (journalling) the file. 

Reply