Xeno
-
Posts
43 -
Joined
-
Last visited
Posts posted by Xeno
-
-
Its also a password protected archive. Never put a password in at all but I still double clicked the archive.
-
Hello! I'm using Kaspersky Premium with a default deny intrusion prevention setup. I was looking at a obviously fake adobe file for malware analysis (just uploading to sandboxes) when I had the file on my PC and double clicked the archive to see what was inside. When I double clicked, it didnt show the inside of the archive (I tried this twice, still nothing), and I am a bit concerned that the file might have actually ran.
I have checked Intrusion Prevention, no file called "setup.exe" (which is what the file is) is there. I have also scanned with: Kaspersky, Sophos, Malwarebytes, ESET, and Emsisoft, they have found nothing.
Should I be concerned about a infection? I dont think intrusion prevention would just stop working suddenly, but I am a bit concerned since the file has zero virus total detections and wasnt picked up by Kaspersky via static detection.
https:// tria . ge/231230-azz71aagaj/behavioral2 incase you need the file, here it is. -
https://www.kaspersky.com/enterprise-security/wiki-section/products/emulator
Is this a local emulator or like fully fledged threat emulation? -
What Anti-Rootkit Technologies does Kaspersky Have?
Im curious. Does System Watcher also stop rootkits being set up? What technologies are there to stop Rootkits? -
What if the connection is established? I've seen this happen before. Does kaspersky protect against what the rat is capabile of aswell?
-
I mean what if like the connection is established, but it does malicious stuff? Can it detect the rat if the connection is established but the connection isnt detected via what the rat does?
-
15 hours ago, Xzz123 said:
you can set up rules for hips
to block all internet connection in low restricted group.
and allow certain app as you wish
Besides setting custom HIPS rules. Does kaspersky do anything to protect you if the connection is established?
-
Kaspersky has good scanners, signatures, and good protection against rats and backdoors. However, what happens if the connection is setup and they have access to your system?
Are they able to just steal all your files with Kaspersky noticing, or will Kaspersky deal with it? -
I was also looking around and a strain of stealer has like no detections from kaspersky on VT (yet have 50 detections)
https://www.virustotal.com/gui/ip-address/77.105.147.140/relations all files are here - idk how to submit a report here. -
15 hours ago, Yury Parshin said:
It's unknown what's in this video. But definitely not a publicly available utility Terminator using Zemana driver
Possible they made a exclusion to test just its termination abilities
-
I sent a email but they never responded lol
-
Is it a issue if I made the download a Triage link
-
I found another one and sent it via email aswell, lets hope they respond back.
Not sure if its a issue that the download is a Triage link but that does work.-
1
-
-
7 hours ago, Yury Parshin said:
It is impossible to block generically all vulnerable drivers in advance because we are working on the same access level. But is is possible to block known drivers, rules for blocking are updated regularly
Couldnt it be possible though to stop unknown drivers - take the safe rather than sorry approach. In theory really, you shouldnt have unknown applications try to terminate Kaspersky.
-
35 minutes ago, harlan4096 said:
No, there is an issue with KOTIP and malware files bigger than 51MB, this one has 67MB, so I also could not send it... anyway it's true that I got a warning reply by email. Check Your SPAM folder.
Yeah I saw. I sent it via email and I did get a warning reply
-
1
-
-
3 minutes ago, harlan4096 said:
Did You read it? It seems not... No, I did not send via KOTIP, I sent with the old way, still working, via email, but not attaching directly the file but adding a link to download it (compressed with password "infected").
Oh cool, wonder why they didnt respond to me. Maybe I attached it in a weird way.
-
Oh never mind, its detected already.
-
Oh, you sent it via opentip?
Can you also report this website ageostealer.wtf
Its the website this strain of stealer uses. -
9 hours ago, harlan4096 said:
Where did you send it so I know where to incase I need to report something. I emailed it to them and never got a response.
-
I was looking around on this forum: https://malwaretips.com/threads/suspicious-game.124193/
There is a suspicious game getting past Opentip, Kaspersky's Scanner, and Behavioral detection. People have analyzed it and said that is a discord stealer that steals your discord token however it pops up a error which may mean its not doing its thing.
I dont know where to submit things - I submitted on Opentip, but every time I've done that no one has ever responded back to me. -
7 hours ago, Yury Parshin said:
Blocked Terminator utility
Is this going to help against other drivers that terminate Kaspersky? I've seen other ones terminate the anti-virus (in detections) but what if there is a day zero one?
-
99% sure it also works with Kaspersky so no dont disable it
-
10 hours ago, Yury Parshin said:
Hi. We know about this utility and vulnerable driver from Zemana. Our product blocked them since 2023.06.02. We need a specific sample, which is on the video
Have you blocked the driver or Terminator Malware samples, im curious?
-
Kaspersky is still a good tool, no Anti-Virus can do anything against it unless you setup custom rules. I have it where it cannot modify anything in Sys 32 to prevent BYOD attacks, but thats cause I use paid Kaspersky.
Possible malware infection.
in Virus and Ransomware related questions
Posted · Edited by Xeno
Hello, the file was a .rar that I double clicked. I wasnt trying to execute it, I was trying to see whats inside of the archive.
I've handled this issue on my own though. I've checked the hash of the executable (its unknown to Kaspersky or VT), meaning it would be placed in a restricted group. This archive was also password protected, and I never entered a password for it 🤦♂️. If you somehow can execute a password protected file without the password, let me know :D.
Harlan, don't worry, I wont be messing with malware again. I've realized most of the times I do it, I ask for people's help to ensure i'm not infected and its not worth the time for them or for me.