• Welcome to Maher's Digital World.

(New) Testing Anti Virus Suites

Started by Vasudev, June 02, 2014, 12:06 PM

Previous topic - Next topic

humbert

Quote from: Vasudev on January 09, 2022, 04:42 PM
I use 980M Alienware and its working fine for me.

By this do you mean it can boot those unbootable antivirus programs? Or do you mean something else?

Quote from: Vasudev on January 09, 2022, 04:42 PM
I will be moving to new laptop this year or next year depending on prices.

In your case this makes perfect sense. You use your lappie for heavy duty games and for (I assume) processor-intensive  engineering programs in your job.

Quote from: Vasudev on January 09, 2022, 04:42 PM
Have you checked if Asus has released new BIOS?

At this moment the only Asus hardware I have is an old lappie which I use for browsing, emails, and other general stuff. It's been a long while since new firmware was written for it. My current board is MSI which, frankly, works quite well. It was the only thing the computer store had in stock and I needed it immediately.

Vasudev

Quote from: humbert on January 10, 2022, 05:29 AM
Quote from: Vasudev on January 09, 2022, 04:42 PM
I use 980M Alienware and its working fine for me.

By this do you mean it can boot those unbootable antivirus programs? Or do you mean something else?

Quote from: Vasudev on January 09, 2022, 04:42 PM
I will be moving to new laptop this year or next year depending on prices.

In your case this makes perfect sense. You use your lappie for heavy duty games and for (I assume) processor-intensive  engineering programs in your job.

Quote from: Vasudev on January 09, 2022, 04:42 PM
Have you checked if Asus has released new BIOS?

At this moment the only Asus hardware I have is an old lappie which I use for browsing, emails, and other general stuff. It's been a long while since new firmware was written for it. My current board is MSI which, frankly, works quite well. It was the only thing the computer store had in stock and I needed it immediately.
I don't game that much.
Then again I use my Ivybridge for coding duties and 6700hq has issues.

scarface


humbert

Quote from: scarface on July 16, 2022, 12:44 PMNote that a new version of Mcafee endpoint security is available here: https://www.nomaher.com/forum/index.php?topic=1718.msg36900#msg36900

Thanks. How do you run this? Does it have to be installed or can you boot from an ISO and clean if the need arises?

scarface

Quote from: humbert on July 17, 2022, 05:38 AMThanks. How do you run this?
You double click on the exe file.

Quote from: humbert on July 17, 2022, 05:38 AMDoes it have to be installed or can you boot from an ISO and clean if the need arises?
No you can't boot it from an iso, it must be installed.
If you want to use a standalone application from mcafee, you can try stinger: https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/free-tools/stinger.html

scarface

Note that a new version of Trellix Endpoint Security (formerly Mcafee) is available here: https://www.nomaher.com/forum/index.php?topic=1718.msg36900#msg36900
This is the latest version.


humbert

Vasudev, et. al. -> You probably won't know the answer to this, but hopefully you can point me to a source that might help. I've been dealing with malware forever but I've got one that simply defies explanation.

On the root directory of one of the network drives on the router's USB port, something creates files named video.scr, photo.scr, af.scr and links. You delete them and they come back. This does not happen if the drive is disconnected from the router and connected to the PC's USB drive. I've run no less than 3 antivirus program which have found nothing except patches, keygens, activators, and PUP's (this is normal). To make this even more mysterious, I've uploaded all these SCR files to virustotal and they are CLEAN. To put the icing on the cake, the files are produced even with the PC powered down and unplugged. I logged in with my Android phone and saw the files there. Delete them and they come back even with the PC unplugged.

I've read somewhere that this is some sort of cryptocurrency mining software that managed to find its way to my system. Not only did this not appear on my system, but Task Manager is reporting that the CPU and GPU are running normally with no mining program or any other producing unusually high usage.

I am stumped. Is there a forum somewhere were someone can render assistance?

scarface

#97
Quote from: humbert on March 03, 2024, 05:43 AMVasudev, et. al. -> You probably won't know the answer to this, but hopefully you can point me to a source that might help. I've been dealing with malware forever but I've got one that simply defies explanation.

On the root directory of one of the network drives on the router's USB port, something creates files named video.scr, photo.scr, af.scr and links. You delete them and they come back. This does not happen if the drive is disconnected from the router and connected to the PC's USB drive. I've run no less than 3 antivirus program which have found nothing except patches, keygens, activators, and PUP's (this is normal). To make this even more mysterious, I've uploaded all these SCR files to virustotal and they are CLEAN. To put the icing on the cake, the files are produced even with the PC powered down and unplugged. I logged in with my Android phone and saw the files there. Delete them and they come back even with the PC unplugged.

I've read somewhere that this is some sort of cryptocurrency mining software that managed to find its way to my system. Not only did this not appear on my system, but Task Manager is reporting that the CPU and GPU are running normally with no mining program or any other producing unusually high usage.

I am stumped. Is there a forum somewhere were someone can render assistance?
Hi humbert.
I found a topic dealing about this issue here:
https://www.bleepingcomputer.com/forums/t/779798/photolnk-videoscr-files-all-folders-of-a-network-drive/
It comes to the conclusion that those files are harmless.
Now if you think they are not (several suggestions):
1: Use Trellix antivirus (available above)
2: Format your hdds
3: Don't plug hdds to your router if it's not necessary
4: Don't use a router (I have no router...)

humbert

Quote from: scarface on March 03, 2024, 06:20 AM1: Use Trellix antivirus (available above)
2: Format your hdds
3: Don't plug hdds to your router if it's not necessary
4: Don't use a router (I have no router...)

Thanks for your help. I found that site you mentioned and ran that program they recommended. Didn't help much. I will remember Trellix antivirus.

This is truly the weirdest issue I've run into since I first started to play around with computers. So much so that the problem actually went away by itself! Those files have not reappeared. I didn't do anything and have no explanation. To deepen the mystery, I sent all those scr files to virustotal and they all came back clean. Not one of the 50 or so antivirus companies detected any kind of malware anywhere. If indeed these files had malware, I would love to meet the guy who wrote the software. He succeeded in making his malware totally undetectable.

Another thing doesn't make sense. If indeed this was some sort of cryptocurrency mining going on as the site explains, it follows that the CPU & GPU would run at almost full speed - otherwise mining can't happen. In my case both were running normally and showing maybe 1% or 2% usage when the computer isn't running any program.

Unlike you, I have no choice but to use a router - and a strong one at that. I have no less than 15 devices connected to it and any time. Both my computers, 3 cell phones, 3 TV's and/or streaming devices plus some more stuff (thermostat, EV charger, etc). I have important data on drives connected the router's 2 USB ports. They must be accessed from anywhere in the house and from the street if I'm out. Without a router I'm dead in the water.

You said you don't use a router. Does this mean you connect your cell phone to the internet only via mobile data, i.e., no WiFi at home? If you need to use WiFi for a large download, to you go to Starbucks or use the one at work?

scarface

#99
Quote from: humbert on March 05, 2024, 04:56 AMYou said you don't use a router. Does this mean you connect your cell phone to the internet only via mobile data, i.e., no WiFi at home? If you need to use WiFi for a large download, to you go to Starbucks or use the one at work?
I have no router because I'm using my smartphone as a mobile hotspot. Formerly, I used to have a box, but I don't download any more. I have a data usage limit of 200 Gb.