LS.Andy

Root Admin
  • Content Count

    1,331
  • Joined

  • Last visited

  • Days Won

    43

Posts posted by LS.Andy


  1. No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already.

    This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/

    I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens.

    KeePassx: https://www.keepassx.org/

    Authy: https://authy.com/

     

     

    • Like 1

  2. Hi PEllis,

    Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database.

    As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection


  3. Hi mcoueron,

    Sorry for the late reply. We've just migrated to a new version of the forum software and we're having some unexpected issues with settings that didn't migrate properly, like file uploads not being permitted and email alerts on new posts not being sent.

    In the meantime, can you post a link to the file that's being blocked so I can download and check it out?

    Thanks,

    Andy

    Lavasoft Malware Lab


  4. Hi rickvoid,

     

    Thanks for the additional information. If I've understood correctly, Ad-Aware isn't alerting that it has blocked files, rather, Ad-Aware appears to be conflicting with the Twitch app and stopping it from running:

     

    01 Error.png

     

    .. and when you kill Ad-Aware, Twitch runs:

     

    03 Twitch success.png

     

    I was able to recreate this and I've notified the development team about this for investigation. Thanks for letting us know.

     

    Regards,

     

    Andy

    Lavasoft Malware Lab


  5. Hi Homeschooled,

     

    You can remove the file from quarantine by:

    • clicking Scan Computer on the icon list on the left side of the GUI
    • scrolling down to Quarantined Files
    • clicking View
    • selecting the file you want to restore and hit Restore

    You can add the file to the exclusion list by going into Manage Exclusions, just above Quarantined Files.

     

    When you've restored the file, can you upload it here so I can check it out?

     

    Thanks,

     

    Andy

    Lavasoft Malware Lab


  6. Using the installer, I was able to recreate the detection on IETabDriver.exe. The md5 for that file was different from the original one that we tested with (md5: 0f0ec27159eda4c9bad814d28bda0e59).

     

    This is an FP and will be removed from detection.

     

    I wasn't able to recreate the detection on whale.exe. The md5 of the file installed using the installer is d574b68650c68f8941dbc16f86d56a2f, which is also different from the file we originally tested.

     

    Can you upload the version of whale.exe that is being detected please?

     

    Andy


  7. Yes, I can see the detection in the screenshot/xml file, but I can't recreate it with the files you uploaded. Maybe we're looking at different files.

     

    Can you check the md5's of the detected files you're testing with and compare them with the files below? Are they the same, or different?

     

    File: IETabDriver.exe

    MD5: c103a08d9f2f9e2d18eedab0e376b481

     

    File: whale.exe
    MD5: 9969650dab84c15ab0d8a69b7a827e9f

     

    Thanks,

     

    Andy