Lode

Trojans Detected. Good for EIS! But in Custom Scan Only.

Recommended Posts

Hi!

 

EIS detected 3 trojans which are in an attachment with an email in my Opera Browser's integrated email client. But only in Custom Scan mode. The default Malware Scan did not detect them.

 

So I'm glad EIS found them. But if at all possible, it might be handy if the default scan would also detect them. 

 

Not sure if in the default Malware scan scan rootkits are also scanned for, or if EIS can be set to do that, but in Custom Scan I have it enabled. Maybe that is the difference? Or are those trojans not rootkits? 

 

I always surf and open emails in the sandbox of Sandboxie. So malware can't spread beyond that virtual space to my hard disk. Plus I knew already from the message in the email that it was fishy. Supposedly I had made a substantial payment to some company, and was offered to review it in the attached document. I saw that first in my MailWasher program, and through that program forwarded the email to SpamCop. For that I only have the first 50 text lines appearing in Mailwasher, as SpamCop only needs the header. So to see the whole message I also read it in my Opera 12.17 browser build-in email client. I deleted that email, but somehow EIS still found the trojans. Good for EIS!   :thumbs:

 

PS:

I had the trojans moved to quarantine. 

scan_160327-144912.txt

post-4144-0-77262200-1459085443_thumb.png
Download Image

Share this post


Link to post
Share on other sites

EIS detected 3 trojans which are in an attachment with an email in my Opera Browser's integrated email client. But only in Custom Scan mode. The default Malware Scan did not detect them.

 

So I'm glad EIS found them. But if at all possible, it might be handy if the default scan would also detect them.

The Malware Scan isn't intended to scan every file, it's just intended to look in places that malware files will be saved to when a system is infected, as well as a few places that are common for users to save files in (such as Desktop, Documents, and Downloads folders). If a more intensive scan is needed, then that's why we left the Custom Scan in (and included it as an option when creating scheduled scans), so that you can perform scans of the entire system or even perform scans of specific folders.

Not sure if in the default Malware scan scan rootkits are also scanned for, or if EIS can be set to do that, but in Custom Scan I have it enabled. Maybe that is the difference? Or are those trojans not rootkits?

The "Rootkit scan" option is used automatically in all scan types, and can only be turned off when running a Custom Scan.

The detections in questions are not rootkits. They are trojans, and more than likely a type of trojan sometimes referred to as a "dropper" since it downloads and installs an infection (or "drops" other files into place to infect a system).

... Opera 12.17 ...

Just an FYI, you may want to update to Opera 12.18, which has fixes related to secure connections (HTTPS TLS encryption), and will resolve issues with viewing websites that are using newer encryption mechanisms (websites protected by CloudFlare are a good example). It also fixes a vulnerability in Opera's built-in mail client. This update was quietly snuck onto Opera Software's update servers on February 15th or 16th, and while most people missed it at the time, there was someone who did manage to find a link to an official statement about the update and what it contains.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.