cma6

exploit in Emsisoft notification

Recommended Posts

I was reading the recent EIS notification re Double Pulsar malware and while reading it online with Chrome, there was an attempt at an exploit in the folder \Downloads\Emsi\

but fortunately EIS stopped the exploit.

 

Share this post


Link to post
Share on other sites

What does the Behavior Blocker log say about it? You can view the log by opening EIS, clicking on Logs, and selecting Behavior Blocker in the menu at the top. There's also an Export in the lower left corner if you'd like to save the log somewhere (it will open automatically in Notepad when you save it) if you'd like to copy the link showing the exploit attempt into a reply.

Share this post


Link to post
Share on other sites

Behavior Blocker log has no entry after 6/30/17, perhaps because the exploit was stopped by EIS. BTW, I noticed at the time of the EIS notification of exploit blocked that at that instant, EIS was "installing", which I cancelled. I then rebooted and did a Custom Scan.

Share this post


Link to post
Share on other sites

The DoublePulsar exploit detection only detects if DoublePulsar is trying to install a payload, so it is possible that there is still a DoublePulsar infection present and it just hasn't tried installing another payload since the first time it was blocked. That being said, our DoublePulsar detection is fairly new and I'm not sure whether or not it is possible for something to trigger a DoublePulsar alert even if it isn't actually DoublePulsar (most Behavior Blocker alerts can be triggered by legitimate software). Just in case I recommend following these instructions for creating a new topic in our Help, my PC is infected! section, and one of our malware removal specialists will take a look at your logs.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.