Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE worries

26 Oct 2013   #61
UsernameIssues

W7 Pro SP1 64bit
 
 

I had thought about splitting my ramblings off to a new thread...
...for fear of hijacking this one.


Nothing much new to report today. Nothing has changed on the status page for the file that I submitted several days ago.

I created a script a few days ago that downloads this infected file every few minutes. It has been running for 7 hours today and there have been 7 versions of the infected file. Sometimes 3 or 4 versions within one hour. I happened to be the first person to upload 3 of the files to virustotal.

I've stopped checking how MSE handles each version because it is always the same error shown in the video above or it is not detected at all.

I have Malwarebytes (free - not real time trial) installed in the virtual machine. Malwarebytes did not pickup 3 of the 7 files right away... but as of this post and the latest set of definitions, all 7 are detected.


My System SpecsSystem Spec
.
26 Oct 2013   #62
andrew129260

Windows 10 Pro
 
 

I appreciated the information. Thank you very much usernameissues. I would rep you if I was able to.
My System SpecsSystem Spec
26 Oct 2013   #63
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
I appreciated the information. Thank you very much usernameissues. I would rep you if I was able to.
I just did it for you.
My System SpecsSystem Spec
.

27 Oct 2013   #64
urbanspaceman1

windows 7 premium home 64bit
 
 

Don't worry about taking over this thread: my initial question has been long-since dealt-with. This is fascinating stuff, even though, as I said earlier, I only understand the essence of the procedures and not the mechanics.
My System SpecsSystem Spec
27 Oct 2013   #65
UsernameIssues

W7 Pro SP1 64bit
 
 

Thanks guys for the rep.

I'll ramble on a bit more in this thread.

By the end of yesterday's playing, I had 8 new versions. they all do the same thing, but they have been changed a tiny bit. My guess is the changes are meant to evade antivirus detections. Yesterday's pattern of changes was interesting. There was a version that was 58KB in size. The next version was 59, then 60, 61 and 62KB.

Before dumping these files, I installed MSE and scanned all 8 versions. None were detected as infected.

I then started with the 8th version and "installed" the infection. MSE did not indicate a problem.

This "installation" was repeated for each version and MSE did not indicate a problem - until the oldest version. MSE said it cleaned/quarantined the process, but the ransom note still took over the profile. And the same error appeared about MSE not being able to find the process/PID.

There has been no update to the status of the file submission that was made 10 days ago.

This TechNet Blog may be of interest:
Our protection metrics - September results - Microsoft Malware Protection Center - Site Home - TechNet Blogs
My System SpecsSystem Spec
28 Oct 2013   #66
UsernameIssues

W7 Pro SP1 64bit
 
 

Sunday's playing yielded more disappointments with MSE. For Sunday's experiments, the Virtual Machine had access to the host's 4 cores, was assigned 2GB of RAM and is working from an SSD. It was quite responsive.


The infected file that I'm playing with only copies itself to one location, but other infections that I've seen make lots of copies. I changed the script that downloads the infected file so that it downloaded the file as fast as it could. Then I halted the downloading, installed/updated MSE, right clicked on the folder that contained the infected files and selected a scan by MSE.

It took MSE a while to chew thru the 3000+ files and MSE declared them all clean. I let one of the files infect the Virtual Machine and MSE declared the file as bad (but could not find/stop it). I manually cleaned up the infection.

I then told MSE to check for updates again. Since there was an update, I scanned that folder again. This time, each file was being flagged as bad. I let MSE quarantine each file, but the cleaning progress bar was moving painfully slow and resource monitor showed very little IO activity for MSE. Eventually, MSE hung up about 70% thru the process.

[Sidebar: To make sure that this hang was not a one time thing, I attempted to repeat the process today - but alas, today's version of the infected file is not detected as bad. During the infection process with today's file, MSE flags it (but cannot find or stop it).]

After MSE hung up yesterday, I restarted the Virtual Machine. MSE made a green popup stating that the computer was being cleaned. These popups continued every minute or two. Again, resource monitor showed very little IO activity for MSE scanning engine. I gave up and dumped the VM... which I regret doing; because I then wondered if the files were slowly being removed from the folder. There is always one more thing to check :-(
My System SpecsSystem Spec
28 Oct 2013   #67
urbanspaceman1

windows 7 premium home 64bit
 
 

I though that MS monitored the posts and threads on this forum.
My System SpecsSystem Spec
28 Oct 2013   #68
derekimo

Microsoft Community Contributor Award Recipient

 
 

Quote   Quote: Originally Posted by urbanspaceman1 View Post
I though that MS monitored the posts and threads on this forum.
They would learn a lot if they did.
My System SpecsSystem Spec
28 Oct 2013   #69
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by derekimo View Post
Quote   Quote: Originally Posted by urbanspaceman1 View Post
I though that MS monitored the posts and threads on this forum.
They would learn a lot if they did.
I doubt it.
My System SpecsSystem Spec
28 Oct 2013   #70
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by urbanspaceman1 View Post
I though that MS monitored the posts and threads on this forum.
That would be nice, but I'm not sure one way or the other.
Maybe someone that has been here longer than I can speak to that.

This is from the main page:
Quote:
Windows 7 Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows 7" and related materials are trademarks of Microsoft Corp.
My System SpecsSystem Spec
Reply

 MSE worries




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Installation worries?!
Hey everyone, new here so please be patient! I recently purchased Windows 7 Home Premium 64 bit OEM. I had a new custom build with AMD Athlon II X3 435, 4gb DDR3 1333 and an MSI 770 C45 Motherboard. I put the dvd in the drive on the first install and everything worked perfectly. Perfectly until...
Installation & Setup
Windows 7 7004; compatibility worries; performance beats Vista
Windows 7 7004; compatibility worries; performance beats Vista Windows 7 has surpassed the 7000 build mark as it has been spotted at build 7004. This has concerned a few people in regards to build numbers, but all shall become clear. Donít worry; your applications are safe and non-hardware...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:09.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App