JordonTD
Joined: 07 Sep 2022 |
Posts: 0 |
|
|
 |
Posted: Wed Sep 07, 2022 6:32 pm |
|
 |
 |
 |
 |
According to ClamWin scan there are several RAT malware in recently installed programs from Keyscrambler, NirSoft Wireless Network Watcher, FRST64.exe and even Malwarebytes -- all of which were downloaded from their respective official websites. And yet the scans I ran before ClamWin, such as with ESET, MSERT, Windows Defender, Microsoft Security Essentials, Kapersky, Comodo, MrMed and yes even Malwarebytes, all of which found no threats.
Although before I ran CW for the first time, I knew that I was stuck with a RAT malware, but didn't know if if it was an injected code or a white listed version that Malwarebytes didn't pick up. I subsequently reinstalled my Win7 Ultimate 64bit using Minitool partition to delete all partitions before (I found after reinstallation that the deletion wasn't complete since Old Windows folder was installed. And before reinstallation, I reset my Dell Bios. I ran afterwards the above scanners then with CW, which again came up with the same RAT malware infections -- but they only showed up subsequently after restart once they were removed or quarantined before restart and this despite Minitool rebuilding MBR, that may have been modified by the RAT malware.
It may be counter intuitive, but I think CW is making the right call. Like GuitarBob, I'm not all that impressed with Malwarebytes or the other scanners -- who are totally useless in detecting a lightly modified version of Mimikatz for example! Feedback would be appreciated.
|