PUA not detected - hides itself while scanning

HI,

on one of our server is a  PUA running, no matter what we tried (online scan / offline scan) it is not detected. The PUA uses some kind of stealth mode. When you try to execute scan on an affected file you can see that the mousepointer moves away from the selected file. Off course, we can clean the server with fresh install, my intent is to be able to detect such software.

What is the recommended way to proceed ?

regards

Parents
  • Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

  • QC said:

    Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

     

    Hi Christian,

    thanks for your help, we already used the Linux ISo for an offline scan, but unfortunatly it was not detected. We also tried some other offline tools from other vendors without success.

    Affected files, better to say related files, looks like when accessing the files directly they seem more or less clean, when we try to create a dump while the services are running we receive the error:

    "Error configured dump resources: The system cannot find the file specified"

    @Shweta

    We use on premise Endpoint Protection standard, for this case we applied for an InterceptX trial and migrated the server to Sophos Central , also there it was not detected

    We allready contacted the support, as soon a we have more informations i will updated this thread with more detailed informations.

    regards

Reply
  • QC said:

    Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

     

    Hi Christian,

    thanks for your help, we already used the Linux ISo for an offline scan, but unfortunatly it was not detected. We also tried some other offline tools from other vendors without success.

    Affected files, better to say related files, looks like when accessing the files directly they seem more or less clean, when we try to create a dump while the services are running we receive the error:

    "Error configured dump resources: The system cannot find the file specified"

    @Shweta

    We use on premise Endpoint Protection standard, for this case we applied for an InterceptX trial and migrated the server to Sophos Central , also there it was not detected

    We allready contacted the support, as soon a we have more informations i will updated this thread with more detailed informations.

    regards

Children
No Data