Jump to content

Trojan:Win32/Powessere.A!reg

bru
 Share

Recommended Posts

bru

bru

Posted
Posted

Trojan:Win32/Powessere.A!reg

Known since at least November 2014.  Wondering why MBAM realtime did not stop it from being installed nor did a full system scan detect it?

I do understand that no program can find everything but I believe this has been around long enough that it should be known to the developers and should have been accounted for.  Kind of shakes my faith a bit. 

 

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

Please reference the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected threats.

Malware hunters please read
Purpose of this forum
Malware Hunters group
 
The Malwarebytes' Malware Researchers need actual samples of malware, in accordance with the above referenced guidelines, so the Malware Researchers can create signatures. 

 

When you have them, please submit them in;  Newest Malware Threats

Link to post
Share on other sites
bru

bru

Posted
  • Author
Posted

Please reference the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected threats.

Malware hunters please read

Purpose of this forum

Malware Hunters group

 

The Malwarebytes' Malware Researchers need actual samples of malware, in accordance with the above referenced guidelines, so the Malware Researchers can create signatures. 

 

When you have them, please submit them in;  Newest Malware Threats

 

 

I had the same issue looks like a sudden outbreak. and since it was not still reported in the newest threat forum I created a new thread for it there.

I am not sure what else to upload for "actual sample".

 

 

Exaclty what pfm said.  What was I supposed to provide?  I had to use another program to remove it.  Now two customers have told you about this including its name.  There is information out there about it so I would hope MBAM would take it from here and do what it can to get it included in their definitions.

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

It is malware.  If you don't know how to handle it, then best practice is don't.  However for MBAM to detect a trojan or trojan family Malwarebytes has to have a sample of the malware to see what it does, what it modifies and how it communicates and then write signatures based upon it and its fallout.

 

This post starts with a name "Trojan:Win32/Powessere.A!reg" with no actionable information.  Not even the name of the anti malware that made the declaration.

 

Then the post goes on to use the word "it" numerous times. 

"did not stop it"

"nor did a full system scan detect it"

 

We do not know what "it" is and if one says "it" is "Trojan:Win32/Powessere.A!reg" then that is like saying "Mike".  Think about how many "Mikes" one knows and without qualifying information one can't determine WHO Mike is.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

In addition to David's expert advice...

 

It looks as if there is already a duplicate topic about the same issue in the correct forum area here: https://forums.malwarebytes.org/index.php?/topic/162921-trojanwin32powessereareg-cannot-be-detected/

 

The malware research team will be best able to address the issue if the requested information (zipped sample, VT report) is posted in that topic in that specialized section of the forum.

(This sub-section is reserved for discussion of problems installing, configuring and running MBAM, not for malware submissions.)

 

Thank you,

Link to post
Share on other sites
bru

bru

Posted
  • Author
Posted

It is malware.  If you don't know how to handle it, then best practice is don't.  However for MBAM to detect a trojan or trojan family Malwarebytes has to have a sample of the malware to see what it does, what it modifies and how it communicates and then write signatures based upon it and its fallout.

 

This post starts with a name "Trojan:Win32/Powessere.A!reg" with no actionable information.  Not even the name of the anti malware that made the declaration.

 

Then the post goes on to use the word "it" numerous times. 

"did not stop it"

"nor did a full system scan detect it"

 

We do not know what "it" is and if one says "it" is "Trojan:Win32/Powessere.A!reg" then that is like saying "Mike".  Think about how many "Mikes" one knows and without qualifying information one can't determine WHO Mike is.

I think my original message was pretty clear and understandable but I will be even more specific.

My machine became infected with Trojan:Win32/Powessere.A!reg.

Trojan:Win32/Powessere.A!reg is malware. Being not well versed in malware I can not give you a lot of information about Trojan:Win32/Powessere.A!reg but I can tell you that Microsoft Security Essentials was able to detect it during a Full Scan. 

I can also tell you that that Malwarebytes (Premium) did not find Trojan:Win32/Powessere.A!reg either in real time or when running a Threat and Hyper scan. 

On the Microsoft Answers discussion forum there are several threads about Trojan:Win32/Powessere.A!reg and all of them include a link to a tool from ESET that removes Trojan:Win32/Powessere.A!reg.  A link to this discussion has already been provided on the other thread about Trojan:Win32/Powessere.A!reg in this forum but here it is again. http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/trojanwin32powessereareg/e5d607fa-2a84-4228-ac41-504bb62a14e0

Hopefully this is specific enough and without the use of the word "it".  I can understand that the people at MBAM can't be expected to know about every bit of Malware but when two customers give you the name of a Malware item I would have thought a bit of legwork could be done rather than coming back to tell one of the customers that they need to provide the information.

edit: Although I did not find them another customer reports that Trojan:Win32/Powessere.A!reg has been mentioned and responded to in the Malware Removal forums.

 

Link to post
Share on other sites
bru

bru

Posted
  • Author
Posted

Hi:

 

In addition to David's expert advice...

 

It looks as if there is already a duplicate topic about the same issue in the correct forum area here: https://forums.malwarebytes.org/index.php?/topic/162921-trojanwin32powessereareg-cannot-be-detected/

 

The malware research team will be best able to address the issue if the requested information (zipped sample, VT report) is posted in that topic in that specialized section of the forum.

(This sub-section is reserved for discussion of problems installing, configuring and running MBAM, not for malware submissions.)

 

Thank you,

I started this topic and when I am told that as a customer I didn't give them enough information to act when I clearly did I will respond to it right here.

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

Trojan:Win32/Powessere.A!reg

Known since at least November 2014.  Wondering why MBAM realtime did not stop it from being installed nor did a full system scan detect it?

I do understand that no program can find everything but I believe this has been around long enough that it should be known to the developers and should have been accounted for.  Kind of shakes my faith a bit.

 

 

Hmmm  post-14644-0-77866700-1419977819.gif

I do NOT see any references to "Microsoft Security Essentials" in the above [ post #1 ]

 

Even still, just because MSE detects something doesn't mean it will help Malwarebytes.  The URL above [ post #7 ] is a a pointer to another Forum.  Not a Malware Dictionary/Encyclopedia entry and for all we know what was found could have been a False Positive.

 

There is nothing actionable in Trojan:Win32/Powessere.A!reg cannot be detected!

 

 

Frankly, I see a case of a complete misunderstanding of how malware samples are used to generate signatures and a subsequent unrealistic expectation.

 

All the text in this thread and all the text in Trojan:Win32/Powessere.A!reg cannot be detected! and that in http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/trojanwin32powessereareg/e5d607fa-2a84-4228-ac41-504bb62a14e0 can NOT be used to create signatures to detect and remove this malware.

 

It is like my above example of "Mike".

 

One goes to the Police and states "Mike did it"

They ask what is his full name and the reply is "I don't know".

They ask where does he live and the reply is "I don't know".

They ask what does he look like and the reply is "I don't know".

 

The result is there is no actionable information for said Police to go on.

 

------

 

I am sorry but I am losing patience with this thread.  I see brick walls and preconceived notions that I am unable to overcome and I don't see a light at the end of the tunnel.

Link to post
Share on other sites
bru

bru

Posted
  • Author
Posted

 

 

Hmmm  attachicon.gifHmmmmmm.gif

I do NOT see any references to "Microsoft Security Essentials" in the above [ post #1 ]

 

Even still, just because MSE detects something doesn't mean it will help Malwarebytes.  The URL above [ post #7 ] is a a pointer to another Forum.  Not a Malware Dictionary/Encyclopedia entry and for all we know what was found could have been a False Positive.

 

There is nothing actionable in Trojan:Win32/Powessere.A!reg cannot be detected!

 

 

Frankly, I see a case of a complete misunderstanding of how malware samples are used to generate signatures and a subsequent unrealistic expectation.

 

All the text in this thread and all the text in Trojan:Win32/Powessere.A!reg cannot be detected! and that in http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/trojanwin32powessereareg/e5d607fa-2a84-4228-ac41-504bb62a14e0 can NOT be used to create signatures to detect and remove this malware.

 

It is like my above example of "Mike".

 

One goes to the Police and states "Mike did it"

They ask what is his full name and the reply is "I don't know".

They ask where does he live and the reply is "I don't know".

They ask what does he look like and the reply is "I don't know".

 

The result is there is no actionable information for said Police to go on.

 

------

 

I am sorry but I am losing patience with this thread.  I see brick walls and preconceived notions that I am unable to overcome and I don't see a light at the end of the tunnel.

My machine got infected.  The MBAM product I purchased did not find it.  I came here to report it and you start giving me a grammar/creative writing lesson and tell me I have to give them information about something I have no idea about but is their business.  The name of a suspected Malware is more than sufficient for someone to find out information.

 

FWIW it has been reported by I believe an actual employee or Malwarebytes that Malwarebytes AntiRootkit BETA can clean what I and another customer reported.  This in and of itself brings up many issues that I as a paying customer of this company will have to consider.

If that is your signature I can see why you need to say that because your response to my post was not helpful at all and downright rude to boot.

edit:  I see that I responded to you thinking you were an employee of MBAM.  Thankfully you are not. My mistake in engaging with someone who twists things so they can get in the last word.

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I replied in the other topic. As such I will go ahead and close this topic now.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thank you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.