Jump to content

How to request check-ups for applications?


Silver_fang

Recommended Posts

Alright so recently I' came across some news about a 'legitimate' service for e-sport gamers which have been accused of implementing malware into their Anti-cheat client, so a part of their own client they manifested the malware as support tool for their service.

Some of you may heard of this already, either way at this point i wish to know if there is any analyzers at all that take requests of applications that has been verified or are not yet tagged/flagged as unsafe. Malwarebytes forum has a subforum for people who know they are infected but i can't find any subforum for people who wish to get check-ups for their system or just files they want to be analyzed.

The esport service i described above is https://gamersclub.com.br/

Also another one that i wish to know more about is: https://www.nptunnel.com/

Nptunnel or also known as "NoPing" is a routing service for gamers. The reason why i wonder about nptunnel is because no one has analyzed it and verified it. The problem is that both of these companies are under Brazilian law which do not abide by EU laws or EU rulings nor American laws which lack the safety of internet laws in many aspects which make intrusions such as implementing malware into their users computers not illegal. As both of these companies has been accused of implementing malicious/intrusive code into their clients and haven't seen any public in-depth evidence nor news service reporting about it i wish to know if there is any place or people that could maybe look into it and report back?

As Malwarebytes is on the front lines of defending people and their systems i find it to be related to this board.

 

Any feedback about this will be appreciated! 

Thanks in advance

 

add: If you wish me to censor the brands, please tell me to do so or moderators could do it. =) 

Link to post
Share on other sites

Greetings :)

While I do not know of any specific service for this purpose, you can always upload any files you're unsure about to VirusTotal and get it analyzed by several different AV/AM engines to see if they detect it as malicious.  That also adds it to the VT database which means that VT partner organizations who have access to the samples uploaded there may have their researchers download and check the files in more detail in the future, including Malwarebytes.

As for checking your system, you can post in our malware removal forum and one of our malware removal specialists will check your system for signs of infection and tampering, so while it may not specifically tell you if one of those apps is a threat, it can at least let you know if any known malware or other malicious activity has taken place on your system (such as the installation of any backdoors or rootkits etc.).

Link to post
Share on other sites

On 10/12/2017 at 4:37 PM, exile360 said:

Greetings :)

While I do not know of any specific service for this purpose, you can always upload any files you're unsure about to VirusTotal and get it analyzed by several different AV/AM engines to see if they detect it as malicious.  That also adds it to the VT database which means that VT partner organizations who have access to the samples uploaded there may have their researchers download and check the files in more detail in the future, including Malwarebytes.

As for checking your system, you can post in our malware removal forum and one of our malware removal specialists will check your system for signs of infection and tampering, so while it may not specifically tell you if one of those apps is a threat, it can at least let you know if any known malware or other malicious activity has taken place on your system (such as the installation of any backdoors or rootkits etc.).

Thanks for the reply! About Virustotal it only search for 'already' flagged signatures if i'm not mistaken, as the services i was mentioning are using a company/services they probably had their files verified and obviously one of them had it their application crypted so it would stay under the radar of AV's. That's the reason why i would like to find a place where they actually analyze the file. To watch for outgoing connections/dropping files where they shouldn't go etc.

At the removal forum i thought it was only for those who already were infected and wanted it removed hence the name. Would be good if the board could be specified also for those who would like a check-up. Either way thanks =)

Link to post
Share on other sites

Virus Total ( VT ) does not " only search for 'already' flagged signatures".  That is not how it works.

VT has the anti malware engine(s) and signatures of *many* anti malware vendors.  The Signatures for each vendor are updated quite often.  The anti malware Engines are updated less frequently but are also updated periodically as needed.

When one submits a file to VT it makes a decision if the file has been seen before ( based upon a file hash ) or if it is a new file.  If the file has been seen before, it will display the last report based upon the results.  If the submitter chooses to do so, the file can be re-analyzed based upon the latest Engines and Signatures for each vendor.  If the file has not been seen before, the submission will be analyzed using latest Engines and Signatures for each vendor.  Based upon the file's Hash value, a historical notation is made and in the report one can see when the file was first submitted to VT.

Anti malware researchers can use that information to make inferences.  For example...

Let's say that a file was first seen on Dec. 2016 and 15 vendors marked it as malicious.  The file is reanalyzed on Oct 15, '17 and now the results show that only 5 vendors mark it as malicious.  One can deduce that the file is not malicious and those that flagged it as malicious are False Positive declarations.  Conversely if a file had showed 5 detections as malicious on Dec. '16 and on Oct 15, '17 the report shows 15 detections then it can be inferred that the file has a very high probability of being malicious.

 

Edited by David H. Lipman
Spelling, Grammar and Clarification
Link to post
Share on other sites

12 hours ago, Silver_fang said:

At the removal forum i thought it was only for those who already were infected and wanted it removed hence the name. Would be good if the board could be specified also for those who would like a check-up. Either way thanks =)

Primarily, yes, however it is also used when we have any users who wish to have their system checked to verify it's clean.  If you explain your situation to the helper, including if there's anything odd going on with your computer that you want their input on, they'll check all your logs and verify whether the system is clean or not.  You may of course post the logs here (usually a Malwarebytes Threat scan log and FRST log are sufficient to do a fairly thorough check for signs of infection) and one of our forum volunteers may have a look and let you know if they see anything suspicious, however there is no guarantee that anyone certified to have sufficient knowledge of malware and malware removal will be checking your logs which is why I really recommend posting in the malware removal area of the forums.

Link to post
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.