Suspicious Process - File Is Too Large To Upload On Support Ticket
There is a new Spyware program that just became available. It is called DEKETE Tool
Detekt Tool Puts Surveillance Spyware on Notice
Guarnieri, today, with a number of partners such as Amnesty International, The Electronic Frontier Foundation, Privacy International and Digitalle Gesellschaft, took a step toward scaling out his efforts to help activists and journalists in need with the release of Detekt.
Detekt is detection software that Guarnieri has been using for some time in an ad hoc fashion to help victims scan their Windows computers for certain spyware families. It’s written in Python and relies on malware scanners such as Yara, Volatility and Winpmem to look at memory for traces of the worst of the worst spyware, such as DarkComet, Xtreme, BlackShades, njRAT, ShadowTech, Gh0st and FinFisher from FinSpy and HackingTeam RCS.
Detekt does not remediate, and is not meant to be a substitute for antivirus or intrusion detection capabilities, Guarnieri said. It is limited to the malware families listed and is meant to be a quick triage for victims suspicious that their computers may have been compromised.
See more at: Detekt Tool Puts Surveillance Spyware on Notice http://wp.me/p3AjUX-sug
The file size is 26MB so it is too large to upload on a support ticket.
I am using BDIS 2015. I have my detections and Firewall set to the hightest levels.
When I attempted to run DETEKT I got the following message from BDIS 2015
Disinfection in progress
Detected threats are being disinfected. Please wait until the process is complete.
I waited for the disinfection process to complete then clicked on Events AntiVirus and it said the following
The application c:\xxxxx\detekt.exe was detected as potentionally malicious. Active Virus Control blocked the process based upon the following actions. The applications behavior can harm your computer.
Now it could be that when I went to download the tool I was redirected to a malware site and that my copy of the detekt.exe is in fact malicious and can indeed harm my computer.
I would appreciate it if someone at BD would check the file from the correct site (should be at link above) and let me know if they can reproduce the message or if in fact the tool runs without BDIS 2015 blocking it indicating I do indeed have a malcious copy of the file. Thanks