More fun experiments with malware part 1
-
<p><strong>Virtual PC:</strong></p>
<p><strong>VMWare Workstation 15 Player</strong></p>
<p><strong>Windows 7 x64</strong></p>
<p><strong>KIS 20.0.1.780 de app + drv verifier enabled</strong></p>
<p><strong>Reproduction steps:</strong></p>
<p><span>I installed quite alot malware, rebooted the virtaul pc.</span></p>
<p><span> I think all the dumps are from when KIS tried to start, i tried to start KIS, after i had rebooted the infected virtual pc.</span></p>
<p><strong>Actual result:</strong></p>
<p><span>Had to switch to safe mode to delete enough malware to allow KIS to start normaly again, though the full scan in safe mode missed some malware.</span></p>
<p><strong>Expected Result:</strong></p>
<p><span>After alot of reboots and scans ,atleast i think so, all malware was deleted.</span></p> -
- Self-defense does not block the download of this .dll either in 2019 or in 2020, works as designed, there is no regression in behavior.
- The fact of a dump in 2020 is explained by the difference in the internal logic of this dll (in one case there is an error with the dump, in the other case the .dll is nominally unloaded, apparently the error also occurs, but this case is successfully processed and the crash does not occur)