All Activity

This stream auto-updates     

  1. Past hour
  2. funny message
  3. Today
  4. Peter Randziak liked a post in a topic: Reputation rank badges
  5. sharpe68 joined the community

  6. Flag mistake

    Aryeh Goretsky replied to Agustin Ferreira Vidal's topic in General Discussion

    Hello, That is actually the flag for Mexico, not Italy. I'll let your Knowledgebase team know. Regards, Aryeh Goretsky
  7. FeMaster started following EIS firewall's interactive mode and Windows 10 apps
  8. I have the same issue. The app that is particularly annoying to me is the HxTsr.exe which is apparently associated with my Office 2013 installation. This file seems to get updated about once a week, and every time it updates the sub-folder changes based upon the apps version number. I think it is the same for everything in the WindowsApps folder, but don't quote me on that. I've posted in the past about this particular file (HxTsr.exe), and was met with pretty much the same worthless response. No REAL solution to the problem (I was told to change to "Automatic" mode to resolve the issue), and not even a "we'll look into it and see if we can come up with a fix." The problem has been ongoing for over a year now, and nobody seems to care. Apparently those of us that use interactive mode are in the minority, and spending time on a fix would require more resources to try to come up with a solution than they would benefit in return from. Highly annoying to say the least! The worst part is, the firewall rules list keeps getting longer and longer as the old rules don't get automatically removed, and requires me to go in and clear out all the old, no longer relevant rules. It would be nice if the software could do something similar for the apps in the WindowsApps folder, like it does with the desktop apps when they get updated. The software notices that the executable has changed and asks me if I want to keep the same rules as before the change.
  9. khairulaizat92 liked a post in a topic: Reputation rank badges
  10. Yesterday
  11. panni joined the community
  12. @Marcos, there is definitely a problem with Eset LiveGrid statistical submission option in ver. 11.1.xx. I did some more testing and each time I enter standby mode via manual Win 10 standby option, a new FNDx.NFI file is created. Each new file creation results in 4 new LiveGrid connections being established. This explains my previous forum comments about my LiveGrid connections mysteriously increasing. For example, four standby events results in four FNDx.NFI files and 16 LiveGrid connections! Again my motherboard with is a bit dated and only supports S4 power saving mode. In this mode, the PC is actually powered down in standby mode. It goes w/o saying that LiveGrid statistical submission stays off in my Eset installation. In regards to my dual stack IPv4 and IPv6 network configuration, the issue appears to be related to the IPHelper service. When that service is active, a loopback; i.e. 127.0.0.0 connection, is established for it. At this point, Eset goes "bonkers." Since I have all the IPv6 tunnels disabled, the IPHelper service is not needed. As such, disabling the IPHelper service resolved the conflict with Eset.

  13. Malware? As.eu.angsrvr.com

    itman replied to Antonh's topic in Malware Finding and Cleaning

    Let's start all over again. Do you have the Eset firewall set to default settings? That is all outbound communication is allowed.
  14. jamessan joined the community
  15. It is already flagging some file in Chrome as well, not only in Skype.
  16. Jko started following JS/Retefe.T trojan from SkypeBrowserHost.exe
  17. Hello, I have this problem on severals endpoint machines. The file aparently is provided of https://apps.skype.com/home/index-8ac0c79d03249bddd0ea845e149bc6d0.min.js Thanks.
  18. The FP has been fixed and update resumed.
  19. Jko joined the community
  20. voLwy liked a post in a topic: JS/Retefe.T trojan from SkypeBrowserHost.exe
  21. voLwy liked a post in a topic: JS/Retefe.T trojan from SkypeBrowserHost.exe
  22. voLwy liked a post in a topic: JS/Retefe.T trojan from SkypeBrowserHost.exe
  23. Unfortunately without a proof we cannot comment on it. Of course, no antivirus detects 100% of all threats, especially when it comes to scripts. And blocking all powershell scripts just because they could be misused is not a good solution either.
  24. Please see my comment above. Updates were stopped and the detection will be removed momentarily.
  25. Same problem, whats happening to skype?
  26. voLwy joined the community
  27. TomFace liked a post in a topic: Reputation rank badges
  28. Having the same exact problem starting today - yesterday I had no problem when starting Skype. The file flagged was JS file, located in the same folder as OP stated.
  29. Enriqo joined the community

  30. Latest ESET products not detecting apt tools

    thrilla_killa replied to thrilla_killa's topic in Malware Finding and Cleaning

    Unfortunately, I am not providing my source code at this time. I just wanted to advise that powershell, which is readily available on windows systems, can easily bypass the ESET systems and allow commands to be run from remote agents with ease.
  31. There are several layers that could detect such threat: 1, Detection by a signature. 2, Web access protection if the powershell script is downloaded from the Internet. 3, AMSI scanner upon execution of powershell. 4, Advanced memory scanner if the payload is a file that is executed. The question is if the payload does something really malicious. Please contact samples[at]eset.com and provide details.
  32. Thanks but it's not needed. We have got some examples from the LiveGrid feedback system.
  33. Whew, alright. If it helps, I've managed to restore the file in question from quarantine, and change extension to .txt so it's not harmful. I am attaching it here: index-8ac0c79d03249bddd0ea845e149bc6d0.min[1].zip
  34. Appears to be FP. We've stopped offering the latest update for now.
  35. ABV started following JS/Retefe.T trojan from SkypeBrowserHost.exe
  36. ABV joined the community
  37. Is ESET supposed to detect apt actors or tools? I am testing a framework (simple base64 encoded powershell payloads) and none of your products are detecting them? All settings are verified as on.
  38. No, apparently the IP addresses appear in the ERA console after waiting quite some time. I'm not sure why such a long delay given the information is already available in the client details.
  39. Hello, I am having exact same problem.
  40. thrilla_killa joined the community
  41. retefeler liked a post in a topic: JS/Retefe.T trojan from SkypeBrowserHost.exe
  42. retefeler joined the community

  43. Reputation rank badges

    TomasP posted a topic in ESET Announcements

    Hello, Based on your feedback, and in order to further improve user experience on our forum, we have just launched a new feature - reputation rank badges. These image badges, shown in user info pane next to each user's posts, reflect their reputation rank and provide a better visual understanding of the user's level of experience on our forum. We hope that you like this addition and that it will make using our forum just another bit easier and more interesting! On behalf of ESET Staff, Tomas
  44. rawalanche started following JS/Retefe.T trojan from SkypeBrowserHost.exe
  45. Hello today I have gotten a notification that a threat was removed from my computer. I am very responsible and careful, so this was a first time in years something like this has happened, and has me worried. It was a .js file with some long, hash-like string that was stored in %username%\AppData\Local\Microsoft\Windows\INetCache\IE\FREZXU48\ folder: Now, apparently this file was created and accessed by SkypeBrowserHost.exe, which is a component of Skype, that seems to share browser cache with Internet Explorer. The file is in a legit folder and it itself results in negative when tested by ESET Internet Security. I believe that SkypeBrowserHost.exe is specifically used to display ads in Skype using the IE framework. I did not do anything questionable from security standpoint in recent days, or even months. I do not use, and have never used Internet Explorer in recent years. I don't think I've launched it once since last clean Windows install. The way I see it there are two possibilities: 1, This is a false positive. 2, The advertising platform Skype uses to display ads has been compromised and SkypeBrowserHost.exe is being taken advantage of to deploy malicious software. The latter option concerns me a bit. If that could be the case, shouldn't this be something that should be reported to Microsoft? UPDATE: I am getting this removed threat warning now every single time I launch Skype (Classic version for Windows desktop).

  46. Malware? As.eu.angsrvr.com

    Antonh replied to Antonh's topic in Malware Finding and Cleaning

    I thought you meant the dial-out activity was common behaviour of microsoft. But I guess its not. How do i get rid of it? And is it harmfull?

  47. Malware? As.eu.angsrvr.com

    itman replied to Antonh's topic in Malware Finding and Cleaning

    Please clarify what you mean. Are you referring to the fact that IE generates the outbound connection but other browsers do not?
  48. So I'm a long time user of ESET NOD32 for Linux. I renewed my 2 year license effective in March. I appreciated the 10 day warning that the license was about to expire. After renewal date my NOD32 Panel changed back to green with the new end date. However, today I notice a new message is appearing on the UPDATE tab which tells me Current installed Version : 4.0.85, New available version: 4.0.85.0, Release date: 05/24/2017, Package size: 73.2 MB, and then lists the changes and download link as Download link:https://download.eset.com/com/eset/apps/home/eav/linux/v4/4.0.85/eset_nod32av_64bit_en.linux. Now I have already applied this update in May 2017 after it was released, as evidence by the Current installed version number. I always download the file before installation and the only difference is the file md5sum is different for he two files. The md5sum for last years file is 92561032c944a7061bfcf7fe48bbab0a while the downloaded file today is 033a76e87a7dc1f7728b389ca9af54f0. I know that the actual download can cause a bad md5sum. Can a ESET Linux support person confirm the MD5SUM that is correct? So is this a bug, is something wrong with my installation that needs repair, or is there infact a newer release and the version number is wrong? Thanks
  1. Load more activity