-
Posts
36,515 -
Joined
-
Last visited
-
Days Won
1,453
Everything posted by Marcos
-
I was talking about the last malware we received with "HMRC" in the subject so we'd need to compare the hash of our and your file to find out if they are same or different. Regardless of this, it's important to keep in mind that no antivirus protection provides 100% protection and opening unknown files is not safe and may lead to infection.
-
JS/SecurityDisabler.A.Gen potentially unwanted application
Marcos replied to dst-ap's topic in ESET NOD32 Antivirus
All prefs*.js files that we've received and analyzed had Firefox security features disabled. Please submit your files to ESET as per the instructions here if you think that your files are safe and are detected erroneously. Note that these files are not detected as malware but as PUA (potentially unwanted applications) which is an optional detection. -
Has ESET ever detected malware in incoming email? What email client do you use? Since you receive email via IMAPS, a plugin for your email client is required to scan email as long as SSL scanning is disabled (which is by default).
-
I was looking at LiveGrid data and searched for IP addresses starting with the octets / numbers shown in the screen shot
-
Yes, the file was undetected when you scanned it, that's ok. LiveGrid file reputation is not applied on files scanned by the on-demand or on-access scanner. However, it should have been detected and blocked upon receipt provided that you had LiveGrid enabled. The detection would have looked like as follows; __________ ESET NOD32 Antivirus warning, version of virus signature database 8953 (20131023) __________ Warning, ESET NOD32 Antivirus found the following threats in the message: Government Gateway Reg Form.zip - Suspicious Object - deleted Government Gateway Reg Form.zip > ZIP > Government Gateway Reg Form.exe - Suspicious Object - was a part of the deleted object
-
At what time did you receive the threat by email? It was blacklisted today at about 9 AM CET.
-
Eset Nod32 AV v7.0.302.0 issue with Windows 8.1
Marcos replied to gooberbear's topic in ESET NOD32 Antivirus
Are you still experiencing the issue with inability to resize the log columns ? -
Nod32 version 7 cannot be used with Outpost firewall
Marcos replied to Mariusry's topic in ESET NOD32 Antivirus
When Outpost firewall is installed on a computer running ESET NOD32 Antivirus, it displays a message asking you to run OF in a compatibility mode. Despite the option selected, we didn't encounter any issues. Did you select to run OF in compatibility mode and experienced the issues though? -
Unable to update virus signate
Marcos replied to nwarp's topic in ESET Internet Security & ESET Smart Security Premium
Please pm me your username so that I can test your license myself. -
It's probably Win32/TrojanDownloader.Small.AAB, the file was blacklisted about an hour ago. What ESET product and version do you use?
-
Version 7.0.302.26 Released ... What is it?
Marcos replied to howardagoldberg's topic in ESET NOD32 Antivirus
The only change in 7.0.302.26 compared to 7.0.302.0 is an updated EULA. The fact that the msi installer is larger can be caused by current modules and engine that are always embedded when a newer installer is built. -
Instalation/download problem
Marcos replied to Martin.Misar's topic in ESET Internet Security & ESET Smart Security Premium
ESET's installers are digitally signed. You can check the signature to make sure they haven't been tampered with. -
I was referring to the latest variant spammed under the name voice*.exe. It was blocked within a few minutes after it was first reported via LiveGrid, long before other AVs did. A detection for another Voice_Mail_Message.exe variant was added in update 8935 (20131018), released on Friday, 12:35 CET. The best would be if we could get the file from your quarantine to find out when the detection was exactly added and when ESET's products started blocking it.
-
Is it possible to limit definition update times?
Marcos replied to piersplowman's topic in ESET Endpoint Products
Update tasks can be disabled, edited or added under Tools -> Scheduler. -
Error Communicating with Kernel
Marcos replied to FlexiPack's topic in ESET Internet Security & ESET Smart Security Premium
That's not a good idea, doing so would most likely cause modules not to load. Do you get the error if you attempt to open ESET's gui after installation or only after a restart? What operating system do you use? -
Please try to create a demonstration video to illustrate the issues. Alternatively we could connect to your computer remotely and you would show us how the issues manifest. As for the problem with mouse, couldn't it be related to Windows 8.1 upgrade as mentioned on the following websites? hxxp://answers.microsoft.com/en-us/windows/forum/windows8_1_pr-gaming/stalker-cop-mouse-problem/931e4dd5-bb8e-4740-9024-ae7a6861bbb1 hxxp://blog.gsmarena.com/windows-8-1-may-render-games-unplayable-because-of-mouse-lag/
-
As for the SSL issue, couldn't it be that you also have another browser or email client installed besides Firefox? For instance, the error message you mentioned occurs if the latest version of Thundebird is installed. If possible, please provide us with step-by-step instructions how to reproduce the issue with certain https sites. Providing us with a demonstration video would be great.
-
Scheduled Scans
Marcos replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
You can exclude a particular address from content filtering in the URL address management setup if you trust it. -
If disabling protection modules, protocol filtering and HIPS / self-defense (followed by a computer restart) doesn't make any difference, try renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode, one at a time, and then try to reproduce the issue. Let us know about your findings.
-
I'd add that Endpoint should have blocked this downloader since yesterday, 15:30 GMT.
-
It appears there are many LockScreen files with double extensions hosted on the url in question. Perhaps you have visited a compromised website with drive-by malware which attempted to download LockScreen from the mentioned urls.
-
It works for me fine. Did you add "https://*" and not "https*" as I mistakenly advised before?