Marcos
-
Posts
37,013 -
Joined
-
Last visited
-
Days Won
1,469
Posts posted by Marcos
-
-
It's not clear what connection you meant between enabling SSL scanning and disabling real-time protection which are two completely different and independent things.
-
The issue should only occur on systems with old processors not supporting SSE2. It was fixed yesterday in Internet protection module 1076 for v5 and v6 users. V7 users will receive an updated module 1078B soon.
-
A dump should have been created when BSOD occurred. Check if the file c:\windows\memory.dmp exists and look at the date and time of creation to make sure it's from the last crash. If the file doesn't exist, look for minidumps in C:\Windows\Minidump. Compress the dump(s), upload them to a safe location and pm me the download link.
-
Please create an application dump of ekrn.exe by right-clicking it among running processes in the Task manager and selecting Create dump file. Then compress the dump, upload it to a safe location and PM me the download link. I'll pass it to the engineers for further analysis.
-
If you're able to reproduce the freeze, please configure Windows to generate complete memory dumps as per the instructions here and when a freeze occurs, use the appropriate key combination to create a memory dump. Of course, disabling startup scan tasks is not recommended as they serve as another protection layer and can detect potential new born malware in memory.
-
8692We'll be adding detections for new Koreplug variants in update 8692. When available, update the signature database and run a full disk scan. Should it still be detected only in memory, I'll check your SysInspector log for suspicious files.
-
Please create a SysInspector log as per the instructions here and send it to me as an attachment to a private message.
-
It seems a reply was sent to you that the domain was removed from blacklist.
-
The best course of action would be to log file operations during a backup using Process Monitor and to supply Customer care with the log created as well as with a SysInspector log for perusal. It will be enough to leave Process Monitor logging operations only for about a minute. When you have the logs ready, you can upload them to a safe location and PM me the download link or contact Customer care.
-
Please post a complete record related to the detection from your threat log. The record should look like as follows:
18. 7. 2013 13:59:44 Real-time file system protection file D:\test\kogabontusiq.exe a variant of Win32/Kryptik.BFXC trojan cleaned by deleting - quarantined domain\admin Event occurred during an attempt to access the file by the application:
-
The log reads "Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again." So please restart the computer and create a new set of logs.
-
Check your PM, I've sent you instructions how to fix the issue.
-
Please check if the issue with CPU spiking goes away after disabling real-time protection. If so, capture all file operations using Process Monitor while reproducing the issue. When done, compress the log along with a current SysInspector log into an archive, upload it to a safe location and pm me the download link.
-
Does unticking "Epfw NDIS Lightweight Filter" in your local area connection properties make a difference then?
-
Does this happen regardless of what browser you use? It sounds more like a browser issue than an actual threat symptom.
-
Try disabling each of the protection modules in the following order, one at a time, to see if it makes a difference:
- disable web protection
- disable protocol filtering in the advanced setup
- change firewall integration to Personal firewall is completely disabled and restart the computer
- disable Parental control
- disable HIPS and restart the computer
-
We've found out that the recent Internet protection module 1073 might have caused ekrn crashes on systems powered by CPUs from 2001 and older (2004 and older for AMD CPUs). Updating to the latest version of Internet protection module 1076 should solve the issue.
-
I confirm that the detection is correct, it's not a false positive. If the above mentioned detection is triggered, the website was compromised and a malicious java script is injected into the web page.
-
A list of updates with signatures added is available at hxxp://www.virusradar.com.
-
New version EMS 2.x. still not support notification system A4.3. it.
Yes, because EMS v2 has been released just recently and this is actually just a newly discovered issue stemming from the design of Android 4.3. We plan to address it in future builds of EMS v2.
-
If possible, please answer the following questions:
- What type of Internet connection do you use? (3G, wi-fi,...)
- Are you able to open websites in a browser when experiencing the issue?
- Does changing the type of connection make a difference?
- Does uninstalling EMS v1 and installing EMS v2 make a difference?
-
Is there a message displayed on your screen when you tap "Update Threat Database" or simply nothing happens at all?
-
Has the client actually connected to ERAS to download the list of tasks? Try temporarily setting the interval for connecting to ERAS to 0 on a client and see if the task is downloaded and started.
-
Tested with Kaspersky, Antivir, Avast, it was possible to kill all 3 via the Task manager. As I wrote, it's a system problem of Android on Samsung mobile phones.
Unable to submit suspicious file
in ESET NOD32 Antivirus
Posted
Maybe the file is too large to submit. I'd recommend following the instructions in this KB article for submitting files for analysis.