Jump to content
An upgrade will take place on June 18, 2024 during the midday hours (UTC). The Forum will not be accessible for a short period of time. ×

Marcos

Administrators
  • Posts

    36,872
  • Joined

  • Last visited

  • Days Won

    1,464

Posts posted by Marcos

  1. 1, The malicious communication was blocked so it's of no concern. You can block the remote IP address on a firewall to prevent future exploitation attempts. However, even if the communication was not blocked, it wouldn't pose any risk as long as you don't have a vulnerable version of Struts installed.

    2, If you don't use Java intentionally, I'd rename its executables and observe if no issues occur in the next few days or weeks. If it turns out that some application requires Java, you can rename the files back. Otherwise you could uninstall it completely.

  2. I'd suggest temporarily removing the following apps:

    Discord
    Killer Ethernet Performance Driver Suite UWD

    Then you have also a couple of games installed, however, I assume you didn't use any cracks.

    Also make sure that browser extensions are completely removed, not just disabled. According to the ELC logs you provided, access the url was blocked twice and only Chrome attempted to access it.

    22. 4. 2019 16:40:53    hxxps://amanda.runtnc.net    Blocked by PUA blacklist    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe    18.210.42.94   
    22. 4. 2019 16:33:49    hxxps://amanda.runtnc.net    Blocked by PUA blacklist    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe    35.169.145.234   
    15. 4. 2019 19:58:20   hxxs://www.maxonclick.com  Blocked by PUA blacklist    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe    35.190.68.123   

    You could try uninstalling Chrome, making sure that the folder "C:\Users\zeman\AppData\Local\Google\Chrome\User Data"  doesn't exist and then install Chrome from scratch.

    Also you could try resetting your router to factory settings and use Google DNS 8.8.8.8 and 8.8.4.4, just in case.

     

     

  3. 3 minutes ago, AlessandroG said:

    two big companies can't talk to each other and solve a problem that leads to both problems for their customers. In my humble opinion, it seems to me a lack of respect for customers. Surely you as Vmware have more resources than a common user, I don't think it's hard to get in touch with you.

    This is untrue. We contacted VMware and provided them with details about the problem in their driver. It's their turn now.

  4. For business users we have Endpoint Antivirus and Endpoint Security, products for file and mail servers, Sharepoint, mobile phones, etc. We also provide ESET Enterprise Inspector for monitoring networks for suspicious activities and responding (so-called EDR) as well as ESET Dynamic Threat Defense for instant analysis of potentially new malicious files in a cloud sandbox and response.

    Please clarify what you are interested in and what is the problem with the Korean reseller.

  5. Akykolvek podozrivy subor odporucame najskor premenovat / presunut do ineho adresara a restarnut pc, aby sa deaktivoval pripadny malware. Nasledne nam mozete dane subory poslat na analyzu, ked sa potvrdi, ze problem sa po restarte prestal prejavovat. V tomto pripade by sme privitali zaslanie update.dat, aby sme ho zanalyzovali a pripadne pridali detekciu, cim budete do buducnosti pred danym malwarom chraneni nielen vy, ale aj ostatni pouzivatelia. Ak je to mozne, skuste ho obnovit softwarom na obnovu suborov a nasledne zaslat na samples[@]eset.com v archive s heslom "infected".

  6. Blokuju sa spojenia, aj ked pouzijete iny prehliadac ako MS Edge ? (Chrome, Firefox,...)

    Alebo sa blokuju, aj ked nemate otvoreny prehliadac? V takom pripade by ste mohli vyskusat cez Spravcu uloh (Task manager) vypnut automaticky start aplikacii a po restarte overit, ci sa adresy nadalej blokuju. Ak sa nebudu blokovat, postupne by ste potom autostart pre aplikacie zapinali a zistili tak, pri ktorej sa zacnu blokovat.

    V pripade pretrvavajucich problemov mozete kontaktovat slovensku technicku podporu. Kolegovia by sa v pripade potreby potom aj vzdialene pripojili na Vas pocitac a skusili by tak problem vyriesit.

×
×
  • Create New...