Marcos
-
Posts
36,212 -
Joined
-
Last visited
-
Days Won
1,440
Posts posted by Marcos
-
-
It appears that the malware has been removed. The website will be removed from blacklist. Next time please report such url blocks as per the instructions at https://support.eset.com/kb141/.
-
Please email samples[at]eset.com the following stuff:
1, A handful of encrypted files (ideally Office documents not containing sensitive information)
2, Payment instructions for obtaining a decoder that was dropped by the ransomware.
3, Logs gathered by ESET Log Collector.Filecoder decryption service is provided only to paying users. If you haven't purchased a license, please do so and make sure that ESET is installed and activated with the paid license prior to running ELC.
-
Did you create the SysRescue usb long time ago or just recently? A new version was released in June this year.
-
If a policy is applied, it will override user's settings. To enforce a particular setting and to ensure that it's not overridden by another policy, select the Force flag:
-
We haven't supported F5 VPN in any way. I assume it's F5 that needs to add recognition of v11.2 and newer versions, therefore I'd suggest contacting their customer care.
-
Please elaborate more on what you mean. What exactly worked with v11.1 and doesn't work with v11.2 ?
-
It can be turned off via E-store as per https://support.eset.com/kb6205/ or by contacting customer care.
-
There's been an outage of Microsoft Azure cloud services in South Central US which may affect activations and some other cloud services:
-
It is a very bad idea to disable startup scan tasks. By disabling them, you lose an important protection layer since only the startup scan can check vulnerable areas, such as the WMI repository, Powershell scripts in the registry, etc. Also without scanning the memory after an update it could happen that a possible malware will run undetected until you restart the computer, ie. it will have enough room to do the damage.
Is the scan named "Initial scan" ? Please gather logs with ESET Log Collector and upload the generated archive here. I'd also recommend uninstalling ESET and installing the latest version 11.2.49 from scratch.
-
Is it somehow related to ESET? Does the issue go away if you uninstall ESET Mobile Security?
-
The file is not infected, it's just a keygen. Normally ESET doesn't detect keygens but if they are, they are usually detected as potentially unwanted applications.
Detection of potentially unwanted applications can be enabled either during install or later in the advanced setup.
-
Please try the following:
1, In safe mode, rename "C:\Program Files\ESET\ESET Security\Drivers" to "Drivers_noload"
2, Rename C:\Windows\System32\drivers\eamonm.sys, e.g. to eamonm.bak
3, Restart Windows and reproduce the issue.Should the problem persist, instead of eamonm.sys rename ehdrv.sys.
Let us know if renaming either driver helped.Finally rename the drivers and the Drivers_noload back to their original names.
-
Maybe shooting a video showing the process of replication from the download and installation of Firefox to issue reproduction could shed more light. Also gather ELC logs when Firefox is installed and running and post the generated archive here.
-
Does temporarily disabling automatic start of real-time protection and rebooting the machine make a difference?
-
20 minutes ago, MAGIK José Rocha said:
Here is the html source for the page that runs the miner:
Yes. That is exactly what triggers the detection and a screen shot of this was also included in the write-up mentioned above.
-
Here's a good write-up of exploitation of Mikrotik routers' webproxy feature:
-
In the menu select License -> Enter license key and type in your license key. Hyphens are added automatically.
-
Are you able to reproduce it on another machine, e.g. on a VM? For now do not perform the tests using a portable Firefox.
-
Do you mean that if you download the eicar test file from http://www.eicar.org/download/eicar_com.zip it is not detected by web protection?
-
Please let us know what ESET product and version you use so that we can move the topic to the appropriate product forum.
Also please provide steps-by-step instructions how to reproduce it, including the exact version of Firefox that you have installed and information how you performed the test. With portable versions of Firefox , SSL/TLS filtering won't work unless you manually import the ESET root certificate to the trusted root CA certificate store.
-
We appreciate your feedback José. In other cases with different brands of routers, a factory reset followed and upgrading the firmware didn't help.
-
It depends on what product you purchased. We also sell security packs which cover a certain amount of devices regardless of the operating system. If you purchased only one license for ESET NOD32 Antivirus, then it won't work on Android.
-
Hello,
1, What ESET product do you use?
2, Is it Windows that is reporting "Check Internet Connection..." ? Please post a screen shot. -
21 minutes ago, HSW said:
we have many of this infection notifications since friday, could there be a bug? Different mashines and different routers. (private home office and different business locations)
I'd suggest creating a SysRescue medium, booting from it and opening a website through the built-in browser. If the threat is detected, it's likely either the router or ISP that was compromised.
Unable to download signatures at ...
in ESET Standalone Malware Removal Tools
Posted
Did you download ESET SysRescue iso from https://www.eset.com/index.php?id=249&L=300 and create a bootable usb? If not, please follow the instructions on the mentioned web page.