Marcos

To me the only difference between the original VirtualBox installer and this one with a broken signature is missing data between offset 0x4fadd1a and 0x4fbc47c. Removing some data from a file won't make it malicious.

Unfortunately files encrypted by Filecoder.RYUK cannot be decrypted. I've checked your logs and my findings are below:
- ESET Server Security was installed today
- LiveGrid Feedback system is disabled
- detection of potentially unsafe applications is disabled
Network Level Authentication is disabled.
Recommended action: Enable (Right click This PC (or Computer) -> Properties -> Remote settings, and check "Allow connections only from computers running Remote Desktop with Network Level Authentication".)
The Security Event Logs cover only a small period of time (less than a day). The logs were either cleared by an attacker or the event log size is too small.
Consider increasing the event log size (eventvwr.msc -> Windows Logs (left panel) -> Security -> Properties (right panel) -> Maximum log size (enter new value)). We recommend to at least triple your current Maximum log size.
A brute-force attack from remote machine(s) was performed:
- ARISTANGROUP\arez had 105 failed login attempts
- Гость had 27 failed login attempts
Detected unsuccessful logon attempts from 7 blacklisted IP addresses.
- back up crucial data on a regular basis to prevent data loss
- disable or secure RDP (use VPN and block RDP from outside, restrict access to specific IP addresses, etc.)
- use a stronger password by users with RDP allowed
- set a password to protect ESET settings and to prevent it from being disabled or uninstalled by unauthorized persons
 
 

Version 17 will address that. More information to come in the beta channel once the beta becomes available.

If you check other AV vendors websites, you'll find a statement along the line:
This is a known issue of Windows Server 2019 defect. Those who encounter this issue are advised to report this issue to Microsoft to acquire the solution.

It's enough to perform a standard uninstall from Windows.

Does clicking Reset settings help?

A Microsoft website with this Edge extension was taken down and no longer exists.

Removing the browser extension Video Downloader Unlimited from Chrome should fix it.

Unfortunately files encrypted by Filecoder.RYUK cannot be decrypted. I've checked your logs and my findings are below:
- ESET Server Security was installed today
- LiveGrid Feedback system is disabled
- detection of potentially unsafe applications is disabled
Network Level Authentication is disabled.
Recommended action: Enable (Right click This PC (or Computer) -> Properties -> Remote settings, and check "Allow connections only from computers running Remote Desktop with Network Level Authentication".)
The Security Event Logs cover only a small period of time (less than a day). The logs were either cleared by an attacker or the event log size is too small.
Consider increasing the event log size (eventvwr.msc -> Windows Logs (left panel) -> Security -> Properties (right panel) -> Maximum log size (enter new value)). We recommend to at least triple your current Maximum log size.
A brute-force attack from remote machine(s) was performed:
- ARISTANGROUP\arez had 105 failed login attempts
- Гость had 27 failed login attempts
Detected unsuccessful logon attempts from 7 blacklisted IP addresses.
- back up crucial data on a regular basis to prevent data loss
- disable or secure RDP (use VPN and block RDP from outside, restrict access to specific IP addresses, etc.)
- use a stronger password by users with RDP allowed
- set a password to protect ESET settings and to prevent it from being disabled or uninstalled by unauthorized persons
 
 

If everything goes well, it will be released next week.

If everything goes well, it will be released next week.

After deploying the managing agent, you will install ESET Endpoint from the ESET PROTECT Cloud console which contains also an AV remover that can remove most of 3rd party AVs.

You can delete the vulnerable Avast driver. Should you install a current version at a later time, it should no longer install the vulnerable driver.
As for the Asus vulnerable drivers, they are from 2015. Try to find newer drivers and install them or create detection exclusion based on the detection name and path.

Since this is an English forum, we kindly ask you to post in English.
Most likely you have sync turned on, check sync settings by opening brave://settings/braveSync/setup.
Also post the appropriate record from the Detections log. Alternatively you can supply logs collected with ESET Log Collector.
 

That means you have another machine with sync turned on where the troublesome extension is still installed.

Unlike the ESET Online Scanner, ESET security products that are installed on a disk may detect more during an on-demand scan due to LiveGrid and pico updates that they support.

I meant disabling the regular update task in Scheduler:

We strongly discourage other users from doing so as regular updates are crucial for keeping your computer protected.

While all ESET products protects you from new threats, no AV can detect 100% of malware with zero false positives. ESET Smart Security Premium includes ESET LiveGuard which is a technology that temporarily blocks downloaded untrusted files, uploads them to a cloud sandbox where the sample detonates and its behavior is analyzed. Within seconds or minutes at maximum a result is received and the file is either allowed to run or is detected and blocked. Neither ESET NOD32 Antivirus nor ESET Internet Security contain the ESET LiveGuard technology. They support ESET LiveGrid for cloud checks, however, downloaded files are not blocked while being analyzed on ESET servers.

While all ESET products protects you from new threats, no AV can detect 100% of malware with zero false positives. ESET Smart Security Premium includes ESET LiveGuard which is a technology that temporarily blocks downloaded untrusted files, uploads them to a cloud sandbox where the sample detonates and its behavior is analyzed. Within seconds or minutes at maximum a result is received and the file is either allowed to run or is detected and blocked. Neither ESET NOD32 Antivirus nor ESET Internet Security contain the ESET LiveGuard technology. They support ESET LiveGrid for cloud checks, however, downloaded files are not blocked while being analyzed on ESET servers.

That means you have another machine with sync turned on where the troublesome extension is still installed.

You are right, Filecoder.FONIX can be decrypted. Please email the above logs and files to samples[at]eset.com.

The domain name has begun to resolve to an IP address that has been blocked for more than 6 years. The IP address has been unblocked.

The issue will be fixed in the ESSW v10 hotfix which is being prepared and will be available soon.

The issue will be fixed in the ESSW v10 hotfix which is being prepared and will be available soon.

Yes, it's detected:
06cf8ad0dfc079bede63dbb6a190da885953e1f209e781baf088f015d474fa61.jar » ZIP » xyz/immortius/museumcurator/fabric/MuseumCuratorMod.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
1d1aaccdc13244e980c0c024610ecc77ea2674a33a52129edf1bb4ce3b2cc2fc.zip » ZIP » net/serahill/floatdamage/FloatDamagePlugin.class - a variant of Java/Agent.QF trojan
511418fde9900f917055cf854c9a16078700a4031d746d151a5cdeda10c07b86.jar » ZIP » net/dungeonz/DungeonzMain.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
8915683dd6adc5e871806ff9b79015183f95c6c7311ecb0f3714b2b8de17ce48.jar » ZIP » valorless/havenelytra/HavenElytra.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
8d00bb6e058390a2843a9236d31c6d0aa9a7966c4adf71689599a9b7a0c6ae19.jar » ZIP » com/bmc/coremod/BMCSkyblockCore.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
98b96e06b34560a957e86bcf5b5e4ac0a1254c5e8911e19d22bbae91accc208b.jar » ZIP » net/ggwpgaming/automessage/AutoMessage.class - a variant of Java/TrojanDownloader.Agent.NWO trojan
d79874c1a0040cb29418343c766d2f6c69cf8fa5ecd0629cac7cc60d69c4f107.jar » ZIP » goldenshadow/displayentityeditor/DisplayEntityEditor.class - a variant of Java/TrojanDownloader.Agent.NWO trojan