stackz
-
Posts
408 -
Joined
-
Last visited
-
Days Won
19
Posts posted by stackz
-
-
You can download it from hxxp://www.hirensbootcd.org/download/
-
There's a service entry in the registry most likely related to the infection -
Services: "Windows Management Instrumentation" = "c:\progra~3\etfq4h.pss" Automatic ; Stopped ; ( 5: Unknown ) ;
-
Arakasi, hxxp://www.malwaredomainlist.com/mdl.php will reveal all without needing to personally do any sort of tracking.
-
Have a look for: C:\Users\[user name]\AppData\Local\ESET\ESET Smart Security\Quarantine\INFO.NQI
-
When I select "Computer scan" in main gui there is always some delay 2~3 sec.
I've not seen a delay on any PC when selecting Computer scan.
Was this an upgrade or a clean installation?
-
Since they're using MadCodeHook, would it help if the certificates for the 2 files detected were not beyond their valid date?
Salfeld Computer GmbH Valid from: 1:00 AM July 29 2009 Valid to: 12:59 AM July 30 2010
-
It looks like a warning from Java Runtime Environment. Refer to: hxxp://www.java.com/en/download/help/appsecuritydialogs.xml
-
-
-
I think that it's kind of real-time behavior-based detection component but after Marcos's explanation... now it sounds very limited.
I think what Marcos means is that previously this form of memory scanning was only available during startup and on-demand scans. The limitations with this approach is that memory detection is reliant on a single snapshot of the memory.
Now with it being available as a real-time detection, it is better able to detect suspicious and/or malware like behaviour patterns.
-
I would expect that the results of a user initiated or scheduled computer scan would be shown in the Computer Scan log. Showing the results elsewhere wouldn't make much sense to me.
-
What is happening when you right-click on an item in quarantine and select 'Submit for analysis'?
-
There are only 4 files detected as Potentially Unwanted Applications, no sign of any MBR infection.
C:\Users\jeffrey\AppData\Local\Temp\61D0.tmp » NSIS » Script.nsi - Win32/DownloadAdmin.G potentially unwanted application
C:\Users\jeffrey\AppData\Local\Temp\B56D.tmp » NSIS » Script.nsi - Win32/DownloadAdmin.G potentially unwanted application
C:\Users\jeffrey\AppData\Local\Temp\C5FE.tmp » NSIS » Script.nsi - Win32/DownloadAdmin.G potentially unwanted application
C:\Users\jeffrey\AppData\Local\Temp\uttEA7F.tmp.exe » NSIS » SDSPlugin.dll - probably a variant of Win32/Toolbar.Widgi potentially unwanted applicationJust navigate to: C:\Users\jeffrey\AppData\Local\Temp
Right click on the Temp folder and in the context menu for ESET go to Advanced options ->Scan and clean
Once cleaned, run an in-depth scan.
-
Yes, using them on demand will be fine.
-
No more ESET Wheel of Misfortune.
Current modules for ESS 7.0.104.0 (non pre-release):
- Virus signature database: 8715 (20130822)
- Update module: 1044 (20130708)
- Antivirus and antispyware scanner module: 1406 (20130822)****
- Advanced heuristics module: 1142 (20130712)
- Archive support module: 1174 (20130724)
- Cleaner module: 1075 (20130730)
- Anti-Stealth support module: 1050 (20130807)
- Personal firewall module: 1138B (20130802)
- Antispam module: 1026 (20130715)
- ESET SysInspector module: 1236 (20130614)
- Real-time file system protection module: 1007 (20111129)
- Translation support module: 1110 (20130729)
- HIPS support module: 1093B (20130806)
- Internet protection module: 1079B (20130822)****
- Web content filter module: 1028 (20121113)
- Advanced antispam module: 1446 (20130821)
- Database module: 1037 (20130604)
-
Is there a log for past files submitted ?
Not that I'm aware of, though the best way to submit files is by following the directions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1377139275407&ref=esf
-
Virus database update (last successful update August 19, 2013 1:31:50 p.m.) does not terminate.
Alt+Shift+F4 then launch AV.
Unfortunately, exiting the GUI doesn't help. As soon as you relaunch, you see the endless update continuing, so a log off or reboot is necessary.
-
-
Virus database update (last successful update August 19, 2013 1:31:50 p.m.) does not terminate.
Yeah, I've been stuck with this for the last ~3 hours. The virus signature update completes and then the GUI shows Application Update -> Update Progress 0kb / 0 kb. The only way to stop it is to log off or reboot, though that will only last until ESS next checks for updates.
-
It's likely an AutoIt v3 Compiled Script supposedly written by Elie Cohen (ESET, LLC) who is definitely not an employee of ESET.
(Just Google Elie Cohen)Open up task manager and kill the process, uncheck it in msconfig, then follow the instructions for submitting a suspicious file at:
-
To submit a suspicious file, website or possible false positive to ESET for analysis, follow the instructions for your issue at:
-
it's my last try before legal action
I gather then you'll be taking action against many AV/AM companies.
Removing the potentially unwanted BCMiner should solve you're problem, as long as it's not repackaged with some other PUA or PUP.
-
Win 7x64
ESS v7.0.28.0 previously occurred on v6.*
Symptoms: slow opening of commonly used applications.
I booted into safe mode and moved the local.db file. All affected applications now respond as expected.
I can provide the local.db file for inspection if required. (~23MB)
regards
-
At first I thought eeeek, but I've kind of become used to the new icon. Also, it's more in keeping with the appearance of the 'e' in the eset logo.
ESET Smart Security 7 uses 1,3 GB RAM
in ESET Internet Security & ESET Smart Security Premium
Posted
ESET's constant scanning and production of temp files for checking JDownloader's activity would likely be what is causing your excessive memory usage. There's a workaround posted on the JDownloader forums for ESET products, but in my opinion the workaround creates a huge security hole. I'd wait to see what the ESET moderators recommend as the best way to handle the issue.