Arakasi

Open Candy is malware. It is a classification of adware called win32/OpenCandy ESET detects this and i recommend running an In-depth scan on the system. What is OpenCandy and why does it trigger a threat warning?

Click the Toggle Application Tree to delete your rules.

No, database is removed as well, and license. Will have to use the later route of pressing default buttons and options etc.

Hi, The best method is to uninstall and reinstall. Manually will have a few steps. To reset the firewall rules to default, follow the directions outlined here : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN941 If you would like to reset to default settings and values of everything else you can open the Advanced setup and click the button labeled "Default" in the lower right corner.

Does disabling firewall make the error go away ? Does disabling HIPS followed by a restart allow the application(s), to run ? We need to find the cause or module behind the disruption first. Hold on to the logs for the moment as those will be sent VIA PM only to ESET Staff only. Ensure you have Sysinspector created, as well as Firewall logs.

The only way to get your questions answered will be to follow the proper procedure underlined in the following KB article: How do I submit a virus, website or potential false positive sample to ESET's lab? The Forum is not for disputing or resolving these types of inquiries. Also as Marcos had stated, the type of detection is a PUA. This is completely optional to users. You can tell any of your clients/customers to simply disable the detection type to use whatever software or domain you are referring to. ESET also does not base detection off reviews, i am afraid you are misinformed. ESET has a research team and lab working around the clock. This Topic can now also be closed as well.

Hello, Does adding D:\Tally.ERP9\Data\10001\TSTATE.TSF to the list of exclusions assist in launching your application? Advance (F5 from the main GUI) Computer > Antivirus and antispyware > Exclusions I would entertain adding the directory " D:\Tally.ERP9 "

Thank you for the clarification Mr. Goretsky. Very nice indeed.

I may put Webroot on a vm just to see and record plus document the results and comparisons.

I see now, you are right. The domain must be behind the proxy orangewebsite or simply hosted there.

The application in question could be a reclusive executable, or an obfuscated one. Thus, recommend running a full in-depth scan. I am unaware of shodan.io, where did you reference that ? For now, i would check Remember Action (create rule) and Deny. You can refer back if any of your applications begin to reveal issues, and delete the rule.

Also take caution as port 5353 can be used for the following reasons: -iChat, Mac OS X Bonjour/Zeroconf port -Multicast DNS (MDNS) [iESG] (IANA official) Primarily on Mac OSX , possibly p2p ? -Backdoor.Optix (2004.02.10) - a backdoor trojan horse that gives an attacker unauthorized access to an infected computer by opening TCP port 5353 and listening for incoming connections. -Avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS IPv4 or IPv6 UDP packet to port 5353. References: [CVE-2011-1002], [BID-46446] -Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. References: [CVE-1999-0438] Also see this link: hxxp://www.pc-library.com/ports/tcp-udp-port/5353/ My recommendation is this: Run an In-depth scan on all local drives for your system.

It would appear they are a hosting company. Do you have dealings or service with OrangeWebsite ?

Hello, A whois returns the following:

After checking the avast forum, he seems to have cleaned his system.

Probably C:\Windows\winsxs

Try this Hargon. Download ATF Cleaner - Check all options and Empty Selected Download AdwCleaner -Run a full scan Download CCleaner - While using the Cleaner tab on left, Check everything under applications tab - Under Windows tab check everything under IE, check everything under System except start menu shortcuts, under Advanced check Old Prefetch Data - Run Cleaner - Recommend deleting the shortcuts of your browsers in the Start Menu after CCleaner Run, and re-create them. - Go to Tools on left side, select Startup on the right. Here is the important part I recommend taking screen shots of all these tabs, (Windows, Internet Explorer, Firefox, Google Chome, Scheduled Tasks, Context Menu and any others you have) Post them here for recommendations on what to delete. - If you can find your bho or task/file in these tabs, delete it and then reset your browsers to factory defaults. You might want to get a visual in C:\ProgramData for any executables, as well as check your Downloads and Document folders for any strange executable with weird naming schemes. Recommend checking your "%userprofile%\Appdata" *local, locallow, and roaming for strange executable as well. At the end, i would not return to security software that allowed this hi-jack/exploit/browser, ransom in the first place. Purchase ESET Smart Security and never turn back.

Maybe run a full cycle of Memtest86 ?

Hi Chris, I hope my quick version of DEP will answer your questions. DEP compatible processors and operating systems will prevent malware from running in certain blocks of memory that are designated for instructions only and not execution of applications. Although ESET has a memory scanner and exploit blocker, while actively watching memory threats, DEP could be thought of as an extra layer of protection; and since it is hardware based, i suspect DEP will prevent a threat from running altogether in memory, while ESET will "catch threats and disable" that have made it into memory or attempted to run. My recommendation would be to keep DEP turned on for that added layer of security on your system. If you decide you would like to keep DEP on, you should not receive any warnings from Microsoft that it is disabled, and i recommend running the following strings in an elevated command prompt to ensure protection. Windows 7 & 8 only (XP send a PM) [vista run and hide] bcdedit.exe /set {current} nx AlwaysOn bcdedit.exe /set {current} nx optin Once you have entered these into an elevated command prompt, restart your computer.

Sorry for the mixup and confusion, i must have been in another world when i responded and not thinking straight.

InvisionPower is the company hosting the forums. I have never seen this kind of misdirection since i started using IP board forums as well as ESET forums. What version of Firefox are you running? Are you using SSL scanning with ESET? Have you imported the certificate properly into Firefox if so ? I would also clear your web cache, as misdirects are usually the result of cache mixups. The fact that you had a problem getting to the site shows more that the site is well guarded and locked down, rather than vulnerable in my opinion.

I use windows 8.1 x64 bit and dont have this issue. Have you ever hidden any updates ? You may have an update that is hidden or not coming through. Try stopping and restarting the windows update service and the security center service. Does it go away after a computer restart ?

No it didn't go in any spam folder it was removed and I didn't remove it. That is my worry. So if Eset didn't remove it then someone could have been in my email account. Hello, It could have been archived due to size. Or an outlook mail rule moved it elsewhere. Without forensic examining would be hard to tell if someone was in your email, best thing going forward would be to change your mail password right away.

MD5: 3a924b200d86590d2c83214cebfa9742 SHA1: 7754047d6c7e0610e93db2a43a05a7d7ec1d1cf9 SHA256: 1525f5507d9e7ad2c14a29e6db31d56d798f1c2fbc86987dcd57704f7a0c2b1b Version 33.0.1750.154 Verified as un-changed.

The windows build bug is a known issue on the windows side, ESET is researching. The blue icon usually is an informative notification letting you know you need windows updates.