Arakasi

Fixed O.O ! It's okay, your awesome Marcos !!!

Browser plugins are a primary target for malware and spyware creators, due to the fact the plug ins have already manipulated the system; and its the main program that floats around the web for users. Why go out there and try to attach to emails or similar when you can sit on a webserver and wait for the less inclined to stop by with the right conditions like Yahoo toolbar or Google toolbar with lack of java patching or flash patching etc. Some people might shake their fist at me, however i really dont care, but you will be better off following these conditions : - Dont use plug ins ie. Yahoo toolbar etc ( CoooOoOoOL i can do this stuff right from my browser??; quit being lazy and go to the sites that are setup for these. ) - Dont use the most popular browsers ie. Chrome ( I use Waterfox , people usually go huh?!? whats that ? ) - Check for updates on your main web based apps daily ie. Flash, Java, Silverlight ( Make sure stuff like Jusched are running ) - Dont visit suspicious sites or sites you have never been to without checking on VirusTotal or similar. ie. www.freecoupons.com ( Maybe has free stuffs for me ??? ) The list goes on, but you get the jist ! Good day. B)

Hitman Pro is probably the better out of all of the above, however it does not remove as much cookies as SuperAntiSpyware, but does remove more malicious files and have better tactics of fighting malware then SAS like killing processes and moving files around, plus deletion and restoration in order to combat malware, due to the fact it is multiple engines in one and uses a cloud scanner. *Bitdefender is inside as well as Emsisoft - better companies Of course the better route to blocking cookies is not to allow them in the first place, and monitoring your host file trumps all that, when the cookies are harmful, and not needed for certain websites. *C:\windows\system32\drivers\hosts

This is true. Are earliery versions more light-weight and compact, possible dumping less into memory, and taking up less disk space, due to the fact they have less options, and lower standards of malware scoping ? ( Of course not referencing the definitions at all. ) Would be the final and only reason i could think of ?

License will work on any version 3set.

And i provided links to the fully functional version 7.

I can confirm Firefox is a memory hog, however with a system full of RAM its not an issue. I use Waterfox, its better for 64bit systems. Google it. CCleaner has never given me an issue with Eset ver7 hips and ams active. I have been using them in tandem for months now. I have 6GB of memory, yet a processor with 4.2ghz frequency I use windows 7 home premium 64bit I never use IE. Just to add against testing and research as well as comparison for trying to resolve.

I dont usually recommend pc tune up programs, they take away control of your pc, which is the whole idea of a PC ! In-Control CCleaner has no issues with ESET. The Registry cleaner is decent and so is the startup and programs manager. It does a great job of clearning out temp files. After taking a quick look at avg tuneup i notice that its a pretty embedded piece of software, which would tell me, "ESET HIPS" will probably block a lot of actions it will try to perform. However if you want i can fire up a virtual environment and test for you. Eset supports vm according to a few mods here in the forums. Let me know !

hxxp://wikileaks.org/spyfiles/files/0/299_GAMMA-201110-FinFisher_Product_Portfolio-en.pdf Corrected: Check out this PDF from wikileaks. The Full Portfolio Thanks Swex !

That could work too ! +1 Peter

Good day Chris, If your running Eset, you should be able to restart the computer and let it sit on that lockout screen for 5-10 min. Most processes will still run despite the full screen app keeping you from visually seeing your desktop. Eset should clear the virus. Restart again after prolonged period. If not, here are some manual instructions. Boot to safemode again. Open Control panel, and Folder options. Select view tab, and check mark "Show hidden files and folders" navigate to C:\ProgramData and look for suspicious executables or jscript files and delete. navigate to %userprofile%\Appdata\Local do the same navigate to %userprofile%\Appdata\Roaming do the same navigate to %userprofile%\Appdata\Local\Temp do the same navigate to %userprofile%\Downloads , Documents, and any other TEMP directories you may find. navigate to C:\Windows\Temp look for unrecognized exe's Open Regedit - and navigate to this key : HKCU\Software\Microsoft\Windows\CurrentVersion\Run & RunOnce Remove any executables or batches trying to run at startup. This should give you more leverage. Let us know if you found any files that you deleted or look malicious or that you did not install.

Are you playing on any of the expansions like frozen throne etc ? You may need to add the executables for those as well, as i only see warcraft 3.exe in your list. Add Frozen throne .exe as well with the same rules ? Sound like an idea ?

If possible, before cleanup. Could you submit samples to ESET as Marcos requested ?

That is definitely a modified or fake virus / picture / or similar; as you can see " NO ESET LOGO " as i have attached the " real " genuine picture of what that virus looks like. Its a very simple virus to clean. Boot to safemode, show hidden files and folders, and you will find the executables and javascript files on C:\ - C:\programdata - and even in %userprofile%\ appdata\local & roaming etc. Should be able to reboot after manual deletion. Some variants will block safemode, at that point pull the drive. See attached:

I dont want to discourage others from trying the same solution. I am not sure if your issue is directly related to this same service system file or not, also the first time you have posted in this thread. Eset service (ekrn) is totally different then the BFE service or Epfwwfpr service. nickster, could you paste a screen shot of the event viewer error with details of your lockup ? The screenshot will have to wait for the next error as I've just cleared my logs out. However, could there be a link with the Anti-Stealth support module: 1051 (20130822) and/or the HIPS support module: 1094 (20130822)? I experienced at least 9 failed logons since those modules were updated and even though they occured before, they were not as frequent. Not to sure, those features are a whole new ball game. Might be something Staff can answer for you !! Unsure of the current status of those modules and any reporting that may have been done thus far. Also, if you did not purge your event logs, and only cleared them in the UI of event viewer. I think they may still be available @ C:\Windows\System32\winevt\Logs\

Good day DustWolf, As a long time loyal customer; i just wanted to drop in and add an extra bit of encouragement to submit pictures and samples please. Let ESET take down and trace who ever is purporting to be them, and also attaching their logo to malware. This could have grave consequences on stocks and business. It makes me grind my teeth someone has possibly created what you speak of. Thank you Dustwolf, and a big thanks to reporting and sharing. *** Also if that is a FBI / Moneypak virus. updated VSD of ESET will remove. Sit at desktop for 10 minutes with internet LAN cable connected, so ESET can obtain any new updates, then try restarting the machine.

I dont want to discourage others from trying the same solution. I am not sure if your issue is directly related to this same service system file or not, also the first time you have posted in this thread. Eset service (ekrn) is totally different then the BFE service or Epfwwfpr service. nickster, could you paste a screen shot of the event viewer error with details of your lockup ?

Have tried this which CB530 suggested : https://forum.eset.com/topic/535-setting-up-and-testing-alerts-notification/#entry2445

Are you sure its a direct connection from the Server ? I would also be interested in knowning what protocols. Have a look at this article Cornel ! hxxp://community.spiceworks.com/help/Is_My_Firewall_Software_Getting_In_The_Way%3F Nice to meet you sir, and let me know if you need some assistance configuring firewall, AFTER you have read above article ! Looks like you need all these exclusions set on host, or on your server : C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe C:\Program Files\Spiceworks\bin\nmap.exe C:\Program Files\Spiceworks\bin\spiceworks.exe C:\Program Files\Spiceworks\bin\spicetray.exe C:\Program Files\Spiceworks\bin\spiceworks-finder.exe C:\Program Files\Spiceworks\pkg\gems\spiceworks_common-x.x.xxxxx\nbtscan\nbtscan.exe and fill spiceworks directory. Good information in that article i posted !!

tc330 You stated that you tried using exclusions to add the file, or possibly add the directory ! However, may i make a suggestion that might not have been attempted ? try adding exclusions for all .bin file types !! ?? !! Here: Setup > Advanced Setup > Computer > Antivirus&Antispyware > Real-time file system protection > Threatsense engine parameter setup > Setup button > Extensions Add " BIN " files. See attached. Maybe THIS will help you going forward !! - Let us know if it works please !

Here's more. I am gonna get kilt for spamming instead of putting this all together, but hey. . . . i keep running into helpful information. Please dont be mad lol. This other attached pic is the description of BFE service. With that being read, this " epfwwfpr.sys explicitly relies " on the BFE service to be running in order to work properly. See second attached pic !!! So if any of those are failing, or lagging behind during the boot process, or set to auto-delayed, or anything of this nature. Your system is going to HANG !!! Good luck !!

Oh another note, the attached picture is Malwarebytes Pro - This picture shows what i am almost positive is the option for HTTP protocol checking for MBAM which would collide with ESET, if both are using the Base Filtering Engine service and others together. I use this software in conjunction with ESET Nod32 ver 7 I have never, ever, had a lockup or conflict issue while running these two concurrently !!! I use Windows 7 Home x64bit Feel free to ask any other questions about my system.

Hey guys !! Just to chime in here . . . Hopefully ESET doesnt kill me for manipulating there files . . (hey ! programmer + tinkerer) I'm sure i would get a phone call from " Andrew " if i was out of line, LOL. Okay in the interest of trying to provide a workaround, i messed with this -----> epfwwfpr.sys First i went to HKLM\SYSTEM\CurrentcontrolSet\Services\epfwwfpr and tried changing start type from 2"AutoStart" to 4"Disabled" but ESET repaired this each reboot. I then renamed the entire key by adding a tilde - (Had no effect) I next went to %systemroot%\system32\drivers and renamed "epfwwfpr.sys" => "~epfwwfpr.sys" After restarting, astonishing this was my error: [see attached pic] Cannot provide analysis for HTTP and POP3 So i restored the file, and im here posting to suggest Disabling HTTP Checking, and POP3 protocol Checking from Advanced Setup Setup > Advanced > Web and Email > Email Client protection & Web access protection. Then see if your computer still locks up on restarting like you say. **** Please take Note : With all this being said, keep in mind ESET is providing their firewall technology incorporated into the NOD32 Antivirus software, when we are not even paying or using the Security Suite. This we should be thankful for. Let me know if the above helps with your lockup issue on that file.

Allow me to try and explain in simplified terms hentaixen ! Your first scan will take 4-5 hours. Thoroughly scans every single file. Second scan looks at your files and determines if it needs to be scanned again. Example: Scan 1 File1: Size = 5KB Modified Date = 1/1/2012 Location = "C:\Programs" Permissions = Admin[Full Control] File Type = .TXT MD5 HASH = 81051bcc2cf1bedf378224b0a93e2877 Scan 2 File1: Size = 5KB Modified Date = 1/1/2012 Location = "C:\Programs" Permissions = Admin[Full Control] File Type = .TXT MD5 HASH = 81051bcc2cf1bedf378224b0a93e2877 *********************************************** ESET finds File1 is the exact same everything as the last scan File1 ----- SO SKIP THIS FILE [There has been no change in the file] *********************************************** On to File2 ...... Keep in mind of what James said about ThreatSense as well. If another computer already scanned and gave these results, it will also SKIP So every scan after the first will be super fast unless you make serious changes to directories/locations/files , or possible partition changes & disk drive letter changes or similar to alter your system. ** Please note - I was really trying to be helpful in my explanation here. Good intentions always !

Thanks jadinolf !!! No worries. I am friends with hentaixen, i am sure he is ok with me commenting on his thread ! " How is your Eset running Jadinolf? "