Arakasi

Hey Swex, my friend I think we were confused together on the idea. Mine is the same as yours, i agree. I was trying to say this: 1. You can register a domain and start a publication ! 2. Malware infects your site. VirusTotal and anti-virus vendors receive reports and acknowledge. 3. Your site is branded as a malware infected site and traffic is diminished. ie through "VirusTotal". Scanned on Jan. 1 2012 4. You remove your malware and publicize that it is gone. Traffic may improve and services are restored. 5. Your site still has that history of " HAD MALWARE " back in 2012. 6. Some people may still be hesitant to visit the site regardless of publications that no infection is residual on Jan 1. 2013 I hope we're together now !

I was able to download Simpsons, 2 different versions including tapped out , from Google Play, and ESET Mobile 2.0 did not find any threats, while downloading or while running the app. So im a little worried about your mobile device, as well as what you are downloading, or what "other app" may be infecting your files.

Just checking back here Nancy. Hope you got everything resolved and back up ? If you need assistance, just let us know !

Your firewall is now completely disabled, so the only protection you have from outside connections would be whatever your router provides; if at all. If someone were to obtain your public IP, your system could be compromised as easily as opening mstsc. Are you familiar with setting up exclusions ? I would encourage this if possible to the tax software servers and whatever ports they require.

It feel it would be a good idea, if collectively agreed upon, for this to be removed by a moderator to prevent confusion and/or complaints to the company or staff. However, that was a very nice deal hentaixen and i applaud and thank you for sharing with the community. I certainly would have picked it up, had it been in time. It almost reminds me of woot.com, e-bay or similar, it does not last very long.

Correct me if im wrong, but i think you were mentioning to call into support because they could add the license onto your additional expiration date ? Should mean your ok to purchase now and "extend your license" ! I have seen this done before, however unknown as to if its available for public. I have also seen where applying a license will make you lose the time you had left ie "1 month remaining" and added 1 year from the date of activating, thus losing your last month. It happened to a friend i work with, and i told him to call in to support and they would give him his month back !! I just laughed at him and his situation. Although its a serious altercation for business. I am assuming with ESET's policies and staff this has already been noticed and corrected ! Thanks to the mod that clears this up !!

respectfully. . . " lol "

tc330, hxxp://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Try grabbing Process explorer so you can tell whats holding that file. Link above ^^ Sysiternals package was developed by Mark Russovich and it is a reknowned sweet of apps for Systems engineers. That might help as well if the updated version gives you the same issue.

Hello Derek, If Eset is the culprit and you say it works ok on second machine. . . Uninstall and remove all settings and data, then reinstall.

See the following Microsoft KB article to fix your issue and log back into the account you need : hxxp://support.microsoft.com/kb/947215 I have repaired that issue on multiple occasions with clients, 9/10 times this is caused by a failing hard drive or corrupted registry, or if the computer was improperly shutdown multiple times. Sometimes it can happen if your profile has been corrupted and you have been using a temporary profile for the longest time. Check your %userprofile% from Run or Search in Start and you might have been using a TEMP profile. I doubt that this was caused by NOD32 or Smart Security. Good Luck Nancy !

Even so, these threats may have been on the site at one time, its very hard to erase that sort of publication. You can have the sight all cleaned up, re-scanned and re-reported to Virustotal and to all vendors blocking to unblock, however the publication of history will remain for some time.

https://www.virustotal.com/en/url/4342080228a108d576eaafc4ea99e98ce35f85e8f078472eb6b8a4802e435169/analysis/

I was able to get to your site just fine using nod32 AV version 7. Please include some screen shots of the error you recieved as well as your version of software and virus sig database version.

I'd emphasize that this doesn't mean there might be malicious files which would be skipped and left undetected due to smart optimization. Valid point for sure, my apologies for leaving that out. As far as HIPS is concerned, it does what it always has, host intrusion prevention. Going into details is probably frowned upon as that would be great information to pass along to malware developers and blackhat hackers.

Well , going forward, anytime i see uTorrent on one of my clients machines, i strip it off. Its used for downloading yes , but its also used for pirating software from other users via ptp There are several programs out there that block ptp and block programs like bittorrent , utorrent, azureus/vuze etc. Try uninstalling that, then uninstalling firefox and reinstalling firefox, and see if your error persists. Good luck

Duncan, Repaying your kudos back, but with good reason. A very warm introduction of yourself; i enjoyed the read. Welcome to the forums, and with all being said; i would like to add that i'm glad you're still "listening to music" as it is my belief , as a musician myself, it never really leaves someone once it has touched their soul. Hope to see more of you around. Enjoy the holidays !!

Well if your up for it, lets see about getting that taken care of o.O ?!? Toss me a PM after the holidays and we will see what we can do next week!!

What i mean is, check all the settings of ESET , write them down, then go look at the others on the 2nd and 3rd machines to make sure all the options match. VSD - Virus Signature Database

Your most welcome Hentaixen. Lets see if we can figure this out now

Thanks for your thoughts Bob See this post again though for more detailed info https://forum.eset.com/topic/659-dirtydecryptexe-file-locking-ransomware-virus/page-2#entry4094 It does use RSA and the private keys are usually here : RootDirectory\Documents and Settings\< username>\Application Data\Microsoft\Crypto\RSA

Thanks Aryeh

No its ok Its just possible it may be a different variant of sputnik There are many many many versions floating around. Thanks Senz !!

You didnt rename it then. Go to Control panel > Folder Options > then View tab > Uncheck hide extensions of known file types.... rename it again.

Runtime packers are pretty much viruses that are compressed into zip packages or rars, or 7z, or whatever, and release when activated. There was big talks about this at Blackhat. Blogs on eset as well : hxxp://www.welivesecurity.com/2008/10/27/an-introduction-to-packers/ Why its not for default could have to do with system resources, ensuring weaker computer systems dont get bogged down and freeze up. Smart optimization kind of falls in a similar category, it basically speeds up the scans, which will help detect different sources of malware, but also might cause others to be skipped over, so they chose off by default. Long thorough scans are a more proven method in finding files, which scans every file on the drives & system, not just the high priority targets. Timestamp is an option to keep the original access time of scanned files instead of updating it , and is more or less for backups, and files that have been altered or zipped, or what have you .... Off by default because not everyone uses backup or similar and the files dont really change in size or format etc.