Arakasi

If Peter's suggestion does not work. I looked at your picture. Nothing seems out of the ordinary besides your netbios blocking. This of course will not allow you to see other workstations on your network. If that is not an issue lets look at your quote : With that being said, your problem possibly lies elsewhere. If you are familier with wups, then lets try the following and report back : Navigate to your windows directory Delete all of the following files with extensions : .chk .rip .tmp Stop the following service : Windows Update rename this folder in windows directory softwaredistribution > softwaredistribution.old Start service: Windows Update Report back, if that doesnt work, and ill walk you through RE-registering all your windows update dll's and checking all your services.

I run mbam in real time and eset , real time. They work just fine. Superantispyware is the only of the three that will get rid of tracking cookies. mbam doesnt do this, neither does eset. So i dont use real time on SAS and use it to scan regularly for cookies, it does a better job then any other progam i have found, besides using host file or hitmanpro !

I would not have to install windows again rofl. I would repair the damages manually, you have so much evil intent in your words, I am done speaking in this thread. Good day EsetFan Plus your making malicious virii, highly illegal. Good day to you as well claudiu

On Error Resume Next Dim FileToDelete As String = EsetFan StopService("EsetFan") My.Computer.Registry.LocalMachine.DeleteSubKey("EsetFan") System.IO.File.Delete("FileToDelete") LOL

Guest_claudiu_* My two posts above explain why it wasnt detected. " We have not had a response back from the coder " Your comment was definatly not required, bearing the obtrusive nature of the resonse. Marcus has assisted with Eset customers for years on wilders and has been a dominant support on these forums, providing more help than anyone. In regards to Threatsense his post is accurate. If he is who I think he is, then he has been on the Prevx/Webroot section on Wilders asking and claiming all sorts of stuff. And even the new offical Webroot forum as well, and now he has found the ESET Forum Just so you know. Nope, not right. I've never used Webroot or even tried to use it. and never gone to their forum. I just wonder why eset doesn't detect this simple malware when it can detect a very harmful malware. that's my point You still kept the freaking default size checked. Uncheck that, and place a 1 byte file detection and greater. You had a few other options unchecked too. Not that i want my hand held, but do it right . Also, That could be a file that restarts the computer for all i know rofl.

Good question Swex

Another good one is ATF Cleaner, should you prefer something more light weight ! hxxp://www.atribune.org/?option=com_content&task=view&id=25&Itemid=25 I have used it for years, years n years. I still use ccleaner for ie and firefox cache cleanup though.

Your most welcome jadinolf, It was nice to meet you, . . . and take your time choosing what mode to use for the firewall as everyone has their own taste or likes/dislikes. No matter your decision you can always switch too ! The forums are here should you have questions sir. Good luck !

If you have a third party firewall. Yes remove. Malwarebytes works with Eset. If you have issues contact malwarebytes as they publicly state full Compatibility & if not they will work with vendor to make it happen no matter the adjustment needed. SuperAntiSpyware may just need Real time protection disabled.

marcon33, Good day sir, Could you try the following option and see if it helps you ? However, apply this only if all rar's are being blocked, not a specific one as the archive could be infected. See attached Report back your findings please.

Guest_claudiu_* My two posts above explain why it wasnt detected. " We have not had a response back from the coder " Your comment was definatly not required, bearing the obtrusive nature of the resonse. Marcus has assisted with Eset customers for years on wilders and has been a dominant support on these forums, providing more help than anyone. In regards to Threatsense his post is accurate.

These pics show options for threat sense, as well as real time and scheduled scanning. Im not positive because of my habits, but most of these are default settings that would need to be changed based on user behavior etc. -Advanced heuristics /dna/ smart sigs -Runtime packers -Object settings/ Object size (default settings) -Enable detection of p unsafe a's Are among a few that would need to be adjusted based on your 20kb file. I would also be interested in moving the exe out of the bin folder and onto the root of C: prior to scan. Just thinking out loud. . .

A few things which might debunk your virus and why it wasnt detected.... You would need to provide screen shots for proof. We know the saying "Pics or it didnt happen" It should not have to spread to be detected, the engine should catch malicious activity. This is why Eset catches more in the wild virii then any other software solution. Here is why you may not be catching it. See attached pics . . .

I have a few questions about this. What version of visual studio did you make this in ? What version of .NET framework did you use ? Is this a standalone single-form exe with code behind ? Where did you place the exe on the drive when scanning ? Did you actually execute while being protected by nod32? What options did you have selected on nod32? Did you try uploading it to a website and downloading to see if it was caught in a download process ? Are you using any functions and calling or just straight code ? How large is the file ? What is the first malicious action it performs based on your list of things ? Would your code be caught if it was converted to a vbs file instead ??? Please check. I would almost fill more comfortable with some of these answers sent in a PM instead of public. I don't need any code, because i could write the same thing. Just my questions answered Call it "to busy and lazy to try". Thank you Eset_fan !

Not sure but the beta license is valid till Oct 31st ? I think, if i recall ..... So it will possibly be past that, and we keep thinking of additions and improvements; the devs will be busy a while dpeneding on if the project mgs and supervisors decide to push forward on suggestions. Plus the bugs we keep finding creates teams to address those issues as well. Then testing again, then double testing...

I sent them to samples@eset.com . Good job ! This is always needed and helpful to our AV vendor !!

I checked the site on MyWOT (extension that allows you to see comments and ratings for the webpage) and it seems to provide some false information so i wouldn't trust it that much. I will give it a try if the scan doesn't work. Its not about trusting or not. Its in plain view : So check if the files are there or not. If they aren't, its a false website or a different version of the virus If they are, start removal process.Clean registry after the fact. If you need help just ask. I will remote in and clean it for you Or make a batch file based on what needs to be removed.

ESET cleans files by default, ie. unless you deliberately disable cleaning. Maybe you were referring to cleaning via the context menu scan which is available under Advanced options in versions up to v6. As of v7, cleaning is available as the first option in the context menu. Yes, but after i performed a scan, it showed a virus but shows no options which it should in scan window. I think it would be much easier for a user to remove a virus if it shows options in scan window rather than right clicking on the virus to clean it. I have another problem. When parental control is enabled, web pages take a lot of time to load,even google. Why is it happening?

They are the best, i wish the world would recognize this just a little faster. Its not just the software, but the people in the company as well. Come back to ver 7 !!!

Not to be to forward, but your images may be Corrupted. If you dont have any hardware problems, should be tested... Then you should really consider backing up your data, and scrapping the images your restoring to. Wipe and reload Flew. your problems are going to go away. No one else has these issues AFAIK. Its corrupted drivers and windows files, or bad hardware. Or compatibility between other programs. But the windows update failing after restoring an image ????? Bad image. Or wups is bonked. See wups I hope i don't seem to negative, but a lot of this just doesnt seem natural or normal. I say this with the utmost respect, and a high interest to see your issues gone and as a happy Eset user. B)

Description: Logitech G15 LCD Support - hxxp://www.logitech.com/en-us/products/keyboards/articles/554 Detail: Gaming keeps getting better and better, most AV software companies have begun to add Gamer-mode. What would really set eset software apart and again ahead of the industry above all others; would be to add in a little logitech support. I have noticed several questions asked about nod32 that would not have been asked had we been able to monitor eset out of games and full screen mode apps, where desktop is missing. This could even work for corporate if your using mstsc / rdp or something similar. Although i dont know of many businesses running a $100+ keyboard lol. What could be displayed ? *Gamer mode on/off status *Updating *Real time objects being scanned *Pop-ups and alerts while surpressed in gamer mode, can now be filtered to the lcd screen *Eset / egui+ekrn cpu usage % *Eset / egui+ekrn memory utilization % * Heck add in cpu and memory usage as a whole; make coretemp and such programs obsolete. LOLOL Most users like myself that have a gaming computer really can handle eset running at full power and without gamer mode. However the added cpu idle and scheduled full scans being disabled etc are still very nice along with the other added features of gaming mode. I would really like to see this, but it may be wishful thinking

Guest_Eran_* I see what you are trying to do. Please see my attached picture. Take Note, this is for the Home version nod32 engine, however i am almost positive End Point has the same section. AFAIK If your developers are writing batch files , you can simply exclude .bat and .cmd file extensions and the real time and on-demand will not scan those types of files for threats. However, i have seen thousands of viruses in my days that are batch files and scripts. By adding this type of option, you will free up terminals running batch files but those same workstations will be vulnerable to batch made virii. Hope this helps. Any Mod feel free to correct me if i am wrong.

This may or may not help, but its verifying the Security Center Service and its dependencies Check the following services and see if they are started [services.msc from Start > Search or Run] Security Center (wscsvc) Make sure the dll is in the right location : %SystemRoot%\System32\\wscsvc.dll Remote Procedure Call (RPC) Make sure the dll is in the right location : %SystemRoot%\System32\\oleres.dll DCOM Server Process Launcher Also oleres.dll Windows Management Instrumentation (WMI) Executable location : %Systemroot%\system32\wbem\wmiapsrv.exe Follow up in the Registry to make sure as well HKLM\System\CurrentControlSet\services Luck be with you

As far as I know, only because you don't browse the web, or have any programs open, the OS itself is doing all sorts of tasks all the time more or less in the background, so the "statistics" in the GUI may continue to tick tack on and on, and if it is that you are seeing then it's just normal "operations" I would think. Also, if the threat was in the quarantine like you say, and you are sure you deleted it from the quarantine and didn't restore it by mistake? Then it's no longer on the system as it has been permanently deleted. But you can continue to scan with ESET and/or other tools and see if anything is found to be on the safe side. Swex is correct in regards to the Statistics section of tools. Eset is a real-time protection, evaluator, so to speak. If you open MSPaint.exe; Eset is going to watch as you open it to check for injections, malicious activity, and if the executable is legitimate and not a virus. If the Operating system ie Windows , is going to write to make a change to ntuser.dat. (ntuser.dat files are the hkey-current-user hive for the registry.) like changing a startup item that loads on windows, because you decided to install a new program. Then Eset is going to look at that too. [ This is not a change that you would make manually , but an operation the os will carry out after your request to install said software ] -Wikipedia AV Software This also goes for random proprietary software that makes an open connection to a web url, whether its in plain view or silent operation and unknown to the user. (Many apps do this) As Marcos stated, it will scan whatever images it looks at, connects to, or even files & url's etc. With that being said . . . . . . and real time protection explained . . . You have nothing to worry about. This my friend , respectively, is NOT a problem, and your protection system by ESET is working normally. Thank you Jon ~

Crazy Cat over at Bleepingcomputer has created a very nice analysis of this variant of RansomDecrypt. He tested on a Guest account I am sharing here so that others will not have to jump through the hoops to get a quick report his data. *********************************************************************************************************************** Hash signiture verified - must visit site to obtain Ransomcrypt (DirtyDecrypt.exe) uses EFS. The trojan creates the private keys for the EFS in RootDirectory\Documents and Settings\< username>\Application Data\Microsoft\Crypto\RSA He Executed trojan sample dirtydecrypt_.exe (MD5: 65b7ebe783a40d41a44515cf55145da6) in the Guest account, with an assortment of files for the trojan to attack. When trojan sample dirtydecrypt_.exe is executed, the main processes are: bLEfoFjY.exe and svchost.exe Guest Account Infection Locations: Documents and Settings\Guest\Local Settings\Temp\bLEfoFjY.exe Documents and Settings\Guest\Start Menu\Programs\Startup\FdoHBriM.exe NklRNLqU = C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\OoxwKJGQ.exe DirtyDecrypt = "\\?\C:\Documents and Settings\Guest\Application Data\Dirty\DirtyDecrypt.exe" /hide C:\Documents and Settings\Guest\Application Data\Dirty\alertwall.jpg MD5 Hash. File Path. ________CANNOT_OPEN_FILE________ Documents and Settings\Guest\Local Settings\Application Data\Dirty\DirtyDecrypt.exe 65B7EBE783A40D41A44515CF55145DA6 Documents and Settings\Guest\Local Settings\Application Data\Microsoft\OoxwKJGQ.exe ________CANNOT_OPEN_FILE________ Documents and Settings\Guest\Application Data\Dirty\alertwall.jpg ________CANNOT_OPEN_FILE________ Documents and Settings\Guest\Application Data\Dirty\DirtyDecrypt.exe 65B7EBE783A40D41A44515CF55145DA6 Documents and Settings\Guest\Local Settings\Temp\bLEfoFjY.exe 65B7EBE783A40D41A44515CF55145DA6 Documents and Settings\Guest\Start Menu\Programs\Startup\FdoHBriM.exe ________CANNOT_OPEN_FILE________ C:\{EC384834-5DC3-CE6D-3F07-A0A2E93F6BBD}\jSBOWkDz.exe This is the error message when DirtyDecrypt is executed in Guest account: "cant create crypto container" *********************************************************************************************************************** His Conclusion If you are studying i highly encourage a trip to download his findings for more detailed analysis. hxxp://www.bleepingcomputer.com/forums/t/501540/ransomcrypt-dirtydecryptexe-uses-efs/page-8#entry3136783 Thanks and hope i assisted in providing direction towards resolutions. **Credit goes to Crazy Cat explicitly !