[Can I manually delete quarantine files?]

This is also an issue I reported months ago , as we have a server that quarantined all .zip files to prevent them being deleted or being delivered to customers, I was advised that the self defence module needs to be disabled and then the quarantine folder emptied , however I did ask if a pagination feature could be added or a limit of 30 records loaded at a time as we have had the same issue where the server becomes unresponsive,

[security incident on forum.eset.com]

Maybe Eset should add there two factor authentication to there forum , a simple pin sent to the phone to confirm you are who you say you are?

[Files corrupted by unidentified virus. Server protected with NOD32.]

if you have shadow copies enabled on the server you will be able to restore all the files without this corruption , I would however ensure your server is clear and run a full network scan via remote admin, aswell as enabling audit logging on file reads and writes this may then show you where these infections came from , potentially an employee using facebook or opening infected zip files from fake  hrmc, tnt, dhl accounts.

 

We have recently overcome this same infection for a new client,

 

Regards

 

Matt

[ESET locate and removal of Adf.ly adware/malware? Mine doesn't.]

I don't believe eset will help you with this, probabley best you download malwarebytes and do a full scan , im sure this will remove the infection, failaing that check your addons in firefox, majority of annoying malware in browsers can be removed easily,

 

Regards

 

Matt

[Eset cannot detect this Virus]

I would look into how the infection got on the system in the first place, also connecting 150 machines up to a single Remote Admin server will help you to scan and clean the machines in one go,

[Best Practices when Machines Remotely Access ERA Server?]

The easier option would be to open 2221 and 2222 for internal access at the server level and leave your external firewall as it is, but allow all laptops to connect via VPN, this adds security while allowing clients to update there status and doesn't open any ports on the external firewall. if these are business laptops used at remote locations its more than likely they will be using VPN's already.

[http://www.nationzoom.com/]

Good Place to start with any infec tion is bleeping computer however please follow this link

hxxp://www.bleepingcomputer.com/virus-removal/remove-nationzoom.com-browser-hijacker

[Win32/Kryptik.BORN - file encrypted]

Can I ask if you have checked shadow copies on the machine? as those files will still be unencrypted, Failing that this is why a backup is a good thing to have even on a single machine.

 

 

Regards

 

Matt

[Files corrupted by unidentified virus. Server protected with NOD32.]

Hi Ocean LC ,

 

We have also experienced this infection getting past Eset, I believe this was accomplished by hiding inside a zip file as an attachment on an email, but also would have been opened by a member of staff, luckily any of our customers with eset mail secuirty for exchange we have enabled rules to remove any files that are .exe .zip .rar ect... which has prevented the infection on a lot of customers, however standard antivirus protection from eset doesn't stop the infection at all, we are beginning to look into the lockdown bleeping computer have suggested as a preventative measure by using software security via group policy.

 

Block CryptoLocker executable

Path: %AppData%\*.exe

Security Level: Disallowed

Description: Don't allow executables to run from %AppData%

.

Block Zbot executable

Path: %AppData%\*\*.exe

Security Level: Disallowed

Description: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path: %Temp%\Rar*\*.exe

Security Level: Disallowed

Description: Block executables run from archive attachments opened with WinRAR.

Block executables run from archive attachments opened with 7zip:

Path: %Temp%\7z*\*.exe

Security Level: Disallowed

Description: Block executables run from archive attachments opened with 7zip.

Block executables run from archive attachments opened with WinZip:

Path: %Temp%\wz*\*.exe

Security Level: Disallowed

Description: Block executables run from archive attachments opened with WinZip.

Block executables run from archive attachments opened using Windows built-in Zip support:

Path: %Temp%\*.zip\*.exe

Security Level: Disallowed

Description: Block executables run from archive attachments opened using Windows built-in Zip support.

hxxp://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

[google redirect virus]

Good Afternoon Jim Cherry,

 

I would advise using malwarebytes to remove the infection the software is freely available online however you may or may not be able to get to download the software from your infected machine due to thye redirects on google, I would advise downloading the software to a usb drive and then transferring the installer, once installed this should allow you to scan the machine and remove the infection ,

 

Regards

 

Matt

[So hard to Purchase]

If you need any renewal licenses I would be more than happy to sell them to you as reseller we would love the business, we sell the product at the same price as everyone else, no extras or hidden cost.

 

PM me for any details

 

Regards

 

Matt

[w32/blaster worm - help!]

Sorry Janices, I work with the business versions and they are now called "endpoint antivirus/ endpoint security" the home software is still nod32 my apologies, Can I ask what software reported you had this infection as in your original post it stated eset wouldn't open, keep me updated, there are several different tools we can run to try and get rid of the infection,

[Cannot reboot after eset sirefef removal tool]

When starting your pc can you repeatedly press f8 until you receive a list of options starting with safe mode and select the option safe mode, using the up and down arrows, press enter and see if it boots  if you get to windows at this stage post back.

[ESET Online Scan Impressive Results]

No Anti virus vendor is 100% effective however due to the definitions of virus and malware some antivirus companies are only preventing Virus's and not malware however eset has its built in "unsafe" application scanner.

[w32/blaster worm - help!]

When you say nod32 , the actual nod32 product was stopped several years ago and new products where brought out, I would suggest you find your eset username and password and download the latest product from esets website, also you can run a malwarebytes scan whilst eset online scanner runs.

[Endpoint Antivirus Network Connectivity]

Is there any chance you can give us a list of any other software on the machine, weather you are updating via eset online or internal server? have you tried disabling and re enabling the network card, updating the network card driver?

[w32/blaster worm - help!]

That site should be safe however the link below is a direct link from the software developer: hxxp://www.malwarebytes.org/mbam-download-exe.php

 

Regards

 

Matt

[Impacts on server performance with Exchange Mail Security?]

Hi DerFunk,

 

I use Eset Mail Security for Exchange on 20 odd Windows SBS boxes which don't have as many mailboxes as yourselves but have similar specs and performance wise it doesn't have any effect on the stability or reliability of the servers, very lightweight A/V tbh,