Jump to content

xrad

Members
  • Posts

    4
  • Joined

  • Last visited

About xrad

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Ireland
  1. Hi I'm looking for a way to remove some PUM.Dns infections on a customer PC. Virus Total flags it as a Win32.WisdomEyes.It seems to be uploading data at various times causing up to 100% cpu resources. Eset EndPoint does not pick it up on scan. ADW picks it up and removes some files if the pc is off line but once the pc is back on line back to square one. Any help appreciated.... Just to note customer pc is used from 6am to 10pm 7 days a week with 4 to 6 users. I have tried numerus tools to try to remove it with no success ie. Scan / removal Online - Offline etc. Registry Infections Flagged: [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD} | DhcpNameServer : 89.19.64.164 89.19.64.36 ([ireland][ireland]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD} | DhcpNameServer : 89.19.64.164 89.19.64.36 ([ireland][ireland]) -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2719048277-607677208-3562655459-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : I have a small Endpoint log that I can PM as customer personal information is prevalent.
  2. Does eset get back to you if you after submitting the eav_logs?
  3. Thank you Macros I will email the logs now. The user was using IE no client used (Private email). To the best of my knowledge the user is not authorised to use the system for private email as new business policy is in place now.
  4. Hi Some of my customer pc's with nod32 installed have been infected with the "Locky Ransomware" virus. Nod32 did not initially detect the infection our customer noticed a rouge file on a backup drive. I would like to get more information such as the entry point etc. How can I find this? On investigation I noticed that a nod32 scan seemed to detect the infection was introduced via a rouge email. I could only get a low res screen shot of this. Is it possible to find this info from the logs and if so where do I look? Best regards, D. collector_log.txt data_dir_list.txt Processes.txt
×
×
  • Create New...