-
Posts
35 -
Joined
-
Last visited
Posts posted by Reza Shamsudin
-
-
38 minutes ago, Marcos said:
Use the Windows Recovery Console or ms-sys for Linux to repair MBR: https://askubuntu.com/questions/183799/fix-windows-mbr-using-ubuntu-live-cd-and-ms-sys-tool
Is it repair the MBR will make the Trojan also disappear from Eset detection/notification when log-in Windows 10?
-
Still load slowing here at Malaysia. Almost 1minute or more
-
We're having problem with our customer can't remove the Win32/Pitou.J Trojan from the Windows OS (HDD) using Eset Nod32 Antivirus.We also guide the customer using Eset SysRescueLive CD using bootable USB Drive still the Trojan can't be removed (refer attachment name : FAIL CLEAN WITH ESET SYSRESCUELIVE)
-
Hello,
Just want to report that https://my.eset.com/license website now a bit slow to load. Too slow loading now. Previously don't have problem like this.
-
Thank you for the answer.
-
Refer it from here, sample uploaded to Virus Total : https://www.virustotal.com/#/file/be5cf113596f40f6f1b0b3ec5f8d5cfe1a7572926258b32916d55633afe07df5/detection
Other reputable Antivirus as below detected it as a Trojan.
BitDefender
Comodo
F-Secure
Sophos AV
Vipre
Microsoft
TrendMicro
Webroot -
Is it False Positive (FP)? Because other reputable Antivirus Engine already detected it and label it under Malware : Trojan.
-
2 hours ago, Marcos said:
Might be FP,judging from the file name and generic detection names. We'll check it out,however,we kindly ask you to submit suspicious undetected files to samples [at]eset.com since this forum is not a submission channel.
I've already submit the sample via Eset Nod32 Antivirus program (submit for analysis) many times. But no respon yet from Eset or latest update still don't detect it as a Trojan yet. I can't send the Trojan sample via my Gmail. Gmail rejected it (maybe their Antivirus Scanner detect as a Trojan).
-
Hi Eset Support Team,
To extract use password : "infected"Refer also attachment, sample detected by 31 Antivirus Engine on virustotal.com
Note :Every important function such as PUA, Eset LiveGrid Setting, etc is already enabled. But still Eset Nod32 doesn't detected it as a Trojan yet. -
TQ Itman for the details & explanation. Yes it's a bad idea to download the cracked software. But it's for the testing purposed only. Some of the users out there, suggest all of the computer users to use the Hard Disk Sentinel (of course pirated one).
So I try to download & checkup the pirated/cracked software is it safe or else. And yes the result already told me, it's unsafe.
So this kind of result I need to tell the computer users, advising them DO NOT TRYING TO INSTALL the pirated/cracked software on their PC's.
-
I did not execute it yet. Just scan it with the option above is ON. Anyway don't worry, Antivirus is still made by human being. It have some flaws too.
I already submit the sample to Eset. Just waiting for the latest definition
-
12 minutes ago, itman said:
A few comments about the issue of hd.sentinel.pro.4.x-patch.exe detection.
The VT analysis shows that NOD32 detects it as a potentially unsafe application(PUA). As such, neither NOD32 or Smart Security would have detected this status until the .exe was actually executed. Did you actually try to execute it with Smart Security? If you did execute it and it was not detected, did you verify in the Eset GUI Antivirus Scanner settings that all the following settings are check marked?
Enable detection of :
- potentially unwanted applications
- potentially unsafe applications
- suspicious applications
Enable detection of :
- potentially unwanted applications
- potentially unsafe applications
-
suspicious applications
Done, of course above option was selected itman. I use my Eset Internet Security. Not Smart Security anymore.
-
On 7/20/2017 at 1:46 AM, Marcos said:
So you would like to ask user to allow access for word.exe or excel.exe if he or she wants to open a document from a protected folder? I was talking about protection from ransomware that injects into legitimate processes so the path to the executable will be standard and the file will have good reputation even if the malware injected in it could do malicious actions, such as encryption.
The main reason for "Folder Protection" suggestion was to protect our previous/old data that we don't use it frequently. If Eset won't put this functionality soon Avast, Bitdefender will having more customers other than Eset itself.
-
-
-
Sometimes, "whitelisting program" (for example Vodoo Shield) do a good job in blocking Viruses. The picture below was taken yesterday, while my Eset Internet Security was failed to detect the "Trojan" even in virustotal.com told EsetNod32 detected it.
-
"For example, ransomware payload .exe is named the same as well known system or application process. Alert is generated that User\xxxx\AppData\Local\Temp\explorer.exe is attempting file modification activities. Would the average user have the technical knowledge that the legit storage location for explorer.exe is C:\Windows\System32 directory?"
Quoted from itman above :For this one, we (IT Support/IT Technical) will guide them the legit process of explorer.exe will only coming from C:\Windows\explorer.exe directory itman.
Not guide them one by one.
We will use a group platform to give them the correct information, a reminder.
As for example, me myself currently advising all of the computer users (basic, average, expert computer users) on my Facebook Group : www.facebook.com/groups/cegah.ransomware.malaysia (Prevent Ransomware Malaysia Facebook Group)This is how I am advising computer users in my country : Malaysia.
-
Not yet Sir. But yes we will try to test it later.
But anyway previously I have tested the Cerber Ransomware attack with manual settings on folders by configure the Security & Permission.
Yes it's fail to encrypt the folder because of didn't have the permission to overwrite the folders. -
-
That's the point for "protected folders & data inside it". A basic concept for read, write, modify on the folders and inside it. I don't know if either Windows Defender, Avast OR Bitdefender using the same basic concept. Here one of the simple tools for protect folder and the content inside Thumb Drive or External Drive from Sordum.
-
5 hours ago, Marcos said:
What if ransomware is injected into an Office process or if it is run as a VBA macro? Do you know know these solutions protect the folder in such case? It's not much difficult to implement a simple protection but it could be relatively easily bypassed. And that is also the reason why we don't use just simple HIPS rules in antiransomware but instead it's a complex HIPS-based system for monitoring suspicious behavior of processes.
Can Ransomware injected into an Office process or run as a VBA macro possibly overwrite the folders security settings? What if the setting is "All Deny" Sir?
-
Hi,
Just a suggestion. In the future Eset version (11,12,13 and so on...). It might useful if Eset team will include the "folder protection" functionality on their Antivirus program.
Avast, Bitdefender, already put the function on their Antivirus if I'm not mistaken. Even Microsoft Windows Defender latest version also included this function.
The main objective is to to protect the folders & the content inside from overwrite by the Viruses, Ransomware (encrypted).
Actually for Advanced IT users, we all can do it manually. But users will always love a simplicity just build-in function & just a few clicks for setup the folder & content protection.
-
On 3/30/2017 at 8:55 PM, itman said:
Not sure about a template. You might ask in the Endpoint forum section.
Did you mean effective vs. "efficient?"
Also, you should read this "best practices" article by Eset on preventing ransomware: hxxp://support.eset.com/kb3433/
Ok itman, I will ask from there. thank you anyway
-
Ransomware Undetected
in Malware Finding and Cleaning
Posted
Yes, we too like the explanation from Eset IT Specialist.