-
Posts
4 -
Joined
-
Last visited
Posts posted by Xander0311
-
-
Thank you Peter! Will report back with the log soon.
-
9 hours ago, Peter Randziak said:
Hello Xander,
can you please paste the appropriate lines from the ESET Endpoint's detected threats log?
Regards, P.R.
Hi Peter!
I'm not sure if these are the lines you're looking for but let me know if this is right:
QuoteThreat Details
COMPUTER NAME
verna-hp.companyname.localCOMPUTER DESCRIPTION
THREAT NAME
RipperTHREAT TYPE
virusSEVERITY
CriticalOCCURRED
2017 May 17 09:53:27FIRST SEEN HERE
THREAT HANDLED
NoRESTART NEEDED
NoACTION TAKEN
ACTION ERROR
unable to cleanOBJECT TYPE
boot sectorOBJECT URI
file:///1CIRCUMSTANCES
SCANNER
Startup scannerENGINE VERSION
15431 (20170517)PROCESS NAME
USER NAME
HASH
8 hours ago, itman said:Might be that Eset is identifying something is amiss with the MBR on that particular PC but mislabeling the theat. You can always just just repair the MBR to play it safe.
Sounds like something to try when I can!
-
Hi ESET Peeps!
I've been having a strange issue the past week. I'm an administrator for our ESET Endpoint service and noticed that I had a PC showing up as infected with a MBR infection known as "Ripper". I've scanned and checked the PC but did not find anything out of the ordinary while physically on it. Yet, everyday I keep getting the same warning, Ripper keeps showing up everyday in threes, found in file:///1 but there's nothing that shows up when sending out a clean request.
I've investigated what this virus might be about, but I can't find anything that's modern. The last know "Ripper" seems to be back from 1993 and mainly attacked floppy drives. (which this PC does not have what so ever.)
I'm starting to believe this might be a false positive. It's happening on a Windows 7 Pro machine, and the only conclusion I currently have is that it's finding the HP recovery partitions as a possible infection? What can I do to either confirm the infection and clean it, or have this PC ignore the error?
-Xander
Virus of the Past Ripper keeps showing up?
in Malware Finding and Cleaning
Posted
Hi Peter!
Apologies for the delay, but I've got a chance to run the tool you've linked. It came back stating that Olmarik/Olmasco was not found on the system. Attached is a screenshot and the logs created by it.
By chance, what's the safest way for me to dump that MBR log? I'm mainly returning search results to use TestDisk, but I'm not 100% comfortable with it since I know of it's destructive power in the wrong hands. Is it still necessary in this case?
esetolmarikolmascocleaner.exe_20170522.141902.4868.log
esetolmarikolmascocleaner.exe_20170522.141902.4868.zip