G Paw
-
Posts
11 -
Joined
-
Last visited
Posts posted by G Paw
-
-
On 2017-6-7 at 10:08 PM, cyberhash said:
I presume you are still infected by this nuisance re directing ????
Well, the good news is I was able to remove the nuisance after many hours of applying tips from the Microsoft site which finally triggered a nod32 notice indicating a "JS/Kryptik.BFX trojan" - which I was then finally able to remove using the NOD32 menu selection "Help and support/ESET Specialized Cleaner". That was 2 days ago and no more warnings, blocked objects/websites.
I decided to submit the trojan to eset, although I don't expect to hear back from them.
@peteyt: I have been in IT support for 20+ years.
-
On 2017-6-6 at 6:58 PM, itman said:
This in itself "speaks volumes" about the fact your browser is heavily infested with adware, etc..
The rhetorical question is "how in the world would this happen with nod32 and malwarebytes protecting my system?"
-
Update.
I ran both of the above suggested products – the AdwCleaner cleaned 100+ entries.
The Autoruns showed 1 Image Hijack entry which I unchecked.
Rebooted and nothing happened for a few hours.
However, I just received 3 simultaneous malwarebytes notifications - (blocked outbound connection) - and none from nod32
I also received a Windows Script Host Error. (jpg included below) - I renamed the entry noted in the error and rebooted.
I checked the nod32 log to confirm there were no entries.
However, I checked the malwarebytes log and they are recorded. In addition, Malwarebytes was also logging block-outbound actions much further back then nod32.
A few hours later, I received a nod32 Outbound connection notification and an entry in their log … none was detected by malwarebytes.
The entry timestamp of the logs occur at different times between the two logs, so it appears nod32 grabs some and malwarebytes grabs some.
The fact that both nod32 and malwarebytes still detected attempts meant I am still infected. And not only that, it would seem there could be outbound attempts being successful that neither product is catching.
Any other suggestions before I open a ticket with support?
-
Having used nod32 for 12 years without issue, I was very surprised that this happened.. but as you said, this type of redirect bypasses all A/V and attempts were blocked by nod32. I am careful where I download from, but obviously not careful enough.
Thanks again.
-
@cyberhash - thanks for this suggestion - I ran AdwCleaner which found 110 threats. A second pass gave an all clear.
@itman - I will try Autoruns if necessary... thanks for the caution as well.
I will report back in a couple of days.
-
Thank you all for the replies. Any suggestions how how to get rid of it?
-
here is the details of the last pop-up warning:
-
I have run nod32 for many years so not sure how this would have happened. I also run malwarebytes (real time), so this is really making me wonder why to both of these.
My hope is that there is a simple fix.
I am now wondering if I should submit a ticket to Support for this?
-
Although this is not the alert, I think the alert makes reference to wscript.exe - I will try to be ready to capture the next alert.
Here is the result in the log
-
For about a week, I have been getting nod32 warnings of blocked objects (eg: hxxp://www.server1800/r6.php?cmd=e, hxxp://www.elitefund/r6.php?cmd=e, etc)
These occur daily with 2 to 4 sites involved
Can anyone tell me what/why this is happening?
Thanks
Line 6 drivers won't load unless "Memory Integrity" switch turned off in Windows 11
in ESET NOD32 Antivirus
Posted
Developer Line 6's drivers won't load unless the "Memory Integrity" switch is turned off.
Someone on the Line 6 forums said that he was able to exclude these drivers in Windows Defender.
Is there a way to exclude these drivers from the Memory Integrity problem so as to leave the switch ON in Nod32?