[CryptoWall]

I haven't tried but I used Malware Bytes to remove it so I guess it is now gone. 

 

My concern is why Eset missed the file and did not attempt to stop it running and delete the file, surely that is what it is supposed to do. According to Eset they have never ever missed an Out in the Wild virus so what happened.

[CryptoWall]

Hi 

 

We have just been hit by the CryptoWall/CryptoLocker virus. We are running Version 5 managed from the Remote Admin Console and fully updated with the latest signatures.

 

ESET did highlight and delete the some of the encryption html/txt files, but the PC that was infected did end up with encrypted files ending in .aaa. Thankfully I was informed quickly and was able to stop it spreading to the network shares.

 

An Exe file was found lurking in the users Temporary Internet folder. The Exe file with a random name such as wnpwfxred.exe was happily running in the background and Eset had not picked it up or attempted to kill the process. Eset had only deleted the html files/txt files containing some encryption coding.

 

I had to run MalwareBytes in order to remove the offending file as it had stopped Task Manager from running so I could not search for the offending file and kill the process myself.

 

 

[Not sure how McAfee was installed on my computer]

Are you sure it is McAfee Antivirus it could be their cloud storage/backup solution which it a separate product but comes bundled on a lot of new PC's/Laptops.

[ESET NOD32 on Mac]

XProtect tends to be reactive and not very good when you need proactive protection.

 

NOD32 uses a very small footprint, mine runs in about 30MB of RAM with little impact on the CPU.

 

Unfortunately ERA is not available for MAC which is a shame, but each local client has statistics logged locally but not excessive. You can view the statistics and log files very easily.

[Antivirus On Nomads Laptops]

In the policy manager, you can specify both the server update url and the username and password for the clients.

Create a new policy that is applied to laptops only, that includes both settings. If the server cannot be contacted the the local username and password should be used.

[Installed Nod32 Antivirus on Windows 8.1, now my computers running slow]

Windows 8 on your laptop has probably come with a trial of Norton or McAfee. As you have realised, you should not run more than one AV system on the same computer as they will fight each other.

 

Go to programs and features and remove any trials of AV first including Microsoft Security Essentials if it is installed before re-activating NOD32

[Eset thinks Yosemite Backup Server installation files are infected.]

Hi

 

I have just installed Yosemite Backup Server on a PC running ESET Endpoint Protection V5.

 

The file in question is ytwinsdr.exe. Eset thinks this file is infected with ScrInject.B.Gen Virus and also Obfuscated.F potentially unwanted application.

 

I have for now excluded the Baracuda/Yosemite folder from any realtime scanning,.

[Just hit by CryptoLocker]

@MrWrighty

 

 

Without access to logs I can not claim this, but - I *think* that an e-mail contained just a link, customer clicked on the link which opened web page with Java exploit that allows download and execution of .exe file; that exe encrypted files (could be any of dozens of perfectly legal utilities); it could also download an additional .exe which overwrote original documents (again, this could be one of hundreds perfectly legal tools for secure deleting files).

 

So *i believe* there was no malware in game at all - just plain old application-exploit attack, which IMHO usually have the nastiest payload than malware. Should other types of security software be as effective as antivirus, it would be much prettier world :-)

 

Maybe you could check browser history and/or logs, mail logs, etc. for further details.

Upgrade Java, all browsers and applications!

 

 

Tomo

As far as I can tell, it was an email that supposedly contained a voicemail which was zipped, then the user clicked on the content thinking they were going to listen to a voicemail but instead ran the exe.

 

I have implemented the Group Policy Exe lockdown as suggested by Arakasi to see if that helps.

[Just hit by CryptoLocker]

Hi All thanks for the update

 

We have a current subscription and our Virus signatures are updated 3 or 4 times a day. Marcos, the damage I believe happen on Friday last week so yesterday would have been too late.

 

We Have Eset Endpoint AV on the clients and Eset Endpoint File Server Security on our SBS2011 server and our Server 2003 SQL Server.

 

The treat came via an email through Outlook 2010. Outlook has the Eset plugin installed and running, and Eset.

 

Arakasi, what is this version 7 you mention, Eset only goes to 5.0.2214

[Just hit by CryptoLocker]

One of our users opened an email supposedly containing a voicemail but was in fact and executable.

 

He says it did not run it, but this morning a different user was unable to open a range of .doc and .xls files in a mapped drive. I managed to restore the folder from a shadow copy.

 

It turns out that the original user had unleashed CyrptoLocker on the network and a random named bitmap I found on his desktop informed me of what had happened.

 

His laptop has had a large number of malicious hits and Eset has picked them up, but I am concerned as to how easy it was for this CrtyptoLocker to run and effectively avoid detection.

 

The Laptop is running version 5.0.2126 of Eset AntiVirus

[ESET File Security - Backup Processes]

Hi Sorry to jump on your thread, but do you have a solution to this.

 

We too are experiencing slow backups and have File Security for Windows Servers installed.

 

I have unticked the Scan all files option in Realtime protection>Extensions to see if that helps.

 

Do you have any more info on this.