Arik
-
Posts
37 -
Joined
-
Last visited
Posts posted by Arik
-
-
1 minute ago, itman said:
Also I can't see your log file if you posted an extract of it or the like. So what process does it show that is attempting to start attrib.exe at boot time?
I'll Just send you In a private message.
-
2 minutes ago, itman said:
And were there any detections for it?
-
1 minute ago, itman said:
Did you ever submit it to Virus Total for a scan and resultant determination?
Yes.. I did
-
17 hours ago, itman said:
Open Eset GUI from the Win Start Menu then.
Well, after booting up my computer.
I can see that attrib.exe still running after boot BUT It doesn't take any CPU usage because It's blocked by ESET
and after looking at my HIPS logs I can see I have so many HIPS logs like 110K Logs It's crazy
so I looked at the recent one and It saying this - Time, application, action, target, action, rule, and more 10/01/2018 10: 58: 28; C: \ Windows \ System32 \ csrss.exe; Access another application; C: \ Program Files \ ESET \ ESET Security \ egui.exe; Ekrn and egui processes; termination / termination of another application
This HIPS log above ^
Is taken after the first time I booted my computer up after doing all your steps to block this miner.
-
33 minutes ago, itman said:
Open Eset GUI from the Win Start Menu then.
Did It, now I can see ESET Icon thanks but almost every boot up It dissapers.
I will look at the HIPS logs after I restart my PC and then update you with the Info.
-
On 7.1.2018 at 4:23 PM, itman said:
Do the following.
First, create an Eset firewall rule to block outbound traffic from C:\Windows\System32\attrib.exe. Set the rule to alert and log - diagnostic level. There should be no reason why this process should need outbound network access.
Next, create a HIPS rule to monitor all startup activity of C:\Windows\System32\attrib.exe. Make it an "ask" rule and again, set the rule to alert and log - diagnostic level. Source Applications needs to be set to "All Applications." This rule will inform you what process is running attrib.exe at startup time. Note that legit Windows/System32 directory processes use attrib.exe such as defrag and disk cleanup use it so you don't want to block those. However, those processes don't run at boot time.
You will probably have to review the HIPS logs after boot time to determine what is running attrib.exe. This is due to the fact the HIPS will default allow your "Ask" rule for time out response reasons prior to the desktop initializing. Note that if svchost.exe is starting attrib.exe at boot time, this indicates bigger problems in that the malware has installed a service to do so. It is also possible the malware has either created a scheduled task or modified either the Windows startup directory or one of the registry "run" keys to run attrib.exe at boot time.
Oh, one more thing. Make sure you determine if C:\Windows\System32\attrib.exe is actually running at boot time. It could be the malware has installed its own version of it in another directory.
Okay, I've done everything you've told me.
Really thanks for the help!
For now It does not run In the background
but that Is before I restarted my computer
So, when I do that I will update you If I see something In the HIPS logs.
I Just don't know how to check the HIPS logs because I still have the problem of ESET does not show up In the system tray.
-
Just now, Marcos said:
Please locate the executable "Attribuite Utillty.exe" and upload it to www.virustotal.com to find out if some other vendors detect it.
Yes, I have done that already and for some reason no other vendors detected It.
I don't know what to do now
-
I did the steps you have told me.
Nothing helps as after I boot up my PC attribuite utillty Is on again.
-
1 minute ago, itman said:
If Eset's scan doesn't find anything, run the following from an admin level command prompt window;
sfc /scannow
This will verify that all your Win system files are correct and haven't been tampered with.
Thank you for your help!
I will update you If eset's scan finds something and If not I will do as you requested.
-
13 minutes ago, itman said:
As far as Attribute Utility goes: https://www.file.net/process/attrib.exe.html
Also you are not alone on this issue: https://www.reddit.com/r/Windows10/comments/6bhmgk/high_cpu_usage_from_attribute_utility_process_and/
Looks like it might be Minergate related: https://linustechtips.com/main/topic/831791-what-is-attribexe-and-why-is-it-running-in-the-background/ . Note deleting attrib.exe will have adverse effects on your system as noted in this linked article. I would submit it to VirusTotal and see if anything found there before doing anything drastic with it.
Make sure Eset's PUA detection is enabled and run a full Eset scan in admin mode.
Yes, Eset's PUA detection Is enabled and I'm currently running a full ESET scan In admin mode.
I'm hoping for this to be removed
-
Hello!
I'm a guy that my systems who are running ESET products are mostly generaly clean.
But, I suspect that on my main machine which I do gaming etc I got an bitcoin miner little virus
That everytime I open boot up my computer It's running and taking ALL the CPU usage.
By the proccss called "Attribuite Utillty"
I know where the file Is at and I cannot delete It.
I've tried to perform a full scan with EIS 11 couple of times.
But It doesn't manage to detect any threats
Please from anyone who can help me solve this problem, It will mean alot to me!
This only happend recently when I downloaded something for a game and let's say It was my fault getting this thing.
-
Now I don't see ESET In the system tray.
-
Nevermind, I followed this KB article - https://support.eset.com/kb532/
and I did the soultions + restarted my machine and now I can see ESET In the system tray.
I hope It stays like that
-
Hello,
I'm having a little Issue with EIS 11.
It has never happend to me before
As, you can see In the picture below
I cannot see ESET open there
Sometimes I can see It and sometimes not.
But when I click on ESET Icon on my desktop It opens perfectly.
-
3 hours ago, Marcos said:
As Itman said, personal experience is invaluable. If users were not satisfied with ESET's protection capabilities or performance, ESET's products wouldn't be that popular in many countries, including Japan which you will likely agree is very sensitive to quality and efficiency of any goods. Also if ESET was not good enough, it wouldn't have ranked among two best AV desktop solutions and in top 4 in the mobile segment in probably all annual AV-Comparatives surveys where it's users who cast their votes based on their personal experience with various security products.
To sum it up:
1, There's nothing like 100% detection of malware. Tests are always performed on a very limited test set.
2, Without knowing the methodology and its relevance to real-wide use it's necessary to take the results with a pinch or better with a lump of salt.
3, AV solutions may behave differently in different conditions, scenarios and systems. What works for one just fine may not work well for another users.
4, Should you encounter a technical issue, a problem with performance, etc. on a particular system, ESET's customer care and we, moderators of the forum, are here to assist you with pinpointing and resolving it.
5, We are open to constructive criticism. We listen to our customers and improve our products also based on your feedback.tbh I totally agree with you!
Also, don't forgot It's very popular In Israel aswell
That's one of the things I very like about ESET Is that I have full support In my country lanaguge and have a full site of ESET In my lanaguge.
-
Thank you and happy new year!
-
Just now, TomFace said:
Users of the forum should read (or re-read) and abide by the forum rules https://forum.eset.com/topic/76-rules-of-the-eset-security-forum/
Forum behavior expectations are clearly stated there.
Yes, you are right Just wanted to tell to the trollers who are trolling In this behavior that If they don't like ESET they can move on simple as that.
-
Hello, guys It's me again
You probarly remember me from my topic of - "Are you happy with ESET?"
Well, now I have another question to ask everyone here.
For how long time you use ESET? It can be days/months/years
I use It for a bit over a year now.
Would like to hear you guys out!
-
Hello,
Dear users of ESET, I would like to discuss about a topic that Is a bit annoying atleast for me.
I see some pepole In this forum recenlty that are often complain about ESET protection and they compare It to other security vendors.
Then, marcos himself needs to quote them and explain them why ESET Is so great and good compare to other security products.
If you don't like ESET In any way Don't use It!
Because I think everyone wants this forum to stay friendly and helpfull
and not that new users will come and see that almost every second topic Is titled about this "ESET Bad In ransomware"
I think It's a little bit bad Issue In my opinion.
Even though that I like to get popcorn when I see marcos quote those guys who complain so hard about ESET
I won't name pepole here but oh well...
-
6 hours ago, Janus said:
Hi
I have known Eset as a company and their products for a long time, beginning from the days where they had their " home " over at the wilders security forum.
For all that time,.... I have known Eset as a very professional and serious and most of all very committed to their products and user base. I have always had the impression of Eset as a very dedicated firm, and that has not changed over the years. Do I trust the product, yes, absolutely and without the slightest doubt .
But as everyone know, then is security/trust of your system, or systems, much more than just one product, but Eset is definitely a good start =)....and now I have to work....
Regards
Janus
Thank you for your comment.
-
48 minutes ago, jadinolf said:
So, this question came on my head Is that If you guys Happy with ESET both as an AV and as a company.
Do you trust It? YES
Do you trust the company ESET? YES
As, when you are using Anti-virus whenever It's on your PC or your phone. 5 PCs
You are giving the AV kind of full control on your device. YES
Like that thing happened to Kaspersky after this I would not trust them. WHAT IS KASPERSKY?
But now I fully trust and am happy with ESET. YES
Haha, I love all the "YES" Answers.
#ESETForever
-
2 hours ago, cyberhash said:
Trust the software to do it's job ? = YES
Trust ESET as a company ? = YES
When you install any A/V product you are essentially "Choosing" to participate in the detection of malicious software and without any data being sent back to any vendor then detection rates would drop dramatically.
What you refer to as "The Kaspersky Thing" , is blew out of proportion in my opinion. For a home user, it really makes no difference. But on corporate or government systems it would be unwise to use anything that could send back the details of any running applications to any 3rd party.
The real question should be why government agencies chose to run this type of software on the machines in the first place. Anyone that is in the position of making choices with online/offline security should at least know how software works before they are employed in a position to make these decisions.
A bit like buying a car when you don't even know how to drive to start with, then complaining when you have an accident.I do agree with you.
But I'll also add that I think that Kaspersky Is slowly losing It's overall trust
companys and home users might choose not to use kaspersky anymore.
I think government agencies chose to run this software as It's Just seemed good to them I guess?
But I think they did know how the software works but they Just didn't really know Kaspersky too much.
-
Hi!
So, this question came on my head Is that If you guys Happy with ESET both as an AV and as a company.
Do you trust It?
Do you trust the company ESET?
As, when you are using Anti-virus whenever It's on your PC or your phone.
You are giving the AV kind of full control on your device.
Like that thing happend to Kaspersky after this I would not trust them.
But now I fully trust and happy with ESET!
What's about you guys?
-
On 13.10.2017 at 10:49 PM, zur tami said:
שלום,
js/MindsparkE. ראיתי שהרבה כתבו לכם על הבעיה שמופיעה הודעה על
ולא ניתן להיפטר ממהודעה ולא ברור היכן הדבר הזה נמצא.
הבנתי שזה סוג של וירוס אז איך נפטרים ממנו.
ה איסט לא מסוגל לחסל אותו.
מקווה לקבל תשובה
תודה
תמי צור
I don't mind helping you on PM.
Bitcoin miner
in Malware Finding and Cleaning
Posted
I did send you a private message that contains the ESET Logs generated by ESET's log collector.