Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Dangermouse

  1. That URL is blocked because it automatically redirects to sites that download malware - such as the Fastsearch addon - not because it necessarily contains malware itself. Given that you have unusual tabs in Chrome, I'd suggest that you run scans with Malwarebytes Anti-Malware free edition, and AdwCleaner. Also look in Control Panel - Add/Remove Programs to see if there are any entries you don't recognise, are recently installed, or have names that would indicate malware. If so, remove them.
  2. Keep an eye on this thread https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-help-topic/ It's the first place that is likely to have news if/when a decryptor becomes available.
  3. Keep an eye on this thread https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-help-topic/ It's the first place that is likely to have news if/when a decryptor becomes available.
  4. Those entries are the preferred DNS adresses for Vodafone Ireland - if that's the customer's ISP and/or equipment, it shouldn't be a problem. Which operating system is being used ? Windows 10 defaults to uploading Windows Updates via P2P to other users, and if that's the case, it will chew up bandwidth and CPU and should be disabled. Try a scan with Malwarebytes anti-malware free edition just to be sure.
  5. As a preventative measure, you should stop downloading torrents with unauthorised versions of copyrighted content - this is a well-known way to get your computer infected. It's also important to realise that the NAS isn't just another network drive, it's a computer in its own right, albeit with an OS that is probably a variant of linux. Although you are seeing the Photo.scr infection on the NAS folders, if you refer to the information for the infection, hxxp://www.virusradar.com/en/Win32_Crytes.AA/description you will see that the infection also includes infecting the registry of your
  6. Thanks for the wall of text. Do I infer from it that the descriptions in the signature files don't necessarily detail all of the variants, even though the example I gave is listed as a specific variant ? i.e., some of the 'variants' listed in the signature file descriptions are generic umbrella terms for minor variations ?
  7. OK, here is an example hxxp://www.virusradar.com/en/update/info/14565 contains a signature for Win32/Autoit.IV but clicking on the link from the list of update 14565 shows Category worm Detection created May 16, 2013 Signature database version 9534 Win32/Autoit.IV [Threat Name] Detection created 2013-05-16 World activity peak 2016-03-05 (0.07 %) Clicking on the link for update 9534 shows the same threat, and the same variant In fact, this threat is also listed in another recent signature file hxxp://www.virusradar.com/en/update/info/14559
  8. Why are threats that have already been included in old signature files being added to new signature files ?
  9. I've just noticed this in my firewall log 3/12/2016 9:36:38 PM; An attempt to connect to the Server Service was detected; Source; Destination;TCP; ;System; Obviously this is something internal to my network rather than an external attack, but what is it trying to tell me ? Using ESS version 9
  10. OK, so you're saying the server authenticity isn't ensured, because it's not using SSL ? And how are the update files signed - what kind of signing ?
  11. Does ESS download signed update files via http with SSL, or does it use a plain http connection that leaves it vulnerable to MITM attacks ?
  12. Which router are you using ? How many other devices are connected to the same network ?
  13. Have you checked the parental control log to see which domains get blocked ? It might be difficult to achieve what you want to do, as Apple use a CDN with multiple IPs, and I think that parental control filters don't allow you to set a program as an exclusion, only a category or URL.
  14. You're not the only one who takes issue with the design 'feature' of windows that cannot be resized to a useful, practical size. However, that kind of nonsense was introduced in ESS9 and ESET took no notice of objections to it then, so there's no reason to assume that they'll value the same kind of feedback for the current software.
  15. A problem I had with v10 - regardless of Microsoft patch day - was an intermittent lack of network throughput , which was severed enough to render the product useless, and I have now reinstalled version 8, which seems to be the last version of ESS that can be truly relied upon to 'just work'.
  16. I'm finding that file threats that would be terminated part-way in http protocol, are not always being detected during ftp download when using Mozilla Firefox as the ftp client. Most of the time, the threat isn't detected until an on-demand scan, or until the file is displayed in Windows Explorer. I've had this happen even when the threat is already covered by an ESET threat signature. In addition, I'm finding a discrepancy between the threat descriptions in Quarantine versus the Detected Threat log file. The quarantine description is most commonly Win32/Tenga, whereas the log file
  17. If I'm reading the features comparisons correctly, ESS v8 or v9 allow me a free upgrade to EIS aka ESS v10, but not to ESS Premium, which appears to be a new product ? Even as a long-time ESET customer, these classifications are a bit confusing; I would have expected ESET Internet Security to offer a complete package, yet it falls short of the features offered in ESS Premium. But the difference in features is so negligible, that I wonder why ESET decided to make a distinction between them at all; if I were a potential new customer, I would think that EIS would be akin to KIS, i.e. the
  18. https://download.eset.com/com/eset/apps/home/eis/windows/latest/eis_nt32_enu.exe
  19. Well, your patience has not been rewarded. I too had problems https://forum.eset.com/topic/6626-cant-resize-ui-in-ess-v9/#entry36622 so I reverted to version 8 and I'll continue to use that for as long as it's supported, or until ESET realise that there's a difference between making something more interesting for their programming team, and making a product with a UI that actually suits users, i.e. the people that purchase the product and pay the wages for ESET.
  20. https://www.virustotal.com/en/file/ecdf128637939e47fd1e9b63c61b1cd4de25bddd697843ad0a3763570696dde8/analysis/1476839066/ https://www.hybrid-analysis.com/sample/ecdf128637939e47fd1e9b63c61b1cd4de25bddd697843ad0a3763570696dde8?environmentId=100
  21. I got the following error message in the log of an on-demand scan of some items on my desktop C:\Users\PC\Desktop\Outils Microsoft Office 2010\Microsoft Office 2010 Centre de téléchargement.exe » THINAPP » - unsupported archive what is unsupported about the scan of an .exe file ?
  22. I'm trying to log in to my SpiderOak One backup, using the SpiderOak application (version 6.1.3) on Windows 10. When I try to login, I get the following error, but I can't work out if it's due to the SSL scanning in ESS or not. Perhaps someone can help ? Here is a screenshot of the error message
  23. I've had enough of this new UI. How do I obtain and reinstall version 8 ?
  24. When using Firefox ver 42.0 (32 bit) on Windows 10 Pro (32 bit), I get the following error when trying to access banking sites with ESS9 Banking & Payment protection could not be redirected to the requested web page Banking & Payment protection could not be redirected to the requested web page due to an incompatible extension in your browser. Please start the ESET Banking & Payment protection secured browser from ESET Smart Security Home or Tools screen > Banking & Payment protection or by double-clicking the icon on your desktop. How do I determine which ext
  • Create New...