Jump to content

Dangermouse

Members
  • Content Count

    31
  • Joined

  • Last visited

Posts posted by Dangermouse

  1. That URL is blocked because it automatically redirects to sites that download malware - such as the Fastsearch addon - not because it necessarily contains malware itself.

     

    Given that you have unusual tabs in Chrome, I'd suggest that you run scans with Malwarebytes Anti-Malware free edition, and AdwCleaner.

     

    Also look in Control Panel - Add/Remove Programs   to see if there are any entries you don't recognise, are recently installed, or have names that would indicate malware. If so, remove them.

  2. Those entries are the preferred DNS adresses for Vodafone Ireland - if that's the customer's ISP and/or equipment, it shouldn't be a problem.

     

    Which operating system is being used ? Windows 10 defaults to uploading Windows Updates via P2P to other users, and if that's the case, it will chew up bandwidth and CPU and should be disabled.

     

    Try a scan with Malwarebytes anti-malware free edition just to be sure.

  3. I would appreciate instruction on how to properly remove this from my NAS.

     

    Thank you

     

    As a preventative measure, you should stop downloading torrents with unauthorised versions of copyrighted content - this is a well-known way to get your computer infected.

     

    It's also important to realise that the NAS isn't just another network drive, it's a computer in its own right, albeit with an OS that is probably a variant of linux.

     

    Although you are seeing the Photo.scr infection on the NAS folders, if you refer to the information for the infection, hxxp://www.virusradar.com/en/Win32_Crytes.AA/description

    you will see that the infection also includes infecting the registry of your computer.

     

    Therefore, you need to clean your computer and NAS at the same time; it's probably better to do the computer first, with the NAS and any other network or USB devices disconnected.

     

    Make sure that your copy of ESET is up-to-date with the latest definitions, and that all of the scanning/cleaning options in ESET are configured to scan all types of files, and use Strict Cleaning.

     

    Do a full scan of the computer with ESET and allow it to remove any infections it finds - it might need to reboot afterward.

     

    Then run a malware scan with another piece of software, just for a second opinion - I'd recommend Malwarebtes anti-malware free edition - as it might find traces that ESET doesn't; no single piece of security software can catch all threats.

     

    Once you are sure that your machine is clean, go into System Restore, switch it off and reboot Windows - this will remove all previous restore points and prevent you inadvertently restoring to an infected state. Once the machine has rebooted, switch System Restore back on, create a new restore point and reboot the system again - you now have a clean machine with a clean restore point.

     

    Next, ESET scan any other devices that get attached to the computer via LAN or usb, e.g. thumbdrives, external drives, smartphones, etc., to make sure that you have nothing that is acting as an infected carrier for malware.

     

    Once you have clean devices, you're then ready to scan and clean the NAS. If you don't use FTP for anything, then disable it in your NAS, your computer, your firewall and your router. 

     

    Spreading

    Win32/Crytes.AA is a worm that repeatedly tries to connect to various IP addresses.

     

    The FTP protocol is used.

  4. OK, here is an example

     

    hxxp://www.virusradar.com/en/update/info/14565   contains a signature for 

    Win32/Autoit.IV

     

    but clicking on the link from the list of update 14565 shows

     

    Category worm Detection created May 16, 2013 Signature database version

    9534

     

     

    Win32/Autoit.IV [Threat Name]

    Detection created 2013-05-16 World activity peak 2016-03-05 (0.07 %)
     
    Clicking on the link for update 9534 shows the same threat, and the same variant
     
    In fact, this threat is also listed in another recent signature file hxxp://www.virusradar.com/en/update/info/14559
     
  5. I'm finding that file threats that would be terminated part-way in http protocol, are not always being detected during ftp download when using Mozilla Firefox as the ftp client.

     

    Most of the time, the threat isn't detected until an on-demand scan, or until the file is displayed in Windows Explorer. I've had this happen even when the threat is already covered by an ESET threat signature.

     

    In addition, I'm finding a discrepancy between the threat descriptions in Quarantine versus the Detected Threat log file.

     

    The quarantine description is most commonly Win32/Tenga, whereas the log file will show the threat itself e.g. MSIL/HackTool.WinActivator.E.potentially unsafe application

     

     

  6. If I'm reading the features comparisons correctly, ESS v8 or v9 allow me a free upgrade to EIS aka ESS v10, but not to ESS Premium, which appears to be a new product ?

     

    Even as a long-time ESET customer, these classifications are a bit confusing; I would have expected ESET Internet Security to offer a complete package, yet it falls short of the features offered in ESS Premium.

     

    But the difference in features is so negligible, that I wonder why ESET decided to make a distinction between them at all; if I were a potential new customer, I would think that EIS would be akin to KIS, i.e. the whole deal, yet it's not, and to an outsider, 'Smart Security' isn't as easy to understand as 'Internet security'.

     

     

  7. Hello,

     

    I upgraded to ESET 9.x a couple of months ago. I immediately found that the new interface presents some serious usability issues, but I waited patiently...

     

    Well, your patience has not been rewarded.

     

    I too had problems https://forum.eset.com/topic/6626-cant-resize-ui-in-ess-v9/#entry36622

     

    so I reverted to version 8 and I'll continue to use that for as long as it's supported, or until ESET realise that there's a difference between making something more interesting for their programming team, and making a product with a UI that actually suits users, i.e. the people that purchase the product and pay the wages for ESET.

  8. When using Firefox ver 42.0 (32 bit) on Windows 10 Pro (32 bit), I get the following error when trying to access banking sites with ESS9

     

    Banking & Payment protection could not be redirected to the requested web page

     

    Banking & Payment protection could not be redirected to the requested web page due to an incompatible extension in your browser.
    Please start the ESET Banking & Payment protection secured browser from ESET Smart Security Home or
    Tools screen > Banking & Payment protection or by double-clicking the icon BPP_secured_browser_icon.png on your desktop.

     

     

    How do I determine which extension is 'incompatible' ?

     

    I've updated to the latest version of Flash and Java, have whitelisted all ESET and banking websites in AdBlock, AdBlock and Firefox popup stoppers, NoScript and Ghostery.

    Security-risk add-on Java Development Toolkit has been removed from Firefox.

     

    Other add-ons being run in Firefox are Colorful Tabs, HttpsEverywhere, DownThemAll, VLC web plugin, NVIDIA 3D Vision, Open H264 Video Codec, Google Earth Plugin and iTunes Application Detector.

     

    I'm running Firefox as administrator.

×
×
  • Create New...