Hapkido

Still waiting for your response/comment before I replace the other 6 files. The problem persists.

Understood..... requested file is attached. I added the ".txt" extension so I could uploaded it here. ubbthreads-7-6-0.php.txt

Marcos, I replaced the 3 files you found that you believe were infected and that resulted in no further alerts from ESET. I did ask my Host provider to compare the 3 alleged infected files with the replacement files to identify the injected script. They did that and reported that 16 other files have that same code. I copied the actual code in a new text file and then did a manual scan of it and ESET said it was clean. Sooooo, before I replace all 16 files, can you positively identify this code is malicious? forum infected files & locations.txt

Gotcha! The important question for me now, which I don't expect you or anyone else to know is: HOW did someone gain access to those files?

I'm checking with the coders of the forum software to see if those 3 files are legitimate. I'll let you know when I get their response. IF they are, is it possible that they can be corrupted yet retain the original file name?

hxxp://the-highway.com/forum/

About 2 days ago, ESET Internet Security (14.1.20.0) has flagged my personal forum due to it intercepting the "JS/Agent.OZD" trojan. I've had this forum for 20 years and never had a problem with security issues. I suspect that this item was recently added to the ESET list?? The problem has been reported to my Host Provider tech team and their scans didn't detect anything. The practical issue is that some of the features of the forum are disabled, e.g., the text box for starting new discussions or replying to one is missing. Other related features are using the "Quote" feature, and a few others. Disabling ESET resolves those problems. I suspect that this is a false positive. I think javascript items are being flagged. What can I do to resolve this issue without creating a real risk? TIA

Okay, updated with the latest pre-release version and now time will tell if the problem reoccurs. So, for now, Marcus and thanks for your help, we can consider this matter resolved

I checked and that rule "allow verification for ekrn" does exist. The popup appeared again and I chose to allow and make a rule for it. Hopefully, I did the right thing and it won't appear again.

Could someone tell me if the request shown in the attached screenshot is safe or should it be denied permanently. Thus far, I have just denied it each time it appears.

1. I cannot upgrade to IE 11.xxx. My OS is too old. 2. The problem also happens with Opera 36.0.2130.80. 3. There is no problem if I use Firefox 52.8.1.

Version 11.1.54.0 When I go to my bank's website I can get login fine, but when the next page tries to load where you enter your password, the page is blank. This happens with both Opera and IE 9. Yes, the "Banking and Payment Protection" option is enabled. If I temporarily disable this feature, the problem is gone and I can successfully login and navigate all aspects of the website. Is there something I need to do, aside from disabling this feature entirely, to be able to access the bank's website?

CRAZY goings on..... hahaha. I just took a screenshot of my menu, and as you can plainly see, two items are missing: Pause Firewall (allow all traffic) and Block all network traffic. But immediately after I took the screenshot and opened the context menu again, they were there? Gotta be Gremlins

I just noticed that the "Block All Network Traffic" option in the context menu (right click icon) is missing????? It has been there as long as I can remember but it is no longer there. ESET Smart Security: 9.0.402.0 Is there something I can do to get this option back? TIA

1. I'm not sure what you are asking. But I use Outlook 2007 as my default e-mail client on my PC. 2. POP3 protocol 3. I simply send/receive e-mail and do not 'manage' the server.

I have one resistant e-mail address that ESET Spam filter doesn't remove from the Inbox despite the address being in my Blacklist. When I click on the "Spam Address" button I get the following error message: So, how can I get this particular address (actual address) to be recognized as spam and moved into the Junk E-Mail folder (Outlook 2007)?

Okay, I keep receiving these spam messages so how do I send a few of them to ESET for analysis, etc.?

1. I do not have the "ESET Outlook Add-in" for 'Com Add-ins'. 2. I do not have anything for ESET in the 'Trusted Publishers' 3. I do have "ESET Outlook Plugin" in the "Trust Center > Add-ins > Exchange Client Extensions" section. So, my guess is ESET Anti-spam isn't properly installed/integrated into Outlook. OR, Outook 2007 is different from the version of Outlook you are using. Methinks some progress has been made at least in discovering the cause of the problem, but assuming that ESET Anti-spam isn't installed correctly, the obvious questions are Why? and Can it be fixed? Thanks for spending time with me on this issue.

Yes, I have the ESET anti-spam toolbar. I have to use it constantly to manually click the "Spam" button because rarely are the spam messages caught and marked "spam" by ESET.

I looked in the "Trust Center" and I cannot see Eset nor anything related to it in any of the sections. I would have expected it (if it is supposed to be there) in the "Addins" section. Where exactly should I be looking in the Trust Center? And, what am I looking for, i.e., what should the Eset antispam be worded as if not something obvious?

1. E-mail Client: Outlook 2007 2. Spam Folder: Default Outlook 'Junk E-mail', which is also the folder designated in the SS Anti-Spam setup configuration. 3. Not catching repetitive spam messages: Agreed and that's why I asked the question. 4. Just grasping at straws now, but is it possible that Outlook's anti-spam is causing a conflict with SS's Anti-Spam?

I really don't like using a negative subject line to introduce a new thread, but it is unfortunately necessary in this case. Overall, I am extremely happy with SS. In my estimation it is the best of its kind available. However, the Anti-spam module is less than satisfactory in my experience. Rarely does the Anti-spam recognize spam messages in my inbox. Many are foreign language e-mails which I have to manually mark as spam. I also get a few spam messages from the same source/address, and even after designating them as spam, SS never catches them. Is there any way to increase the effectiveness of the Anti-Spam feature?

I'm having the same problem with "Outbound Traffic" dialog box appearing. It isn't restricted to one application either; random appearance. The easy way to close it however, is to right click on the Taskbar (assuming you have one), click on "Task Manager" and when it opens, click on the "Applications" tab. You will see the "Outbound Traffic" item in the list. Select (click) the item and then click on the "End Task" button located on the lower right corner. It's definitely a 'bug' which the developers will most likely fix, assuming they are aware of the problem.

@ Marcos... Updated to version 7 with the latest definitions. All went fine. Thanks for that update information. @ Arakasi... Regardless whether Sirefer and wowlik are related, the ESETSirefefCleaner found 1 instance of Wow64 and it was removed. Good call. I then ran a Smart Scan and it found 31 items. However, the first three items were false positives as they were 14+ yr. old jokes (.exe) which are harmless. The other items were all part of Vista Codecs, which I had uninstalled over a year ago, but I chose to delete them anyway. Result: Good - The download function is now working in IE. Bad - It removed a legitimate macro in Outlook 2007 which I can easily recreate. The icons on my Quick Launch Bar were all rearranged, but that's NP either. UNLESS something else pops up that is related to this issue, let's call this one resolved. Thanks for the quick help. Nice to have this place on its own with new forum software, etc.

I just downloaded the ESETSirefefCleaner file (using IDM) and will run through the process and report back. Yes, I have no trouble with the ESET auto updates. I'll run another smart scan after I finish with the Sirefef Cleaner.... back in a bit.