uplink
-
Posts
20 -
Joined
-
Last visited
Posts posted by uplink
-
-
Hey there,
there's a keylogger on my colleagues computer, and I can't seem to get a rid of it. So I tried to use ESET SysRescue, but it won't show the drive.
I turned off the BitLocker, there's not password to the computer, so the computer doesn't add key to the encryption of the drive via BiOS/UEFi, so the drive should be fully visible for the Linux ESET SysRescue disk [I just wish You didn't abandon the WinPE version :(].
Anyway, do I need some special driver for the disk to be found? Like when I install the system and sometimes I need NVMe driver for the controller [e.g. Intel RSTe Controller driver, or Samsung NVMe driver, etc?]
Please let me know, all I see for scanning is the drive it self and its boot sector
Thank You!
With best regards
uplink -
Hey there @Marcos! Thank You kindly for Your superfast reply!
Well, I noticed that, but the information is/are very limited and superficial :(. In general, they contain only what sender wanted me to see, e.g. in this case, sender sent the mail to him/herself and the true receipients were left in bcc.
Is it technically possible to identify an e-mail account that the particular file/message landed in? I know that most likely not, I honestly can't find any possible way to identify the particular e-mail account, besides the obvious method You mentioned [the receipient]. But when my e-mail is in bcc, it's all faint.
That is the case of this message, all the recipients were in bcc, whilst the only visible address was the target address that was the senders address 🤷♂️ -
Solved, it was in a folder, that wasn't tracked by my client and it wasn't indexed in webmail interface, had to find it with eyecheck.
Btw. would it be possible somehow to define mail address that's being invaded? The account I mean? Because now I only see message data, but not account it's affecting. Is it even possible? -
Hey there!
Could someone help me out please?
This message keeps flashing every few seconds, or minutes and it's super annoying. I've searched for "Mrs.", "yama", "yama@primerib.jp" and "Joy Mouranima" in all of my mailboxes within my client, but to no avail.
Please help me out, it's super annoying and is holding me from my work.
Thank You!
With kind regards
uplink
P.S.: I also searched the webmail interface of my mailboxes, also haven't found the culprit email :( -
Hey there,
any chance or ETA on dark skin? Or within half billion of eur revenue it's too much to invest a few hundreds/thousands euros to a dark mode?
Come on, don't be morons like Adobe, listen to Your customers,
with best
uplink -
Sorry, it's One Drive, my bad.
-
-
10 hours ago, Marcos said:
Greetings sir Marcos and up front, thank You for Your super fast reply!
Hmm, so is there any chance to scan m.2 NVMe SSD drives with ESET SysRescue? In Legacy BiOS mode? -
Greetings
Recently, I'm having a trouble with some nasty malware [cryptocurrency miner with a nasty rootkit base], and I'd need to use ESET SysRescue Live. Problem is, ESET doesn't provide the creation tool anymore [for what reason?] and when I used rufus, I used both fat32/mbr and fat32/gpt setting, I wasn't able to boot in non-CMS [uefi/windows secure boot] mode. Only in legacy. And when I boot in legacy, the ESET SysRescue Live doesn't see any of my two Samsung 960 Pro/Evo drives.
Could some of You guys advise me, on how to create ESET SysRescue Live bootable in UEFi/GPT mode? [Windows Secure Boot].
Thank You!
With kind regards
uplink -
Yeah, the procmon procedure is kind of complicated and since it freezes whole Free File Sync, or copying of the files, it would take tons of time to extract the log from the program, so I'll do it later. For now, I'll just be happy with turning off the real time protection when I need to copy those files. Well, thank You anyway.
Kind regards
uplink -
6 minutes ago, Marcos said:
Does temporarily pausing real-time protection make a difference? Since you have posted in a forum intended for server products, does it happen with EFSW 6.5 installed on a server?
Greetings sir Marcos
Thank You for Your super fast reply up front! :). Really appreciate it.
And as to Your questions. Yes, when I disable the realtime security, copying continues just fine on the next file.
In screenshot You can find my version and stuff, I'm not very good with this. If my iD is needed, I can provide it to Your private message [wouldn't like to reveal it to the public].
Thank You once more and for Your eventual help,
Kind regards
uplink
-
Hey there guys,
It's just that I'm unable to copy my .ipa and .xsl/.xslx files when Eset Endpoint Security is active, also standard EiS.
Any chance to fix this bug?
Regards
uplink -
21 hours ago, itman said:
I must ask this. Why are you going to a web site that you know does coin mining?
Because it's a functional website I visit for around 5 years, it just acquired coin miner. And it was removed as I wrote it to the admin of the website.
-
6 minutes ago, itman said:
For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from.
Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more!
-
9 minutes ago, itman said:
In Eset's GUI Internet Protection -> Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button.
Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manually
-
12 hours ago, galaxy said:
everything worked ???
Erm, no, nothing worked. I don't have any record of the page being blocked, or the script, or nothing, nowhere within the EiS.
-
2 hours ago, Marcos said:
If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.
Hmm, so this is bad?
-
10 hours ago, Marcos said:
If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.
Greetings Marcos,
Thank You for Your fast reply! I did press "exclude" by mistake. The one in the pop-up. Now I'm unable to find the exclusion I created anywhere in the settings. I even reset the whole Eset, reinstalled Eset [with Revo uninstaller] and did other things :/
On my server [running volume lic. of EES] it didn't even ask about the miner, it simply blocks it and ignores it silently [running Win 2k16 server].
On my desktop, whenever I enter the webpage, all 16 cores hit 100% and I need to turn off the tab immediately. Both because of immense heat it produces [the miner is more cruel than Intel Torture Test, one has yet to see such a marvel] and since they're all running 4.6 GHz, I'm hitting 100°C roof very soon. It's kind of dangerous this little miner.
Any clue where it's included, in what settings? I went through all exclusions, I even excluded the website + url of the script itself, and it's still being ignored by EIS.
Please advise
With kind regards
uplink -
Greetigns
Any clue where I can find an allowed website [it contains JS Miner]?
I accidentally allowed it, and I can't find the exclusion nowhere
This is the one, I want to block again [please see attached file].
Thank You!
Kind regards
uplink
ESET SysRescue - won't list disk
in ESET Standalone Malware Removal Tools
Posted
Hey there @Marcos! Thank You for Your super fast reaction! Well, I haven't triued that. I can tell You that I see the disk in Acronis True Image both Linux and WinPE version, but I don't know about Ubuntu.
I'll try it tomorrow with my colleague and will let You know, okay? Thank You for now!