Jump to content


ESET Support
  • Posts

  • Joined

  • Last visited

  • Days Won



  1. Upvote
    notimportant gave kudos to Marcos in Web access protection Issue   
    I'm not angry about you reporting it. Quite the contrary, we are happy if you report us possible malicious samples or urls.
    I just wanted you to point in the right direction, ie. to report stuff directly to samples[at]eset.com according to the KB if you want the submission to receive better attention.
    Also I wanted to point out that even if a particular website is not blocked (ie. it may be a completely legitimate one with just somebody posting links to cracks), the point is to detect possible threat in the end no matter how it is achieved, ie. by blocking access to the malicious website or by detecting the malware upon download or execution at latest.
  2. Upvote
    notimportant gave kudos to Marcos in Urgent: XMR coin miner malware   
    Is it the same machine / case as this one?
    Detection for XblGameUpdateTask.exe will be added in the next update, then ESET should be able to detect and clean it.
  3. Upvote
    notimportant gave kudos to Marcos in Eset Online scanner detected 3 PUPs, are they false positive?   
    Basically potentially unwanted applications are never false positivies since they exactly detect applications that had been carefully already analyzed by ESET and it turned out they met criteria for PUA detection.
  4. Upvote
    notimportant gave kudos to Marcos in Website is clean now   
    This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected.
    Having said that, we'll draw this topic to a close.
  5. Upvote
    notimportant gave kudos to Marcos in DotNet MSIL / Injector.VGR   
    We've nailed it down. A legit tool was backdoored and loads a malicious dll with zero detection at VT which loads the following encrypted payload:

    I expect the detection to be available momentarily via streamed/pico updates.
    Also please confirm that you have enabled the LiveGrid Feedback system for maximum protection.
  6. Upvote
    notimportant gave kudos to itman in HTML/ScrInject.B trojan but No issue in website   
    Note: It is not Eset's responsibility to help web site owners remove malware from their web sites. Recently, @Marcos has far exceeded what is required as an Eset moderator in assisting web site owners identify malware on their web sites.
  7. Upvote
    notimportant received kudos from shocked in Is it safe to install Lightroom Mod APK 2021 for Android?   
    I dont think this is the right place to ask about "cracked" apk filesĀ šŸ˜¬
  8. Upvote
    notimportant gave kudos to peteyt in Is it safe to install Lightroom Mod APK 2021 for Android?   
    I should add that anything that is cracked that appears safe, could be dangerous, even if not detected.
    The problem is that as these are from unoriginal sources, you never know what they have done to it e.g. included hidden extras. Cracks are often used for malware distributionĀ 
  9. Upvote
    notimportant received kudos from peteyt in Is it safe to install Lightroom Mod APK 2021 for Android?   
    I dont think this is the right place to ask about "cracked" apk filesĀ šŸ˜¬
  10. Upvote
    notimportant gave kudos to Marcos in VBS/TrojanDownloader.Banload.FA trojan - error while cleaning   
    Yes, that was a false positive. Updates were already stopped a while ago and a fix is being prepared. It should be available within a few minutes.
    We apologize for the inconvenience.
  11. Upvote
    notimportant gave kudos to TomasP in Rude and unhelpful customer support   
    They did NOT accuse you. They commented on the license.
    "Looks like a pirated key" - because it was, although not by you.
    "That's not your license" - although you paid for it, you paid to a pirate (unknowingly), not to ESET, so you were not the person who originally bought it from ESET, thus based on information in ESET's licensing database, you are not the owner of the license, you are not the one who legally purchased it from ESET - that's what "that's not your license" means. Nothing less, nothing more.
    Although it may seem to you that way, in the end, they provided you with all the options available.
    They did answer this too, see:
    6:03:15 PMā€Ž Consultant: eset is sold according to regions
    6:03:36 PMā€Ž Consultant: and we can't renew foreign license, unfortunately
    Nobody said that using a key purchased in another country is piracy. Although most keys used in a different country than they were bought usually are pirated, that's not the definition. A pirated key is one that is obtained with the intention to resell it numerous times to other people, many more than the number of computers the license was originally issued for.
    This is what Marcos referred to when he said we enabled antipiracy measures earlier this year - as of now, we restrict the number of activations on a given license, so this would not be possible anymore. I believe earlier you expressed desire for us to restrict the activities of pirate resellers, so you will be glad to know we already do.
    I admit, this could have been phrased better, there's no denying that. At the same time, they had already provided you with all the information at that time, so there was nothing they could add. But surely, this could have been put differently.
    You can indeed use that key in other countries - in fact, you have been using it in Lithuania for two years, the program worked. However, when it comes to sales, support and renewal, you need to contact the entity that sold it to you.
    Let me tell you an example - you buy a microwave oven from Amazon in USA. When it breaks down, or when you need anything related to it, you can't contact Amazon in Germany and ask them to provide warranty, repair, or refund - even though they operate under the same brand, they are different entities and Amazon USA sold it to you, so only Amazon USA can provide warranty, repair or refund. That does not mean you can't use the microwave in other countries, but the seller who sold it to you is the one you need to contact if anything happens.
    Similarly as with the example above, support from eset.com is for people who buy the license in the USA. For purchases in other countries, each country has its own support. They are not interchangeable. You can't get support from eset.com other than buying a license in the USA.
    You were then probably using a Romanian IP address if that's where you ended up. I believe you can reach out to Romanian support and ask for a refund. If you explain the situation (you can include the link to this thread), there should be no issue - I believe you may contact them in English too.
    I will go ahead and reach out to our Lithuanian partner, explain the situation, show them this thread, so they see what you thought, that you believed they accused you - I believe they will be more than happy to settle things once and for all and provide you with good support, at the time of purchase, and in the future as well.
    Can you just send me privately your email address on which you can be contacted, please?
  12. Upvote
    notimportant gave kudos to TomasP in Rude and unhelpful customer support   
    From what I can see, they wrote "looks like a pirated key". There is no accusation there, just an assessment of the situation the license is in.
    Indeed, individual resellers only see the licenses they sold, so when they saw your license, they could not see it in the system, so they assumed it was bought off an unauthorized resale channel, which in most cases sell pirated licenses - even your license was used on 130 computers, so it indeed is pirated. The license itself. Nowhere it says that you pirated it, just that the license has been sold to many more people. There is no accusation of you as an individual, the comment was made in regards to the license - because it indeed was pirated (again, not by you).
    I hope this explanation makes it clearer that nobody tried to accuse you, they just commented a fact on the license's state. A pirated license means it was pirated by the reseller who sold it to you - if somebody though you used cracks to get a license without paying (which, of course, we know you didn't), they wouldn't call it a "pirated license", they would use a different terminology.
    We provided you with all the assistance, checked the license, explained how ESET licensing and sales works, explained your options, so I hope you see the situation in this light.
  13. Upvote
    notimportant gave kudos to Marcos in Rude and unhelpful customer support   
    This was not accusation. I too told users here in the forum that their license was misused or leaked if they complained the license didn't work and nobody perceived it as a personal attack or accusation of piracy. There were cases when they bought the license on ebay and they simply fell a victim to fraud.
  14. Upvote
    notimportant gave kudos to Marcos in The very nice folks at Eset have told me that my Win 7 32bit OS is out the window.   
    Since SHA-1 code signing support was discontinued throughout the IT industry due to security weakness, all vendors are moving to SHA-2. That said, SHA-2 support will become mandatory soon and there won't be any current version of antivirus that will work on non-SHA2 compliant operating systems. It was not the choice of ESET.
  15. Upvote
    notimportant gave kudos to Marcos in Sites block   
    The detection is technically correct. It's an obfuscated redirector to a kind of pharmacy search which is detected. This is how it looks like after deobfuscation:

  16. Upvote
    notimportant gave kudos to Marcos in Web protection facebook.com and hub.com.pl   
    Yes but it's as complex product as ESMC or even more and it's intended for Enterprise users which is also reflected in the price. PerhapsĀ  you'd better find another solution, e.g. to log access to all visited websites to find out which sites were accessed before the blocked ones.

  17. Upvote
    notimportant gave kudos to Marcos in Files encrypted by ransomware   
    In fact, I provided a proof that on Windows 10 ESET detected and blocked execution of the ransomware and protected the user where the other "free" AV failed. If you have a proof that ESET doesn't protect users well, please provide a proof and support it with logs and other necessary stuff.
  18. Upvote
    notimportant gave kudos to Marcos in Undetectable Virus   
    The fact that a particular AV detects more than ESET doesn't make it better. Rogue applications also find a lot of issues even on clean operating system and it doesn't make them better, quite the contrary.
    If you think that ESET has missed a threat, feel free to submit MBAM's quarantine to samples[at]eset.com and we'll most likely confirm that the object is not subject to detection.
  19. Upvote
    notimportant gave kudos to Marcos in Undetectable Virus   
    I respectfully disagree. MBAM typically ranks lower than ESET in tests and from my personal experience if it detects something that ESET doesn't it's something that is not subject to detection, e.g. benign registry values, folders left after malware infection or PUA, etc.
  20. Upvote
    notimportant gave kudos to Marcos in HTML/ScrInject.B trojan, but site seems clean?   
    Still infected:

  21. Upvote
    notimportant gave kudos to Marcos in Virus not detected   
    As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected.
    This is how the detection would have looked like at that time:
    Scanned disks, folders and files: C:\test2\documento.exe
    C:\test2\documento.exe - Suspicious Object
    Number of scanned objects: 1
    Number of detections: 1
    And here is how ESET reacted with 2-month old modules:

    The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script...
    Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
    7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550;

    And the malicious process was terminated:

    AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.
  22. Upvote
    notimportant gave kudos to Marcos in Virus not detected   
    The file is an activator. Should not be detected as malware but as a hacktool application at most. Those who detect it as malware are wrong. We're not going to detect it for now since we are antimalware and not anti-cracking sw.

  23. Upvote
    notimportant gave kudos to Marcos in unable stop virus   
    We do not provide data recovery services.
    We would have protected the user provided that they had the system secured, preventing attackers from exploiting RDP. Our protection were not most likely password protected so the attacker could easily pause protection. Again, not ESET's fault.
    I don't know what solution you were trying to find if the user had no backup created. The only solution is to pay the ransom and get a decoder with no warranty which we do not recommend.
  24. Upvote
    notimportant gave kudos to Marcos in ransomware attack   
    Just came across a case when a user was hit by Filecoder.Phobos and asked how come they got infected with ESET installed. After analyzing logs, we found out that:
    - the detection for the ransomware was added at least 2 months before the incident
    - password protection of ESET's settings was not enabled
    - detection of potentially unsafe applications was disabled

    We also found out that:
    1, A brute-force RDP attack was performed:
    - Administrator had 22Ā 377 failed login attempts
    - ADMINISTRATOR had 5Ā 438 failed login attempts
    - ADMINISTRADOR had 1Ā 102 failed login attempts
    - ADMIN had 710 failed login attempts
    2, There was a suspicious RDP connection from a foreign country
    3, A local user GhostUser has been created recently
    4, A legitimate tool that can be misused to kill security software has been installed recently (detected as pot. unsafe application)
    5, Event logs have been recently cleared.

    This is a proof that just having a security software installed is not enough; firstly RDP must be secured. Secondly, all critical operating system updates must be installed. Fourthly, ESET must be protected with a password and detection of potentially unsafe applications enabled to prevent protection from being tampered by unauthorized persons.
  25. Upvote
    notimportant received kudos from Nightowl in ransomware attack   
    This is not an excuse. I see this all the time in the customers logs when brute force attacks are performed against RDP.
  • Create New...