Nightowl

For my personal use , I run all at Aggressive , if I have a trouble somewhere , I will just make some adjustments and continue on.

This can explain better than I do :

ESET has added the detection earlier for the shortcut link , same as the other file which was in the Roaming Folder , it wasn't detected because it was missing the .ext , but as far as I understood it should be detected by now even without the .JS

It's completely normal It's available here : https://support.eset.com/en/kb3204-configure-eset-products-to-detect-or-ignore-unwanted-unsafe-and-suspicious-applications For example a software called CheatEngine which is used to make trainers/modify memory while in-game , enabling the option of UNSAFE apps will trigger CheatEngine as a HACKTOOL , while it's completely normal and non-malicious software , but the detection has it's name for the software , it is a HACKTOOL

Crack/hacktools/keygens and etc are all detected as HACKTOOL by ESET , as if UNSAFE apps detection isn't enabled then ESET won't touch them , or warn about them , because they are not malicious to the user.

And most probably using a fake crack/torrent that it's purpose is to infect.

Yea probably most of them are getting it from fake torrent or fake DL that pretends to be a cracked version of ADOBE or some kind of another software.

It's a fake cracked software , usually cracked software crack/bypass the activation/protection methods and usually requires the user to block connection of the software so it doesn't communicate with anything A crack that is trying to get data from a server / report data to a server is a fake crack which is a TROJAN Yet some cracking methods do require emulation of an activation server so it could get a reply from it , but this can be done local.

They are the same probably

I believe you are mistaken , both files from my post and this file are identical , yet they were in different locations. It is the same : https://www.virustotal.com/gui/file/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5/detection It's just missing it's .ext

I understand , thank you ITman

Probably from your logs , Marcos were able to notice an old driver running for your ESET Probably removing it normally would fix it , but if not you can use the removal tool , restart your PC and then re-install the latest ESET for your server , then you could have an up-to-date driver that belongs to that version. But as it's an old version lurking then following Marcos instructions would help you solve this if I am not mistaken.

I understand , thank you Marcos.

Here is the VT link : https://www.virustotal.com/gui/file/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5/detection

I am sorry but unfortunately I don't have it , but @Vince should , it got uploaded to VT and probably he manually quarantined it to ESET.

Well , that's a lot to answer but I will keep it short , ESET had never had any privacy troubles before and can be trusted, as for your mobile protection , well ESET is only able to detect known malware and maybe 0-day malware for Android and more than that to keep the file system protected as far as it could , the rest is up to you , where you install Android updates and etc and if your device is still supported As for the GSM spying and vulnerabilities , well ESET or any other AV/Security Product won't help you with this, also for the physical help , it is not possible , you probably need some tech services.

Also the shortcut leads to JS script that isn't being detected by anything in VT.

Most likely it was gone when you have manually quarantined the malicious javascript file The detection of bitTorrent has nothing to do with it , switch to Deluge/qBittorent if you want a better client.

Most usually cracked software don't require an active internet connection to some place. They usually reverse engineer the activation methods and bypass/remove the protections.

As far as I remember ESET Gui doesn't need sudo permissions to be called

They were talking about Adobe cracked version in earlier posts , unsafe & unwanted options should help him find the crack.

Up at right , you see the Settings Icon , you can switch to Deep Scan And going to settings in ESET GUI , Real Time Scanning and On-demand scan settings , you can select ESET to detect unwanted apps and unsafe apps explained more here : https://support.eset.com/en/kb6692-enable-or-disable-detection-of-potentially-unwantedunsafe-applications-on-an-individual-workstation-in-eset-endpoint-products-6x You can also upload the malicious script to ESET maybe they could see it from their side and add it to the detection, Manually add it to Quarantine and see if the blocks disappear.

This is probably the threat , upload it to VT/Hybrid Analysis and please post links to the results And manually quarantine it with ESET , and proceed to scan with PUA and Unsafe applications enabled , a deep full system scan Most probably your system is still safe , because most of the calls the trojan downloader or the script was doing were blocked by ESET , so attempts to do malicious things or downloads were prevented most likely

No still you need to proceed , select Windows 7 64 Also you can try with www.virustotal.com , it's faster and no queue.

Upload it please to virustotal to see the results also you can try hybrid analysis web site and app anyrun You can manually put in Quarantine in ESET to see if the blocks stops or not , most probably if you change the ext to .bak or something un-relevant , it should stop working as a script. It's probably a Trojan Downloader , but I can't know what Trojan it is trying to get Startup shortcut calls this script and probably this script calls another infected EXE in your PC so it can continue it's job. --- Try a deep scan with PUA and Unsafe Applications enabled.