Nightowl
Most Valued Members-
Posts
1,867 -
Joined
-
Days Won
17
Everything posted by Nightowl
-
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
For my personal use , I run all at Aggressive , if I have a trouble somewhere , I will just make some adjustments and continue on. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
-
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
ESET has added the detection earlier for the shortcut link , same as the other file which was in the Roaming Folder , it wasn't detected because it was missing the .ext , but as far as I understood it should be detected by now even without the .JS -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
It's completely normal It's available here : https://support.eset.com/en/kb3204-configure-eset-products-to-detect-or-ignore-unwanted-unsafe-and-suspicious-applications For example a software called CheatEngine which is used to make trainers/modify memory while in-game , enabling the option of UNSAFE apps will trigger CheatEngine as a HACKTOOL , while it's completely normal and non-malicious software , but the detection has it's name for the software , it is a HACKTOOL -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Crack/hacktools/keygens and etc are all detected as HACKTOOL by ESET , as if UNSAFE apps detection isn't enabled then ESET won't touch them , or warn about them , because they are not malicious to the user. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
And most probably using a fake crack/torrent that it's purpose is to infect. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Yea probably most of them are getting it from fake torrent or fake DL that pretends to be a cracked version of ADOBE or some kind of another software. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
It's a fake cracked software , usually cracked software crack/bypass the activation/protection methods and usually requires the user to block connection of the software so it doesn't communicate with anything A crack that is trying to get data from a server / report data to a server is a fake crack which is a TROJAN Yet some cracking methods do require emulation of an activation server so it could get a reply from it , but this can be done local. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
-
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
I believe you are mistaken , both files from my post and this file are identical , yet they were in different locations. It is the same : https://www.virustotal.com/gui/file/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5/detection It's just missing it's .ext -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
I understand , thank you ITman -
file protection not working
Nightowl replied to RuiAlas's topic in ESET Products for Windows Servers
Probably from your logs , Marcos were able to notice an old driver running for your ESET Probably removing it normally would fix it , but if not you can use the removal tool , restart your PC and then re-install the latest ESET for your server , then you could have an up-to-date driver that belongs to that version. But as it's an old version lurking then following Marcos instructions would help you solve this if I am not mistaken. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
I understand , thank you Marcos. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Here is the VT link : https://www.virustotal.com/gui/file/1b1640edb3f7213f4338c6e0017a1b9028c6b324d64f3e63c09169540e82f4a5/detection -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
I am sorry but unfortunately I don't have it , but @Vince should , it got uploaded to VT and probably he manually quarantined it to ESET. -
Newest Customer targeted by a payed hacker.
Nightowl replied to Hunter's topic in Malware Finding and Cleaning
Well , that's a lot to answer but I will keep it short , ESET had never had any privacy troubles before and can be trusted, as for your mobile protection , well ESET is only able to detect known malware and maybe 0-day malware for Android and more than that to keep the file system protected as far as it could , the rest is up to you , where you install Android updates and etc and if your device is still supported As for the GSM spying and vulnerabilities , well ESET or any other AV/Security Product won't help you with this, also for the physical help , it is not possible , you probably need some tech services. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Also the shortcut leads to JS script that isn't being detected by anything in VT. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Most likely it was gone when you have manually quarantined the malicious javascript file The detection of bitTorrent has nothing to do with it , switch to Deluge/qBittorent if you want a better client. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Most usually cracked software don't require an active internet connection to some place. They usually reverse engineer the activation methods and bypass/remove the protections. -
As far as I remember ESET Gui doesn't need sudo permissions to be called
-
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
They were talking about Adobe cracked version in earlier posts , unsafe & unwanted options should help him find the crack. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Up at right , you see the Settings Icon , you can switch to Deep Scan And going to settings in ESET GUI , Real Time Scanning and On-demand scan settings , you can select ESET to detect unwanted apps and unsafe apps explained more here : https://support.eset.com/en/kb6692-enable-or-disable-detection-of-potentially-unwantedunsafe-applications-on-an-individual-workstation-in-eset-endpoint-products-6x You can also upload the malicious script to ESET maybe they could see it from their side and add it to the detection, Manually add it to Quarantine and see if the blocks disappear. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
This is probably the threat , upload it to VT/Hybrid Analysis and please post links to the results And manually quarantine it with ESET , and proceed to scan with PUA and Unsafe applications enabled , a deep full system scan Most probably your system is still safe , because most of the calls the trojan downloader or the script was doing were blocked by ESET , so attempts to do malicious things or downloads were prevented most likely -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
No still you need to proceed , select Windows 7 64 Also you can try with www.virustotal.com , it's faster and no queue. -
ESET I.S. Agressively blocking URL, can't find app
Nightowl replied to mandrix's topic in Malware Finding and Cleaning
Upload it please to virustotal to see the results also you can try hybrid analysis web site and app anyrun You can manually put in Quarantine in ESET to see if the blocks stops or not , most probably if you change the ext to .bak or something un-relevant , it should stop working as a script. It's probably a Trojan Downloader , but I can't know what Trojan it is trying to get Startup shortcut calls this script and probably this script calls another infected EXE in your PC so it can continue it's job. --- Try a deep scan with PUA and Unsafe Applications enabled.