Nightowl

Rambler is a website that is similar to Yahoo/MSN and is owned by Sberbank , I doubt it will launch attacks on specific users to steal their instant messaging accounts Another connection is that the attackers used emails from Rambler.ru services , which is the same thing if the attacker used gmail or proton or whatever , since even bad actors that aren't connected to PC work used ProtonMail which is based on Switzerland. It doesn't matter where it's coming from , even if from your friends , if the link isn't supposed to come or the message look weird , don't open it

Thanks for your assistance ITMAN I will check it out. I wish I had an easier route rather than messing with Microsoft's GPO

I was looking at it yesterday (SRP) , but your explanation is better than what I was reading , I will give this one a try , and apply it to specific folders like Downloads , TEMP etc. and will see what happens About Downloads location , I bet I can keep it there , I just put the wanted extentions to be blocked Thank you bro.

I will try to do it through Fortinet filters.(hardware firewall) Thank you bro. I will try to google for best practices/hardening and take a look Thanks for suggestions Should also block Python,Firefox,Chrome,VLC,7zip,rar from running from AppData/TEMP or creating new applications from there like that remcos variant that brought it's vulnerable exes with it I think in first place , since powershell , cmd is prevented , the next step of the vulnerable exes shouldn't come , but who knows Anyone have suggestion?

Is there anyway to prevent *.VBS and *.PIF from being downloaded , received from Skype/Whatsapp etc ?

Solved

Hello , please check this sample , I sent also from my email https://www.virustotal.com/gui/file/ce0e2c758444ae6e3be95b83e0f53990e722472e75113d57b18a19cb8e397ca9?nocache=1 [TRACK#64EAFA9300F7]. EDIT : Support answered.

That should do it , and also there is Potentially Unwanted Application , enable them , if you want higher detections , you can go with aggressive reports and detections. You can keep MBAM as second opinion scanner , without the real-time parts being active. , just a scanner when you need it as itman said , it will cause conflicts , doesn't matter which one you want to keep in the end it's your own opinion and thought of which proves to be better for your usage , but one realtime protection should be active at the time , otherwise it would conflict and cause problems and maybe blue screen crashes.

I have a question apart from other replies Did you open detection of Unwanted and Unsafe applications ?

VHO and HEUR are the heuristic namings if I am not mistaken You will find them on Checkpoint , ZoneAlarm , Bitdefender I think also , because those use the kaspersky engine.

I am sure that the PC I worked with didn't have Python and the person who works on it doesn't have any programming skills or anything , I even searched for Python traces on PC , there is not.

I believe so also , GSM or signal issue , because ESET won't touch the GSM parts if I am not mistaken.

Is it an internet call or normal GSM call Internet whatsapp calls can be blocked in some companies or networks , that's why you might not be able to call for example. ESET for Android doesn't provide a Firewall so there is no way it could have blocked it. On my device I use it , but I never experienced such thing

This is what happened with me , the infected PC I worked on had a person who doesn't know programming and doesn't know even English language , so naming the files fruit and idea and stuff like this made it a bit suspicious , and there is no even Python installed , the RAT supplied its own Python.

This is what I posted about recently , it's nice read by the way , thank you https://news.drweb.com/show/?i=14728&lng=en I found the Dr.Web article about it.

Try changing your DNS in your computer/router I don't see any reason for ESET to be blocked in Indonesia , other than that ESET have an office there so most likely it's not blocked and some other issue.

Here bro , you have to repair the Master Boot Record for the devices. Check instructions for which Windows is running. https://neosmart.net/wiki/fix-mbr/

Indeed it's just my opinion , many will disagree with me , and true vulnerabilities happen to all , but I just found other brands easier to work with.

4 years before I had a client with Mikrotek , one of the worst experiences I had with a router/firewall..

Hello, Check here for instructions how to repair the MBR because as far as I know AVs cannot do it / dis-infect the MBR. https://neosmart.net/wiki/fix-mbr/ And here is from ESET Hungaria https://www.eset.hu/tamogatas/viruslabor/virusleirasok/abcd They explain about the threat you have in your detection log. It's pretty old virus , but how did you revive that up? did you plug an old hard disk?

Hello brother , I am good thanks for asking Thanks for explaining , I understand Have a nice day

What was the solution , just interested.

Try this when you boot back to normal environment DISM /Online /Cleanup-Image /ScanHealth Does it find corruption? Not trying to interrupt with Marcos , please follow with him because he is an ESET Staff , I am not But try to download ESET Online Scanner , and put it to detect unwanted apps and unsafe apps , and let it scan deep , does it find something weird?

Are you the Admin? If you are , try to see if your Windows is corrupted Run this from CMD Admin sfc /scannow

Thank you Peter , I will do if something happens Thanks for the assistance.