Nightowl

By remote do you mean Remote Desktop? If yes , it's then highly recommended to secure the Remote Desktop to specific IP addresses that the server/workstation will only accept connection from, that way it will make it more secure and kept only for your IPs And in ESET there is a protection against Bruteforcing the accounts of RDP.

Unfortunately many of those who run VMs will have to disable it to enable intel vt-x/amd-v for their virtual machines Memory Integrity will prevent you from enabling this option for example in VMWare Workstation

Also by group policy can be disabled , and it needed Admin settings to run , which normally users don't have unless it's a home computer and the person is the admin.

I don't know what commands were in the bat , but could legitmate commands shutdown ESET as a normal user would , I bet they do , but one thing that would stop all this I think is a Passworded settings , once getting to shutdown command/kill , the password would stop it. But I think also HIPS or Self Defense didn't detect it or didn't see this as an attack. I don't know but I think the password would prevent it , unless the kernel was shutdown or whatever was done , I don't know , but I guess they shutdown the kernel or the process , a password would prevent this unless it's vulnerable.

I guess @Purpleroses is confused between HTTPS scanning and secure browser protection Browser protection helps incase something bad passed and was able to intercept your keystrokes or something like that , the secure browser will be scrambling your keystrokes , so whatever eavesdropping or logging you keys , will have it encrypted. HTTPS scanning is different , ESET will add it's own certificate into the machine then it will be able to scan the HTTPS traffic , and if a malware was sent through that HTTPS traffic , ESET will be able to pick it up , without the certificate that ESET adds , it will not be able to scan the HTTPS traffic I could be mistaken of what I described , correct me if I am wrong please.

I think Learning Mode is more designed to be used with Interactive Mode You let the firewall learn the machine for a while and then you switch to Interactive Mode , in that case you will have to manually allow/block traffic to unlearned apps after that. And learning mode will put apps and traffic that it learned and allow them or block them(it could block maybe idk), after that you can also look at the list and remove unwanted rules if the software added something you don't want but if you are looking to use Automatic Mode , then keep it Automatic

Is your office cracked? If it is then I would get rid of it personally as ITMAN said MSRDC is RDP , if you put msrdc in Run command , it will open the Remote Desktop Connection Window

I don't know if it's relevant for you to change the software , but give VLC Media Player a try , it's a good media player.

It's true better to check Task Scheduler , it will try to revive itself from there.

In the behaviour section , you can see what the BAT has done in the VirusTotal link , you could reverse it's changes Better also remove the Adobe products from your PC , and also run a SFC /scannow in an admin CMD to see if there are changes to the Windows itself , so Windows can repair itself back to normal. Also try to deep scan your PC again with ESET (deep scan) and if you need a second opinion after that you could download another scanner or use Defender(it sucks) for a scan , maybe like HitmanPro as second opinion scanner next to ESET , to see if there are any remnants.

Please try my suggestion In Detections area on left side , after clicking that , make sure that Detection Resolved is ticked/not ticked depending on how Protect is reading your detection status And in the middle this one : And if your computers are divided to groups , make sure you select the correct group or select " ALL" And just to troubleshoot if there is Agent connection problem , do you see the computer in "Computers" area as connected?

It shows how much time you have been connected , usually VPN programs do that.

I understand , I didn't know that , thanks bro

But I doubt any kind of decryptor would be on the hard disk , unless the attackers made a mistake

Try to follow these steps here provided by Discord to secure your account more : https://discord.com/safety/360043857751-four-steps-to-a-super-safe-account

I didn't go to the link , but it is a WoW boost? and stuff like gold or equipment I don't recommend doing that , because it's not affiliated with Blizzard or someone official to the game and it can be a scam or you will pay for something and get something else or get nothing. and probably it have to do some in-game trading to be able to get the stuff. Better not bro , I don't recommend it.

Hello mate , welcome aboard

You are getting so much SSDP requests that it looks similar to an DDOS attack, which there is a method as far as I recall that can use your internal addresses to send DDOS to other devices This is happening through uPnP, Try to close uPnP from your firewall and make sure your router's firewall is working and check if those requests keep coming, and also different ports like 137 Try to update your firewall to latest version , disable uPnP , and make sure it blocks connection from outside properly to all ports, if this persists try also to check the other devices in your network to make sure they are clean and not infected.

I believe it's just a bug or the settings in the ESET wasn't being applied correctly to prevent getting ads from the ads servers , could be just an error/bug from ESET side or from ESET software. Funniest thing is that when you enter their US website , you will get a big pop-up WE VALUE YOUR PRIVACY Yes very true and I want to cry from the honesty My Privacy is so Valued in Avast , that because of it's Value , they started to sell it lol

Try to contact support through ESET Gui or through your registered email address for the license , and explain to tech support that the marketing messages isn't going even after disabling , they should fix it through an update or from their side , probably that is a bug

Windows Installer does not allow the addition of product reviews for advertised products that are managed I've translated through Machine , but is your PC under management by an IT team or network administrator?

If the file is too big to be uploaded through ESET Gui or through Email , you can archieve it and protect it with password "infected" and then you can send the link to ESET(Upload it through Google Drive , Microsoft OneDrive etc....) But is your infected file over 50MB/100MB ?

It is indeed a virus and the location of it indicates it more WINDOWS/TEMP , And the file name is more weird ,I doubt some of your colleagues have to work on a file named q.vbs and store in TEMP Remove that file after you send it to ESET , and inform the place where it came from that they are sending malicious files , and if there is no response / action from their side , block them. If your client doesn't use macros inside Word or Excel files , its recommended to disable them by default even from trusted locations.

Please give support for Forticlient and don't forget about it https://www.fortinet.com/support/product-downloads

Sorry posting here but I can't reply to announcement of version and I think it's not worth of creating a new topic. but in the new version it have this FIXED: Various Web access protection issues Is VPN one of them ? Edit : No still doesn't work.