Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by wpsullivan

  1. Actually, looking at the log file, I just discovered that ESET Internet Security said that it found four infected files and deleted two of them. The two it deleted were Log C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.18362.1_none_17f6b61a3c58cd26\slmgr.vbs - VBS/TrojanDownloader.Banload.FA trojan - cleaned by deleting [1] Log C:\Windows\WinSxS\wow64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.18362.1_none_224b606c70b98f21\slmgr.vbs - VBS/TrojanDownloader.Banload.FA trojan - cleaned by deleting [1] The log note says that the files contained only the virus body, so it was cleaned by deleting. Is this going to cause problems? Do I need to figure out a way to get those files back? If I'm understanding what the following page says, ESET may have just wiped out my Windows 10 license: https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-security-spp
  2. I forgot to mention: I had MSRT work specifically on the SysWOW64 folder, but it's not clear that it worked. The results screen didn't show the SysWOW path, and I didn't see the slmgr.vbs file in the results, so it's not at all clear that MSRT was able to see the file or do anything with it.
  3. ESET Internet Security is reporting that it's found VBS/TrojanDownloader.Banload.FA with the following message: Log C:\Windows\SysWOW64\slmgr.vbs - VBS/TrojanDownloader.Banload.FA trojan - error while cleaning Microsoft Windows Malicious Software Removal Tool doesn't seem to be able to see the trojan, even though it's been able to detect Banload since 2015, as far as I've been able to determine. That said, it looks like ESET might have interrupted MSRT; it's hard to tell. I tried to get ESET to delete the file, since that seemed to be the only available option once cleaning had failed but it said "Error while deleting" and couldn't. It keeps trying to delete the file in the background, so now I get an "error while deleting" message every few minutes. (I'm guessing that deleting is failing because slmgr.vbs is a core system file, and Windows 10 won't allow it to be deleted. The options for "Copy to Quarantine" and "Submit for analysis" are checked, so I'm guessing you should be getting -- or maybe already have -- a copy of the file. What should I do at this poInt? I have ESET Internet Security with Version of detection engine: 22262 (20201104) My system is Windows 10 Pro, version 1909 Any information you can provide will be much appreciated.
  4. I was actually just coming to see if I could edit this post. Right after I did wrote this, I stumbled across a very recent ESET support page that dealt with this: https://support.eset.com/en/disable-ssl-filtering-in-eset-windows-products The disable/re-enable SSL filtering part of the post worked for my setup. That said ... there do seem to have been a number of users with this issue this year. ESET should have their certificate added to Mozilla's certificate store so that Firefox could recognize it. That would make life simpler for everyone.
  5. I just purchased ESET Internet Security to go with a new system. Everything was fine before I actually installed ESET. I was able to use Firefox and reach websites and they displayed correctly. After installing ESET, the majority of websites were unreachable. Most were blocked by Firefox as insecure, and the few that weren't completely blocked were broken; their CSS wasn't loading at all. The issue seems to be that ESET somehow takes over the security certificate function. Every single website that was completely blocked was shown as having a certificate issued by ESET SSL FILTER CA, which Firefox said was not a recognized certificate vendor. If I turn off Application Protocol Content Filtering, then most sites seem to work. But turning off that filter removes much of the reason why you would use ESET as an antimalware/security solution in the first place. I've attached images of the messages that Firefox is giving, both the initial block, and the certificate it's seeing on every single site that gets blocked. I'm using pcworld.com as the example, although it happens many many many places. "Mozilla message.jpg" shows the initial block message. On sites where the "accept the risk and continue" message appears, if you pick that option, the site that appears is invariably broken, and its CSS doesn't load at all. On sites with HSTS implemented, the "accept the risk and continue" message doesn't even appear. "Certificate 1 pcworld BROKEN.jpg" shows the certificate that Firefox is seeing for, quite literally, each and every blocked and broken site. "Certificate 2 pcworld working.jpg" shows the certificate that Firefox sees when I turn off application content protocol filtering. It's very different. Is there any way to fix this other than simply disabling the protocol content filtering?
  • Create New...