rugk

Here a link to Win32/Filecoder.CA: hxxp://www.virusradar.com/en/Win32_Filecoder.DA/description If you see that the description fits to your system then you are surely affected by it. There is even a full article on WeLiveSecurity about this threat: CTB-Locker: Multilingual Malware Demands Ransom Future news about this threat you may find with the tag CTB. There you can also find the information that you can't encrypt the files. But there they have also listed some tips - some of them Marcos already listed above.

Okay. But in this case ESS should not be able to try to update, so these blue messages should not appear at all. Are you sure your tablet was in (connected) standby at the time this blue error messages were created? BTW: Maybe a moderator can move this post to posts into a new topic as your issue has nothing to do with the other issue described before.

If you really think it doesn't fit to the classification as a PUA then you can submit it to ESET by following the instructions here.

@Megadeivs I think your issue doesn't seems to be related to the issue the thread starter is/was experiencing. But AFAIK ESS doesn't have any support for Connected Standby/InstantGo (which is only available on Windows 8 or higher on specific devices). So I think the developers should either add the support so ESS can update in Connected Standby or should make it the way it doesn't try to update in Connected Standby. BTW: There are also other issues with the ("normal") sleep mode - but as your issue has to do with InstantGo it surely has nothing to do with them.

Okay, so it's the self-protection-system (a part of HIPS) of ESS. That's not very surprising, but if there is an issue and it can be fixed then that's great of course. However it's always not a bad idea to disable the self protection (or HIPS generally) before restoring the system, because there can be many issues and this way you can work around them. Generally this happens to nearly all AVs - but this of course doesn't mean that you get issues in every case when you don't do this. It's just a precaution.

Yes it's this way in Windows. But what has this to do with ESET? And was the system restoring successfully?

Great! So the TS can mark this post as solved now.

What I meant which "run as admin" was that you have to press the button "Run scan as administrator" in the user-defined scan. The UAC will do the rest for you. But there I was only talking about circa 2 lines of all the blue lines, so don't expect any great difference. Like I explained these blue lines do not indicate a (direct) security risk and you can highly assume that it's normal behaviour. Or like it's written in the kb article: So to answer your question in the title: Am I infected? Based on the scan log you provided, no you aren't.

You can check what version numbers for different products and main version (e.g. 8, 7, ...) are the newest on this sites e.g.: for ESET Smart Security for NOD32 Antivirus (Just look at the bottom for "other versions") There you can also download them or you use the download links in the kb article about older versions. Normally the files you can download from kb article are already the newest ones of the specific (main) version. And with a valid license you can upgrade or downgrade to any ESET version you like, also the newest v7 of course - just install the files you have just downloaded. But anyway why do you don't want to upgrade to NOD32 v8?

Yes, the thing with AV-test is a know mystery. Even more than one year ago it was already strange. So on the one hand there are these tests from AV test and on the other hand there are the experience of many users and some test like one from AV Comparatives recently where ESET won the whole Performance test and challenged companies like Kaspersky, Avira and Bitdefender.

** SOLVED ** So some time after my last post I can say that it happens quite rarely. After my last post in this topic it had only happened another time on the 2st of December 2014 and then there wasn't anything of this kind. So maybe it was solved in some kind, so I'm "marking" this thread as solved again. However I will of course watch at this again and if it should happen another time then I will report this here too.

Okay then it wasn't a threat, but only a notification from the interactive Firewall which asked you whether you wanted to allow a inbound traffic. So maybe you were right to block the traffic. However it's really strange that this had an effect on a backup which should have nothing to do with any network traffic at all (even more it should have nothing to do with inbound traffic). So maybe it was just a fortuity and the issue was caused by something else. Have you already tried to re-run the backup and look whether there comes inbound traffic too? If so then you have now the chance to take a screenshot before you click any button.

In this case I would also suggest you to make sure you have enabled the detection of PUA. (What is a potentially unwanted application?)

And your rules list is really empty (or at least there are only the pre-defined rules)?

Well you have really much of these lines. Most are archives from games and contain some password-protected archives. Maybe the game authors didn't wanted that you can open these files and extract the single files. Additionally it looks very much because ESS can see the content (filenames) of the archives, but can't extract them, because they are password protected. And so ESS lists every single file it finds in every archive and says "there is a filename, but I can't read the content - so there is something wrong". Also there are some boot-sectors which couldn't be scanned - this can be solved when running the scan as an administrator. About "System Mechanic": If this is only about the registry then the chance that this has nothing to do with the "blue lines" you get during scanning is high. Because ESET doesn't scan the registry. And the only things I could found in your log about this software is that the installation file has some password-protected files inside. But as far as I can evaluate this, this is nothing where you would have to worry about. BTW this kb article also has some information about the "blue lines": Blue "error opening" notifications in Computer scan log

Yeah, also this hologram thing looks really good. Edit: Just image if you could the ESET robot/android could sit next to you. This would be a great "enhance" of the already existing Augmented Reality app from ESET.

So... It wasn't a PUA which was detected there. Like Marcos said it could be something in the browser cache. Why do you want to exclude this? It's a HTML virus - so delete it. (@Marcos) Well you could of course exclude any file from scanning, but as there is no reason in this case (and in most other cases too) I wouldn't suggest this. ESET has a great site if you want to find information about a malware detection - virusradar.com. And if you search there for this treat you can e.g. find out that it's one of the most often detected threats in the world and you can also find some information on WeLiveSecurity - the blog of ESET.

Generally you can find information how to renew your license here. But often it's quite important to know where you bought your ESET license, because you have to contact the distribution of your country. If you live in US you have to call the following telephone number according to the kb article. You wrote this number in your post, but you forgot a "1"... (BTW: nice telephone number ) And just FYI: In the following kb article are more information about what to do after you renewed your license: What do I need to do after renewing my license? (business users)

I don't know whether ESET SysRescue Live uses LXDE. But it was said that it is based on Ubuntu. But if both facts are true wouldn't it be more useful to use Lubuntu? And no it's not a good idea to make ESET SysRescue Live (in it's actual state) installable. Because ESET SysRescue Live is only (yes, only!) an on-demand scanner - it doesn't have any features like real-time-protection or similar things. Also it's free to use and ESET is a company which have to make money (they have staff, researchers and so on), so this doesn't fit too. If you want an "ESET Linux" then I would suggest you to do these things: Install a Linux distribution of your choice1 If you like LXDE then just install it (if available for your distribution of course) or choose (like I already said) Lubuntu in the first step2 Then install ESET NOD32 Antivirus for Linux Desktop which is the "normal" antivirus system from ESET for Linux users. Unlike ESET SysRescue this contains a real-time-protection. That's all! This is your "ESET OS". 1 In the system requirements of ESET NOD32 Antivirus for Linux Desktop it states a few distributions which are supported, however I think it could work on other distributions too: 2 As Lubuntu is not listed in the system requirements I cannot guarantee that ESET NOD32 Antivirus for Linux Desktop will work on Lubuntu - however Lubuntu is based on Ubuntu (which is listed) so there is a high chance. You might also be interested in this: WeLiveSecurity - Do you really need antivirus software for Linux desktops?

Again I'd like to explain that you have to differentiate between two (or tree) things in the detection and protection technology of ESS. There are the Firewall rules. These are simple allow/block/ask-rules which control whether an application or IP gets inbound or outbound network access. This is done by checking the local/remote IP, application, port and so on against the rules, so that it will either allowed or block the communication. You could say it checks the metadata of the network traffic. There is the IDS. This is a system which analyses the network traffic and blocks attacks regardless of the "metadata". So here you could say it checks the content of the network data. (however some metadata may play a role too, but this isn't important now) And in ESS v8 there is a special Botnet blocker. This works similar as the IDS system, because it also analyses the content of the network traffic, but here it tries to identify local processes which are behaving strange (like a bot). And all of these parts have separate log settings. However generally all things are logged into the same log file - the log file for the firewall. The botnet blocker has AFAIK no log file or it is also logged in the firewall log - I don't know this as I couldn't test it until now. I think the "big attacks" which are detected by IDS are already logged (and in some cases you will maybe also see a notification). And as Marcos said the other checkboxes you can select there about logging are only for troubleshooting - they are not by pure chance below the point "Troubleshooting"... And then there are settings about the firewall rules, you talked at your first post: In this case you have to adjust the rule, so that it will be logged when this rule is "triggered". To do so check the checkbox "Log" in the settings of the specific rule: You have to do this for all rules you like to log. Now about "ICMP destination unreachable": The thing you talk about is (e.g.) a simple reply from a ping command, which indicates that the server/IP is not reachable. I see no reason why this should be blocked and I can't imagine any case where it would cause a security risk. But generally: What ESS does with other ICMP attacks you can read in the in-product help and I also marked the corresponding IDS setting.

@jadinolf At some time before your trail expires you will buy ESET (if you like to use it), so afterwards you will not see this message for a long time.

No the rescue disk isn't a UEFI disk. But this shouldn't matter anyway - except of the boot option you have to choose of course. BTW: BD is Blue-ray, isn't it? AFAIK the boot drive scan should also work with without any issues. If it booted correctly then it should not matter whether you have a BIOS or a UEFI. And just FYI there is even a new version of ESET SysRescue available (called "ESET SysRescue Live") based on Linux... hxxp://www.eset.com/int/support/sysrescue/ More information here: ESET SysRescue Live 1.0.9.0 released But I think this creates also a "normal" disc and not a UEFI-boot disk. And again BTW: Would you like to get some CD/DVD-covers for your CD/DVD? Here you can get them: Picture gallery of ESET robot/android - CD/DVD Cover for ESET SysRescue (Live) - ESET Wallpaper

Okay but this could cause other problems with the design - however maybe it's a thing which could be changed with the next (major) version.

Change the DPI of the screen... But ESET uses nearly the default font sizes which are also used by other programs and control elements in Windows. And if you need there is still a screen magnifier.

The screenshot you added is from the IDS settings which are part of the firewall, but which are unrelated to any firewall rules you have created in the rules and zones editor. That's why ESS doesn't created any logs for any firewall rules if you select these "log settings". But in the settings of the specific firewall rule (in the rules and zones editor) you can enable to log when the rule is triggered.