khairulaizat92

Concerning this, try check on your license manager at my.eset.com and please check at the left side, how much is your license are allowed to be installed on the pc, If it says 5 then proceed with the next check. If not, then try this to keep in touch with them https://www.eset.com/uk/enquiry/support/ Other possibilities than that, i didnt know is this still occurred, but during the early launch of the license manager, the activation record on the license manager sometimes duplicated even though on the original pc it has been uninstall. So try check the device listed name for any possible duplication on activation record and remove the duplicate activation record manually by selecting the menu by clicking the arrow at the bottom of the of your PC name. Removing the activated pc from here will deactivate the products on the listed name pc, so becarefull not to remove the wrong pc name if it was necessary.

Hi that page is being manage by Our Malaysia Local Distributors. You might want to get in touch with them.

It might be something in your PC requested the blocked link. Provide a screenshot as itman instructed

Hi @Peter Randziak im previously beta tester for home products, how can i get involve in endpoint products beta testing?

Well, as per mention in this forum; https://forum.eset.com/topic/13067-does-eset-block-file-less-malware/ Another thing is, this so called file less attacks have a behaviour like previous old virus which i didnt remember its name, when it infect the PC (even though it do install it self on the pc before inject legitimate software by modifying it code to include part of the virus it self). I have seen it once by chance, and yeah eset does protect you from it. But again, just like malware, there are still fileless malware that cannot be detect. However, by using properly HIPS rules, you can set a rules to protect the targeted system files. Even though im not expert enough to advice which or the example of rules you can set in order to prevent this. For Example you did not use powershell, then set the rules on the hips to block any access to powershell. However, usually it being used on large company to gain certain profit or for espionage mission. So i dont think regular user will be impacted by this. Unless you are a company user with a lot of sensitive information which cyber criminals or certain country want, you might want to use only your company pc, within you company network that have been firewalled properly and monitored for suspicious activity.

Based on my experience, if the issue keep recurring, there probably something wrong with your Wireless Device. You might want to check with them if even after you UNINSTALL the ESET without installing it again and tested it, the problem are still exist. do you own the wifi device? try to check it settings etc. Why im saying this? because at the forum you mention that using ethernet cable the website load without any problem. And another thing is try change the dns setting of your pc wireless settings to google public dns, and see if that makes any changes. 8.8.8.8 8.8.4.4 And another thing is based on the above statement, though this is really rare case, but it still happened, your wifi might a little crowded which also might cause the issues. I have experience this once because the wifi are shared with a few people, and the wifi became somehow crowded, which led to this kind of problem.

I see, thanks for the answer, i kind of clearer hows the relationship works So i assume you guys should have received this sample then; https://malwaretips.com/threads/dont_worry-ransomware.81513/#post-723854 After rechecking i found out that ESET has detect this as a variant of Generik.KOTSBSZ

Hi and Good Morning, Im wondering hows is the relationship between vendors and Virus Total, are Vendors such as ESET are allowed to request uploaded sample files from Virus Total? Or Not at All?

Im not expert as marcos, but it should be sufficient for the current ransomware and future ransomware that have traits or behaviour that similar to existing ransomware if your rdp is not compromise, set uninstallation password to avoid endpoint av from being removed or disable. Again no AV can ever protect 100% from such ransomware as hacker also human, and they can modified and test their software until it cannot be trace. And even antivirus have it own limitation especially when it came to known OS and Firmware vulnerability that already being patch via OS / Firmware update but user did not patch their system which lead it to be exploit by cyber criminal. So patch your system keep your AV updated, and educate your user. And even if you practice all of this, you already secured up to 90%, to reach 100% protection is impossible. Additional Note: I remember seeing somewhere in this forum on somebody ask on how the strengthen their protection with HIPS rules. If the mention step are related with you, you might want to applied it to your HIPS rules.

That image does seems interesting

Well @itman the "Unbelievable" just happened. In this client case, he uses windows 7. And i assured you, its like a common situation in Malaysia. this is personal PC, there are some cases, a library with about a dozen of PCs, does not even have any AV install and using windows xp. However i do think on enterprises level most of them uses antivirus.

I see, do you know how this 2.0 spread?

Hi Macros, as per said, i didnt care about decrypting, just need a verification either it still there on the client pc or not, and did this "V2.0" detected by eset? Would you like an access to the infected pc?

Hi, First of all, this customer did not use ESET solution and only using free malwarebyte solution (with no real time protection), and its just a personal computer. And it has been infected with GranCrab v2.0. So now, 2.0 didnt have decryptor yet, but if possible, i want an expert to assist me to search for this ransomware on his computer. And i did not know how ransomware works (maybe after activating it deleted it hide it self) but im willing to give access using TeamViewer for anyone who are expert only, that are able to help to determine either it still there or not, and are the sample can be extract. Just find the so called v2.0 GranCrab and extract it, is enough. I scan using ESET online Scanner and it detect a few trojan a few worm but for grandcrab it only detect the ransome demand ".txt" file. the txt file as per attach CRAB-DECRYPT.txt

Hi im just assisting them, please also provide ELC (Eset Log Collector), You can look how to use it at Marcos signature how to use Eset Log Collector. and another thing is which country are you from? called me old timer, but i do think have Eset Rep (Distributor or Related to ESET) to visit the case site to also access the situation might be in someway fasten the process.

can you provide the screenshot of the detection? or log from eset? although it might be faster just to have the ESET Staff here to Remote Control your machine.

Hi, the culprit in question is the external JavaScript used by the website. As you notified the website owner, they might cannot do anything or detect anything as they might just be an owner only and not the website developer. The website developer are using javascript source from domscope.com which it cert has expired around 8 days ago. You may check the ssl result test on the below link; https://www.ssllabs.com/ssltest/analyze.html?d=domscope.com&hideResults=on&latest You may forward this to the webmaster in case they might have contact with the webmaster or the one who owned the domscope.com and able to prompt them to renew their expired cert. Attached below picture for your perusal

Hi it shows that there might be a malware still running in your PC. You might want to follow Marcos suggestion or if you dont mind me taking a look, please do so by using teamviewer and Pm me privately with the login credentials.

which eset.com actually? as they always have eset.com/us for US, eset.com/my for Malaysia and many others different country page. You might want to check with them first

Hi, have you checked with your local distributor regarding you license?

OMG, did those quoted "AV LAB Test" are seeing the result @itman posted here? 100% Detection dude

I thinks its also stated in the same article that the recent Windows 10 update fix the issues with BSOD. Which means now the malware freely can running accross all windows platform.

Hi there guys, this is an interesting news on how the malware could evade from security solution detection . What are your (It Pro and ESET) Opinion on this? https://thehackernews.com/2017/12/malware-process-doppelganging.html

I Love ESET, not because im a seller or a partner, but im personally love its lightness on the system. Didnt consume that much RAM, and provide sufficient protection for me and my company. Its easy to tweak and can be used by novice and professionals and can be tweak up to expert level. I did not agreed just to judge an Antivirus based on solely it detection rate and compared it just simply by 10-20% missed. For me if AV can detect more than 80% of malware and viruses every time, its already enough and sufficient. Then the next criteria that needed to be put into consideration are lightness on the system. However every av has its own weakness, or its not called witness, but somehow it impact the user experience on the products. I quite dislike the SSL scanner, as it somehow, causes some website not to load correctly but somehow, i didnt find a way or understand how this happened. If i can recreate the issues i will report it but right now i didnt have any time. Overall besides SSL Scanner which i think necessary but impact on user experience, its great. Overall the best products i ever used. and now 5 years and counting still using ESET.

Do you click the version update section? not database update? If yes, and it says it up to date, it might depends on you region or country to release the in product version update. Which usually later that the release date of the standalone of newer version products. This however, is based on my own personal experience. As for my part, i whenever a stable release of newer version are released, i always do uninstall and install instead of upgrading.