khairulaizat92
-
Posts
129 -
Joined
-
Days Won
2
Posts posted by khairulaizat92
-
-
9 hours ago, imvedere said:
So, I have received the license details but the Order History on hxxp://www.getprotection.com.my shows that it is still pending. I encountered 500 internal error when the PayPal redirected me back to hxxp://www.getprotection.com.my, could this be the reason?
Hi that page is being manage by Our Malaysia Local Distributors. You might want to get in touch with them.
-
12 hours ago, Jack said:
This message is being posted on my computer by ESET "http//webunstop.net/wpad.dat?9867908271178a5dd".
I have no idea what it means or how to get rid of it.
It might be something in your PC requested the blocked link. Provide a screenshot as itman instructed
-
Hi @Peter Randziak im previously beta tester for home products, how can i get involve in endpoint products beta testing?
-
Well, as per mention in this forum;
https://forum.eset.com/topic/13067-does-eset-block-file-less-malware/
Another thing is, this so called file less attacks have a behaviour like previous old virus which i didnt remember its name, when it infect the PC (even though it do install it self on the pc before inject legitimate software by modifying it code to include part of the virus it self).
I have seen it once by chance, and yeah eset does protect you from it. But again, just like malware, there are still fileless malware that cannot be detect.
However, by using properly HIPS rules, you can set a rules to protect the targeted system files. Even though im not expert enough to advice which or the example of rules you can set in order to prevent this. For Example you did not use powershell, then set the rules on the hips to block any access to powershell.
However, usually it being used on large company to gain certain profit or for espionage mission. So i dont think regular user will be impacted by this. Unless you are a company user with a lot of sensitive information which cyber criminals or certain country want, you might want to use only your company pc, within you company network that have been firewalled properly and monitored for suspicious activity.
-
Based on my experience, if the issue keep recurring, there probably something wrong with your Wireless Device. You might want to check with them if even after you UNINSTALL the ESET without installing it again and tested it, the problem are still exist.
do you own the wifi device? try to check it settings etc.
Why im saying this? because at the forum you mention that using ethernet cable the website load without any problem.
And another thing is try change the dns setting of your pc wireless settings to google public dns, and see if that makes any changes.
8.8.8.8
8.8.4.4On 4/4/2018 at 4:49 AM, Ladderman said:(we live in the same flat and share the wifi,although the router in the flat complex is there for anybody who signs up to the Wifinity service.Have i made sense there?).
And another thing is based on the above statement, though this is really rare case, but it still happened, your wifi might a little crowded which also might cause the issues. I have experience this once because the wifi are shared with a few people, and the wifi became somehow crowded, which led to this kind of problem.
-
3 hours ago, Marcos said:
Please find an answer at VT:
https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy
Information we share
When you submit content to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive content that their engines do not detect as potentially harmful and are catalogued as harmful by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines. Our service terms require participating anti-malware and security companies to adhere to VirusTotal's Best Practices when using the samples.
Files, URLs, comments and any other content submitted to or shared within VirusTotal may also be included in premium services offered by VirusTotal to the anti-malware and ICT security industry, with the sole aim of improving research and development activities, expecting it to lead to an overall safer internet and greater end-user protection. Participants include a broad range of cybersecurity professionals focused on product, service, and system security and security products and services.
I see, thanks for the answer, i kind of clearer hows the relationship works
So i assume you guys should have received this sample then;
https://malwaretips.com/threads/dont_worry-ransomware.81513/#post-723854
After rechecking i found out that ESET has detect this as a variant of Generik.KOTSBSZ
-
Hi and Good Morning,
Im wondering hows is the relationship between vendors and Virus Total, are Vendors such as ESET are allowed to request uploaded sample files from Virus Total? Or Not at All?
-
42 minutes ago, sindbad said:
@Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable?
Im not expert as marcos, but it should be sufficient for the current ransomware and future ransomware that have traits or behaviour that similar to existing ransomware if your rdp is not compromise, set uninstallation password to avoid endpoint av from being removed or disable.
Again no AV can ever protect 100% from such ransomware as hacker also human, and they can modified and test their software until it cannot be trace. And even antivirus have it own limitation especially when it came to known OS and Firmware vulnerability that already being patch via OS / Firmware update but user did not patch their system which lead it to be exploit by cyber criminal.
So patch your system keep your AV updated, and educate your user. And even if you practice all of this, you already secured up to 90%, to reach 100% protection is impossible.
Additional Note: I remember seeing somewhere in this forum on somebody ask on how the strengthen their protection with HIPS rules. If the mention step are related with you, you might want to applied it to your HIPS rules. -
That image does seems interesting
-
1 hour ago, itman said:
I assume the same way the original ver. was via exploit kits as noted in this Malwarebytes article: https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/
It is distributed as a RaaS, ransomware as a service, which means it is sold on the blackweb and the buyer modifies it to his choosing in regards to payload delivery, etc..
Your customer in all likelihood didn't apply all available and current OS and software patches and this is how he got nailed. Or, he was running Win XP that is no longer supported, etc.. It is somewhat unbelievable he had no realtime AV protection installed unless perhaps he was running on XP.
Well @itman the "Unbelievable" just happened. In this client case, he uses windows 7. And i assured you, its like a common situation in Malaysia. this is personal PC, there are some cases, a library with about a dozen of PCs, does not even have any AV install and using windows xp. However i do think on enterprises level most of them uses antivirus.
-
1 minute ago, Marcos said:
It is typical for ransomware that it removes automatically after encryption is completed so it's pretty normal that you can't find it on the machine any more.
I see, do you know how this 2.0 spread?
-
Just now, Marcos said:
Unfortunately, it is impossible to decrypt files encrypted by GandCrab.
Hi Macros, as per said, i didnt care about decrypting, just need a verification either it still there on the client pc or not, and did this "V2.0" detected by eset?
Would you like an access to the infected pc? -
Hi,
First of all, this customer did not use ESET solution and only using free malwarebyte solution (with no real time protection), and its just a personal computer. And it has been infected with GranCrab v2.0.
So now, 2.0 didnt have decryptor yet, but if possible, i want an expert to assist me to search for this ransomware on his computer.
And i did not know how ransomware works (maybe after activating it deleted it hide it self) but im willing to give access using TeamViewer for anyone who are expert only, that are able to help to determine either it still there or not, and are the sample can be extract.
Just find the so called v2.0 GranCrab and extract it, is enough.
I scan using ESET online Scanner and it detect a few trojan a few worm but for grandcrab it only detect the ransome demand ".txt" file.
the txt file as per attach
-
6 hours ago, Marios Kontos said:
Find attached infected files. What else do you need?
Hi im just assisting them, please also provide ELC (Eset Log Collector), You can look how to use it at Marcos signature how to use Eset Log Collector.
and another thing is which country are you from? called me old timer, but i do think have Eset Rep (Distributor or Related to ESET) to visit the case site to also access the situation might be in someway fasten the process. -
On 3/22/2018 at 10:45 PM, kingsyno said:
Dear all,
How do i get rid of this Win32/Rozena.XK threat?
can you provide the screenshot of the detection? or log from eset? although it might be faster just to have the ESET Staff here to Remote Control your machine.
-
Hi, the culprit in question is the external JavaScript used by the website. As you notified the website owner, they might cannot do anything or detect anything as they might just be an owner only and not the website developer.
The website developer are using javascript source from domscope.com which it cert has expired around 8 days ago. You may check the ssl result test on the below link;
https://www.ssllabs.com/ssltest/analyze.html?d=domscope.com&hideResults=on&latest
You may forward this to the webmaster in case they might have contact with the webmaster or the one who owned the domscope.com and able to prompt them to renew their expired cert. Attached below picture for your perusal
-
8 hours ago, eskie said:
question on message i am getting about address has been blocked and it keeps popping up and can not find a way to remove ,which is pretty annoying , wondering if anyone knows the solution for this Thanks
Hi it shows that there might be a malware still running in your PC. You might want to follow Marcos suggestion
or if you dont mind me taking a look, please do so by using teamviewer and Pm me privately with the login credentials. -
15 hours ago, Xandros said:
I bought my licence directly from Eset.com last year and have been using it ever since.
which eset.com actually? as they always have eset.com/us for US, eset.com/my for Malaysia and many others different country page. You might want to check with them first
-
12 hours ago, Xandros said:
I logged into myEset just now and noticed a licence manager link so, naturally followed it and clicked add licence, put in my key and it just keeps coming up with " Sorry for the inconvenience, there was an error processing your request. "
I've tried doing it with and without dashes in the licence. Checked and double checked the licence key and it still won't let me add it. Is the website broken or something?
Hi, have you checked with your local distributor regarding you license?
-
On 12/17/2017 at 3:45 AM, itman said:
Overall, security product score in regards to protection and false positive capability vary by AV Labs. This is due to the samples used and variations in testing procedures employed.
In this last quarterly comparative by SE Labs: https://selabs.uk/en/reports/consumers , MSE scored poorly in the protection category but received a 100% score in the false positive category. On the other hand, Eset received a score of 100% in both categories. This is why I repeatedly state that multiple AV Lab reports need to be reviewed and an average score by product calculated in evaluating security product effectiveness. Addtionally, it is common knowledge that security product effectiveness can vary based on OS version it is installed on. So that also has to be factored in.
OMG, did those quoted "AV LAB Test" are seeing the result @itman posted here? 100% Detection dude
-
3 hours ago, cyberhash said:
Read this article on a few different sites now. What i did notice was that if you are running windows 10 fall update or later then the method does NOT work and will cause a BSOD
Another reason to update to windows 10
Suppose the blue screen is the better option
I thinks its also stated in the same article that the recent Windows 10 update fix the issues with BSOD. Which means now the malware freely can running accross all windows platform.
-
Hi there guys, this is an interesting news on how the malware could evade from security solution detection . What are your (It Pro and ESET) Opinion on this?
https://thehackernews.com/2017/12/malware-process-doppelganging.html
-
I Love ESET, not because im a seller or a partner, but im personally love its lightness on the system. Didnt consume that much RAM, and provide sufficient protection for me and my company.
Its easy to tweak and can be used by novice and professionals and can be tweak up to expert level.
I did not agreed just to judge an Antivirus based on solely it detection rate and compared it just simply by 10-20% missed. For me if AV can detect more than 80% of malware and viruses every time, its already enough and sufficient. Then the next criteria that needed to be put into consideration are lightness on the system.
However every av has its own weakness, or its not called witness, but somehow it impact the user experience on the products. I quite dislike the SSL scanner, as it somehow, causes some website not to load correctly but somehow, i didnt find a way or understand how this happened.
If i can recreate the issues i will report it but right now i didnt have any time.
Overall besides SSL Scanner which i think necessary but impact on user experience, its great. Overall the best products i ever used. and now 5 years and counting still using ESET.
-
19 minutes ago, BobU said:
Great call. Instantly fixed the issue. But the question remains why on BOTH my Win 10 and Win 7 computer trying to update NOD 32 reports its up to date.
Do you click the version update section? not database update? If yes, and it says it up to date, it might depends on you region or country to release the in product version update. Which usually later that the release date of the standalone of newer version products. This however, is based on my own personal experience.
As for my part, i whenever a stable release of newer version are released, i always do uninstall and install instead of upgrading.
Multi Device how it works
in ESET Internet Security & ESET Smart Security Premium
Posted
Concerning this, try check on your license manager at my.eset.com and please check at the left side, how much is your license are allowed to be installed on the pc, If it says 5 then proceed with the next check. If not, then try this to keep in touch with them https://www.eset.com/uk/enquiry/support/
Other possibilities than that, i didnt know is this still occurred, but during the early launch of the license manager, the activation record on the license manager sometimes duplicated even though on the original pc it has been uninstall. So try check the device listed name for any possible duplication on activation record and remove the duplicate activation record manually by selecting the menu by clicking the arrow at the bottom of the of your PC name.
Removing the activated pc from here will deactivate the products on the listed name pc, so becarefull not to remove the wrong pc name if it was necessary.