khairulaizat92

Thanks @marcos for helping in detecting the malware. The malware has been extracted, and if it was the culprit, the signature will be updated in few days maybe.

Will update you later, due to this lptp is my client PC. I believed if i force delete the msiexec.exe on SYSWOW, it will stop the whole process, but never tried it in order to let ESET find a solution into it first.

Its true its being infected by Wauchos, however sadly, ESET didnt found the source of infection. I have submitted the log still waiting for their reply. Each time scanning the "Operating Memory" a malware will be found As i scanned the infected PC using ESS and found the msiexec.exe (xxxxx) resides in the "Operating Memory" has been detected and deleted as Bundil Cs Worm. Even it has been deleted so many time by eset, yet after scanning it keep coming back but come with different unique number at the end of msiexec.exe (xxxxx) <---(this xxxxx number will be different for each restart) which suggest that the malware are still in the system and keep regenerate each time it being deleted. After doing the full scan, ESET cant find the source of infection, instead keep deleting the Bundil Cs Worm at the "Operating Memory". And during my observation, i found out that there was something suspicious regarding the process "msiexe.exe". This file should and supposed located at "C:\Windows\System32\msiexec.exe" and only be launch during Installation. But this msiexec.exe are always in the process. And this msiexec.exe are launch from "C:\Windows\SysWOW64\msiexec.exe" where the place it doesnt supposed to be???? By using "Syntel Process explorer" i found out that this "msiexec.exe" that launch by it self along with other apps seems to get its order from <Unknown> (xxxxxx) <----this "xxxxx" thingy is the same number as the number after the msiexec.exe (xxxxx) discovered by ESET. And when i kill the process, and the whole infection process stopped. About the infection: whenever i pluggin a thumbdrive, this "msiexec.exe" dropped a file into my thumbdrive, around 29MB, but ech time it succeeded on dropping the file, Eset will automatically detect it as "a variant bundpil.CT Worm" and deleted it. So that we conclude that the virus cannot spread through the thumbdrive if there has ESET installed on the PC. But still, the culprit are still left on the system. And again, it still on the system because it keep regenerating it self after being deleted by ESET. Maybe there was something that we missed. ANyway hoping that this will be solved ASAP.

You bets it right when it come to GUI, not all people will love the new GUI 100%, even for me (Personally) Eset sucks in designing something, its ugly But anyway, i didnt care about that, i only care about the performance, and yet ESET did do its best on maintaining it previous performance on new emerging malware and consuming the RAM, so for me its find, but i also have some request, Dont make the UI more complicated, make it simple and easy to be used especially for NOOB like me and also make an option for Expert mode for some professionals out there. As ESET indeed become favorite for IT exert and NOOB in IT as it UI easy to configured. Maintained this and it will become a very good products. Go ESET!! and improve more in this beta version. I love to see more of it

Nice answer...however this two days, eset quite fallen back from it original ranking. https://threatcenter.crdf.fr/?Stats

Ah you only need to notify me, as he is one of my previous client. Usually i manage it properly, before my previous company alliance broken and he look for other provider. And now he came to me so i shall help him. Any sugestion any way? or i will need to redeveloped back the site? Thanks marcos, how can we identify the culprit url or the malware code embeded on the site?

Hi there, i need help on somebody who knows how to check is there any dangerous content on this site: hxxp://aledrusservices.com/ I didnt want to report False Positive as i didnt know either its has been cleaned or not. Please some one verify this. Tq

Ah haa..thanks for the answer, well it seems promising, however it still need an improvement, but i understand, it might be the limitation of the current knowledge and technology maybe. I have test it, and at first, im looking for the check for update to update to the latest definition available, but then i realize it update automatically (this has been stated before). But as Rugk said, it itself didnt have any self protection. Let says if the thumbdrive are infected by well known shortcut viruses, Which hidden the user files and duplicate it by it self (Worm). It might be useless before you launch it. But as the general concept that, prevention is better than cure, so it make me feels a little disappoint. And it also needed to be launch manually huh? When you click log off button, then there will be no more protection for your thumbdrive. Any way, the concept is there, and its really interesting, hope one day, this project will improved a lot.

Hi rugk, is it really working? i mean the clevx protection? does it really operated inside the thumbdrive and scan every files that copied into and already present in the thumbdrive? It seems promising And, clevx are totally different company than ESET right? So ESET didnt sell it right? *UPDATE: Sorry, just read previous thread and it seems to answer all of my question

Another victim fallen to the crypto, i wonder how did they get it in the first place, Maybe less education on safety on the internet anyway. Victim also posted the payment page where he has been redirect to. Who knows maybe it usefull to somebody in the research of cryptolocker. here the link: hxxp:// 7oqnsnzwwnm6zb7y.icepaytor.com/m97wtQ

Don't know where you heard that but that's obviously not true. HIPS coupled with Advanced memory scanner and Exploit blocker monitors the behavior of running processes. Also Live Grid substantially increases response to new threats. This is something that cannot be seen at Virus Total. Let's take the recent Filecoder.DA (aka CTB Locker) outbreaks. While it's been silence in ESET forums about infections, the forum of another technically advanced product was full of complaints of users who got their systems infected and files irreversibly encrypted. Instead of rumors, please give us some facts that can be verified (e.g. hashes of malware that wasn't properly detected). Well again, i read from their comment, and posted it back here for you, and for the undetected Malware, those Malware Hunter already sent a lot of undetected Malware, but yet again, They still thanks and ESET for the lightness on the system usage, the small footprint on their PC, and the high detection of the Malware, but as everything have pro and cons, so dont get me wrong, its not like i tried to tell ESET is bad or something, its the best thing ever exist, it just a feedback that i get from these forum. Im also ESET user, but im not as Expert as this guys. But it might good to put their feedback into consideration on future release.

Just back from around 3 different forum, which consist of Malware Expert, and Malware Hunter forum, Some of their concern about ESET is eset still lack of malware behavior detection. Maybe this still can be improved. In details They said ESET is the best as their respond to new malware are fast but still lack of behavior detection of the malware. Why is this important? As there's been a rumors around telling that hacker do the experiment on their created Malware on Virus total, and they will continue improving to avoid from being detected by current AV. But they (Malware Hunter) also understand that doing this, is a hard work. But still it worth it to make an improvement on that behavior detection. (If this not related to this topic, please inform me and suggest which topic are suitable for this kind of suggestion )

Hi @rugk, if possible, i think for the first question How do you protect access to your smartphone, locking your screen? I think theres is one less option there, can you suggest to them to addup another locking scree option "pattern lock"

Hi have submitted some samples to ESET but ESET says the sample corrupted: The files are at the link below: hxxp://www.mediafire.com/download/m60g2kcg17rfvfg/ESET_Not_Detect.rar Rar Archive Password: infected But i wonder, as VirusTotal , Hitman Pro (Uses cloud bitdefender and kaspersky scanner) still can detect this as virus. Can anyone explained to me, the proper condition of the sample to be submitted to ESET. P/s: These Malware samples has been isolated and collected by Malware hunter on malwaretips forum.

Hi, I know its might sound childish or something (maybe) but im feeling quite un-appreciated for some of the sample being submitted by Malware hunter like me and some of my friends, before this ESET indeed respond to every sample submitted which make it much feeling appreciated. What happened lately? Is ESET getting busier? There might be duplicate samples that submitted as different places that it sent,and they might to busy to reply, but for me it didnt hurt to sometimes respond to the sample sent. to them right?

For me i even wonder why some times they said eset are not performing well, while of course nowadays with rapid canging in MD5 of the viruses, and new born viruses, i would say that even any Av cant say that they can blocked 100% viruses. As i mention before, i own a computer shop and made a comparison between this AV and somehow, ESET is one of the AV that NEVER slows down your PC. Or any file downloading and scanning as claimed by those report. I wonder, why is it so different between REAL WORLD USER EXPERIENCE and test result. One of my partner before this change to use kaspersky after using ESET just to test the performance, then on disember last year, he changed back to eset as he said ESET is much better in term of performance and low system consumption or impact. Well maybe, on their test machine are in controlled environment, while for REAL USER like us, ESET perform much better than others. Anyway, i still hope even with this positive feed back from customer, ESET didnt become careless in rushingly to develop new version of the Software without making a proper testing in term of performance and system consumption. All the best

Hi, firstly admin, i hope you can notify me if im violating any rules by promoting my own business here. Dear @yongsua, im an authorised reseller for Malaysia for Educational and offering special student prices (Only for Malaysian Student) for the price you may refer to my webstore at: Antivirus: hxxp://store.globalsolution.com.my/v2/en/antivirus-internet-security/67-eset-nod32-antivirus-student-1-years-1-pc.html Smart Security: hxxp://store.globalsolution.com.my/v2/en/antivirus-internet-security/66-eset-smart-security-student-1-years-1-pc.html The requirement is you will need to submit a copy of STUDENT ID and you IC as a proof of student and as proof that you are Malaysian Citizen. Hope this help. Contact us at sales@globalsolution.com.my for any enquiries. We are Reseller under ESET Distributor Malaysia.

Windows 8 are known for its instabilty, most of my customers are also facing the same issue lately, almost 80% of MY CUSTOMER that facing problem with windows 8 are because of the fault of that system, and not because of virus. Some times suddenly without any warning the windows 8 become slower and slower, and then my customer came to, and a single reboot indeed fix the problem. I dont know why, i dont know how. But theres is something wrong with this Windows 8 some how. Reboot here meaning to RESTART. Shutting down and start again wont fix the problem. For laptop, usually you will need to remove the battery and might also need to push the power button for a few second before assemble back the battery and try to reboot it again.

Hi, here are the new one, i have double scan it with ESET recent database, and i didnt know why they didnt respond in this two days. the sample has been extracted from malwaretips a collection from one of the forumer there, out of 170 sample, eset seems to miss this 4 file: https://drive.google.com/file/d/0B8Xxzl6GvimabHNxdkJCVnpISDNNM0xTTzZORl9YVmdVbjBR/view?usp=sharing In RAR; Password: infected Virus Total Report: https://www.virustotal.com/en/file/8820eac43b60cc63c728a1285cbbb85edd81ca51568756c5b609f4e093a1617b/analysis/1423308764/ https://www.virustotal.com/en/file/e8186a03a53cba3cfe6b0ea3bcbc7893eb1da84e612060ecfffb8110fa0199a2/analysis/ https://www.virustotal.com/en/file/66c9e75398c202c5c2b917fd0fe9a3089c6a1fa5e74a64c6a2c2b5d6acaf2f14/analysis/1423308261/ https://www.virustotal.com/en/file/2b323a79575a1cb941be4258732dcffc01761c79b484d26273b87cb2f2bade80/analysis/1423308936/ *UPDATE: Recent update of ESET 11140 detect and remove all of the sample. Regards

Nope, eset or any AV vendor didnot provide any tool to decrypt the file, and i did found some soft on Mr Google claiming it can decrypt file encrypt by CTB and put a test on some of infected PC, but it seems not successfully decrypt. The only way is to prevent, once its effected, the chances to recover is as low as 1%.

Well as i fedup on searching, im decided to make one that i think enough to meet my own need

Hi there, have you guys on ESET has seen about this web? Its update daily new "might be" viruses. It might interest you guys on ESET VIRUS RESEARCH. Its tested the files using virus total. hope this can improve the detection rate of ESET: hxxp://malwaredb.malekal.com/ Samples: https://www.hybrid-analysis.com/submissions Samples: hxxp://androidsandbox.net/samples/ *As stated, all this link brought you to a site that collecting samples of Viruses Malware Ransomeware etc. As there are a lot of submission, Some MIGHT BE VIRUSES some MIGHT BE NOT.

Hi gurk some addup here with my work, I have worked up some ESET art design that might can be used for some seller or some fans that find it hard to look the ESET Product box that satisfy their needs in in RAR. It contain, EAV, ESS, ECS, ECSP, EMS, EAV4, EMDSP: *Please acknowledge that this link will bring you to the ads pages, and needed to wait for a while before clicking next. In PSD Eset Multi-Device : hxxp://adf.ly/xYUUa ESET Cyber Security Pro : hxxp://adf.ly/xYbhj ESET Cyber Security : hxxp://adf.ly/xYc6X ESET Smart Security : hxxp://adf.ly/xYcXM ESET NOD32 Antivirus : hxxp://adf.ly/xYdMj ESET NOD32 Antivirus 4 Linux : hxxp://adf.ly/xYdcF ESET Mobile Security : hxxp://adf.ly/xYuFI Why in PSD? I think that maybe people with extra idea might can edit and addup it for better design in future, and maybe in future who knows Maybe will used our design for next version Both Transparent and normal art: hxxp://adf.ly/xYtIb

@rugk, .. Oops sorry didn't mean to steal your thunder I based the "not official" on the comment by foneil, I stand corrected. I have worked up some ESET art design that might can be used for some seller or some fans that find it hard to look the ESET Product box that satisfy their needs in in RAR. It contain, EAV, ESS, ECS, ECSP, EMS, EAV4, EMDSP: *Please acknowledge that this link will bring you to the ads pages, and needed to wait for a while before clicking next. In PSD Eset Multi-Device : hxxp://adf.ly/xYUUa ESET Cyber Security Pro : hxxp://adf.ly/xYbhj ESET Cyber Security : hxxp://adf.ly/xYc6X ESET Smart Security : hxxp://adf.ly/xYcXM ESET NOD32 Antivirus : hxxp://adf.ly/xYdMj ESET NOD32 Antivirus 4 Linux : hxxp://adf.ly/xYdcF ESET Mobile Security : hxxp://adf.ly/xYuFI Why in PSD? I think that maybe people with extra idea might can edit and addup it for better design in future, and maybe in future who knows Maybe will used our design for next version All of this picture (Without PSD) Can be download here: Both Transparent and normal art: hxxp://adf.ly/xYtIb

Is it? I wonder why my distributor didnt provide me one, the one before im getting from my distributor is the one they stored from dropbox, i will ask them again about this. Thanks @rugk i already seen it, and as its in germany, and i didnot have enough skills to edit it, so i kind of rejected it. Thanks