khairulaizat92
-
Posts
129 -
Joined
-
Days Won
2
Posts posted by khairulaizat92
-
-
Hello Melmar and khairulaizat92,
I had a recent similar case here, so if you don't have fast answer, I could help to clean your systems and send the samples directly to the ESET lab. For this purpose I need the following information for a start:
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called Main.Txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Main.Txt into your reply.
Will update you later, due to this lptp is my client PC. I believed if i force delete the msiexec.exe on SYSWOW, it will stop the whole process, but never tried it in order to let ESET find a solution into it first.
-
I keep take notification every 25 sec about this url:hxxp:// differentia.ru/diff.php
and with ip:109.206.186.164 and i don't know what to do to delete the site.
my version is eset NOD32 8.1 home edition.
Thank you
Probably your computer is infected and Wauchos malware is running. Please run ESET Log Collector on the infected computer(s) as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466 and email the output to ESET Research Lab as per the instructions in hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141.
Its true its being infected by Wauchos, however sadly, ESET didnt found the source of infection. I have submitted the log still waiting for their reply.
Each time scanning the "Operating Memory" a malware will be found As i scanned the infected PC using ESS and found the msiexec.exe (xxxxx) resides in the "Operating Memory" has been detected and deleted as Bundil Cs Worm. Even it has been deleted so many time by eset, yet after scanning it keep coming back but come with different unique number at the end of msiexec.exe (xxxxx) <---(this xxxxx number will be different for each restart) which suggest that the malware are still in the system and keep regenerate each time it being deleted.
After doing the full scan, ESET cant find the source of infection, instead keep deleting the Bundil Cs Worm at the "Operating Memory". And during my observation, i found out that there was something suspicious regarding the process "msiexe.exe". This file should and supposed located at "C:\Windows\System32\msiexec.exe" and only be launch during Installation. But this msiexec.exe are always in the process. And this msiexec.exe are launch from "C:\Windows\SysWOW64\msiexec.exe" where the place it doesnt supposed to be????
By using "Syntel Process explorer" i found out that this "msiexec.exe" that launch by it self along with other apps seems to get its order from <Unknown> (xxxxxx) <----this "xxxxx" thingy is the same number as the number after the msiexec.exe (xxxxx) discovered by ESET. And when i kill the process, and the whole infection process stopped.
About the infection: whenever i pluggin a thumbdrive, this "msiexec.exe" dropped a file into my thumbdrive, around 29MB, but ech time it succeeded on dropping the file, Eset will automatically detect it as "a variant bundpil.CT Worm" and deleted it. So that we conclude that the virus cannot spread through the thumbdrive if there has ESET installed on the PC. But still, the culprit are still left on the system. And again, it still on the system because it keep regenerating it self after being deleted by ESET. Maybe there was something that we missed. ANyway hoping that this will be solved ASAP.
-
You bets it right when it come to GUI, not all people will love the new GUI 100%, even for me (Personally) Eset sucks in designing something, its ugly
But anyway, i didnt care about that, i only care about the performance, and yet ESET did do its best on maintaining it previous performance on new emerging malware and consuming the RAM, so for me its find, but i also have some request, Dont make the UI more complicated, make it simple and easy to be used especially for NOOB like me and also make an option for Expert mode for some professionals out there.
As ESET indeed become favorite for IT exert and NOOB in IT as it UI easy to configured. Maintained this and it will become a very good products.
Go ESET!! and improve more in this beta version. I love to see more of it
-
Nice answer...however this two days, eset quite fallen back from it original ranking.
-
Hello khairulaizat92,
There injected malicious code, and links to a site that is associated with the spread of malicious software. I will contact them to let them know what I found.
Ah you only need to notify me, as he is one of my previous client. Usually i manage it properly, before my previous company alliance broken and he look for other provider. And now he came to me so i shall help him. Any sugestion any way? or i will need to redeveloped back the site?
I confirm the website is still infected.
Thanks marcos, how can we identify the culprit url or the malware code embeded on the site?
-
Hi there,
i need help on somebody who knows how to check is there any dangerous content on this site:
hxxp://aledrusservices.com/
I didnt want to report False Positive as i didnt know either its has been cleaned or not. Please some one verify this.
Tq
-
Well... it's working. It just scans all files written to the USB drive, but of course it has no self-defense or other features and it doesn't run with/need admin rights.
Yes the companies are different. They are only partnered.
About selling there is another point that has changed in v 3.0: Maybe you already read that ClevX DriveSecurity was preinstalled on a few USB devices. On these devices the latest version you can run is v 2.18. This version is also the latest downloadable from the ESET website.
ClevX DriveSecurity v3 is a kind of "incompatible" with these old version, i.e. if you want to run it on a preinstalled USB drive you have to buy a new license and can't use the preinstalled one. But you can downgrade at any time of course.
Ah haa..thanks for the answer, well it seems promising, however it still need an improvement, but i understand, it might be the limitation of the current knowledge and technology maybe.
I have test it, and at first, im looking for the check for update to update to the latest definition available, but then i realize it update automatically (this has been stated before). But as Rugk said, it itself didnt have any self protection. Let says if the thumbdrive are infected by well known shortcut viruses, Which hidden the user files and duplicate it by it self (Worm). It might be useless before you launch it. But as the general concept that, prevention is better than cure, so it make me feels a little disappoint.
And it also needed to be launch manually huh? When you click log off button, then there will be no more protection for your thumbdrive. Any way, the concept is there, and its really interesting, hope one day, this project will improved a lot.
-
Hi rugk, is it really working? i mean the clevx protection? does it really operated inside the thumbdrive and scan every files that copied into and already present in the thumbdrive? It seems promising
And, clevx are totally different company than ESET right? So ESET didnt sell it right?
*UPDATE: Sorry, just read previous thread and it seems to answer all of my question
-
Another victim fallen to the crypto, i wonder how did they get it in the first place, Maybe less education on safety on the internet anyway.
Victim also posted the payment page where he has been redirect to. Who knows maybe it usefull to somebody in the research of cryptolocker.
here the link:
hxxp:// 7oqnsnzwwnm6zb7y.icepaytor.com/m97wtQ
-
Just back from around 3 different forum, which consist of Malware Expert, and Malware Hunter forum, Some of their concern about ESET is eset still lack of malware behaviour detection. Maybe this still can be improved.
In details They said ESET is the best as their respond to new malware are fast but still lack of behaviour detection of the malware. Why is this important? As theres been a news around telling that hacker do the experiment on their created Malware on Virus total, and they will continue improving to avoid from being detected by current AV.
Don't know where you heard that but that's obviously not true. HIPS coupled with Advanced memory scanner and Exploit blocker monitors the behavior of running processes. Also Live Grid substantially increases response to new threats. This is something that cannot be seen at Virus Total.
Let's take the recent Filecoder.DA (aka CTB Locker) outbreaks. While it's been silence in ESET forums about infections, the forum of another technically advanced product was full of complaints of users who got their systems infected and files irreversibly encrypted.
Instead of rumors, please give us some facts that can be verified (e.g. hashes of malware that wasn't properly detected).
Well again, i read from their comment, and posted it back here for you, and for the undetected Malware, those Malware Hunter already sent a lot of undetected Malware, but yet again,
They still thanks and ESET for the lightness on the system usage, the small footprint on their PC, and the high detection of the Malware, but as everything have pro and cons, so dont get me wrong, its not like i tried to tell ESET is bad or something, its the best thing ever exist, it just a feedback that i get from these forum. Im also ESET user, but im not as Expert as this guys. But it might good to put their feedback into consideration on future release.
-
Just back from around 3 different forum, which consist of Malware Expert, and Malware Hunter forum, Some of their concern about ESET is eset still lack of malware behavior detection. Maybe this still can be improved.
In details They said ESET is the best as their respond to new malware are fast but still lack of behavior detection of the malware. Why is this important? As there's been a rumors around telling that hacker do the experiment on their created Malware on Virus total, and they will continue improving to avoid from being detected by current AV.
But they (Malware Hunter) also understand that doing this, is a hard work. But still it worth it to make an improvement on that behavior detection.
(If this not related to this topic, please inform me and suggest which topic are suitable for this kind of suggestion
) -
You can win one of 15 licenses of ESET Mobile Security (EMS) with Premium features now.
You just have to take part in a small "one minute survey" from ESET.
Just answer 10 questions!
Hi @rugk, if possible, i think for the first question How do you protect access to your smartphone, locking your screen?
I think theres is one less option there, can you suggest to them to addup another locking scree option "pattern lock"
-
Hi have submitted some samples to ESET but ESET says the sample corrupted:
Dear ES4UG Support Team,
Thank you for your submission.
The file(s) you submitted is/are corrupted and therefore not subject to detection.
Regards,
ESET Malware Response TeamThe files are at the link below:
hxxp://www.mediafire.com/download/m60g2kcg17rfvfg/ESET_Not_Detect.rar
Rar Archive Password: infected
But i wonder, as VirusTotal , Hitman Pro (Uses cloud bitdefender and kaspersky scanner) still can detect this as virus. Can anyone explained to me, the proper condition of the sample to be submitted to ESET.
P/s: These Malware samples has been isolated and collected by Malware hunter on malwaretips forum. -
Hi,
I know its might sound childish or something (maybe) but
im feeling quite un-appreciated for some of the sample being submitted by Malware hunter like me and some of my friends, before this ESET indeed respond to every sample submitted which make it much feeling appreciated.
What happened lately? Is ESET getting busier? There might be duplicate samples that submitted as different places that it sent,and they might to busy to reply, but for me it didnt hurt to sometimes respond to the sample sent. to them right?
-
For me i even wonder why some times they said eset are not performing well, while of course nowadays with rapid canging in MD5 of the viruses, and new born viruses, i would say that even any Av cant say that they can blocked 100% viruses.
As i mention before, i own a computer shop and made a comparison between this AV and somehow, ESET is one of the AV that NEVER slows down your PC. Or any file downloading and scanning as claimed by those report. I wonder, why is it so different between REAL WORLD USER EXPERIENCE and test result. One of my partner before this change to use kaspersky after using ESET just to test the performance, then on disember last year, he changed back to eset as he said ESET is much better in term of performance and low system consumption or impact.
Well maybe, on their test machine are in controlled environment, while for REAL USER like us, ESET perform much better than others.
Anyway, i still hope even with this positive feed back from customer, ESET didnt become careless in rushingly to develop new version of the Software without making a proper testing in term of performance and system consumption. All the best -
Thanks to the replies. I agree with the statements above. I have been an ESET fan since few years ago. It has really impressed me a lot. I must say that it is something worth for the customers to actually purchase a reliable antivirus like ESET which has low system impact and provides reliable protection. I wish I could purchase one but I still not afford to buy one. However, I promise I will have it once I have $$$. Thanks and Regards.
Hi, firstly admin, i hope you can notify me if im violating any rules by promoting my own business here.
Dear @yongsua, im an authorised reseller for Malaysia for Educational and offering special student prices (Only for Malaysian Student) for the price you may refer to my webstore at:
Antivirus:
Smart Security:
The requirement is you will need to submit a copy of STUDENT ID and you IC as a proof of student and as proof that you are Malaysian Citizen. Hope this help. Contact us at sales@globalsolution.com.my for any enquiries.
We are Reseller under ESET Distributor Malaysia.
-
Windows 8 are known for its instabilty, most of my customers are also facing the same issue lately, almost 80% of MY CUSTOMER that facing problem with windows 8 are because of the fault of that system, and not because of virus.
Some times suddenly without any warning the windows 8 become slower and slower, and then my customer came to, and a single reboot indeed fix the problem. I dont know why, i dont know how. But theres is something wrong with this Windows 8 some how.
Reboot here meaning to RESTART. Shutting down and start again wont fix the problem. For laptop, usually you will need to remove the battery and might also need to push the power button for a few second before assemble back the battery and try to reboot it again.
-
I've checked the samples on the most recent page. Out of 51 samples, only one was undetected that should be. However, ESET blocked it upon execution so users were protected. To sum it up, the detection of recent malware samples was 100% and improving the detection rate beyond 100% is unlikely to happen
Hi, here are the new one, i have double scan it with ESET recent database, and i didnt know why they didnt respond in this two days.
the sample has been extracted from malwaretips a collection from one of the forumer there, out of 170 sample, eset seems to miss this 4 file:
https://drive.google.com/file/d/0B8Xxzl6GvimabHNxdkJCVnpISDNNM0xTTzZORl9YVmdVbjBR/view?usp=sharing
In RAR; Password: infected
Virus Total Report:
*UPDATE: Recent update of ESET 11140 detect and remove all of the sample. Regards
-
Is there any possibility of getting a tool from eset to decrypt the files.
Nope, eset or any AV vendor didnot provide any tool to decrypt the file, and i did found some soft on Mr Google claiming it can decrypt file encrypt by CTB and put a test on some of infected PC, but it seems not successfully decrypt. The only way is to prevent, once its effected, the chances to recover is as low as 1%.
-
Nice pictures, but didn't you want HD pictures?
Well as i fedup on searching, im decided to make one that i think enough to meet my own need
-
Hi there, have you guys on ESET has seen about this web? Its update daily new "might be" viruses.
It might interest you guys on ESET VIRUS RESEARCH. Its tested the files using virus total. hope this can improve the detection rate of ESET:
Samples:
https://www.hybrid-analysis.com/submissions
Samples:
hxxp://androidsandbox.net/samples/
*As stated, all this link brought you to a site that collecting samples of Viruses Malware Ransomeware etc. As there are a lot of submission, Some MIGHT BE VIRUSES some MIGHT BE NOT.
-
Hi gurk some addup here with my work,
I have worked up some ESET art design that might can be used for some seller or some fans that find it hard to look the ESET Product box that satisfy their needs in in RAR. It contain, EAV, ESS, ECS, ECSP, EMS, EAV4, EMDSP:
*Please acknowledge that this link will bring you to the ads pages, and needed to wait for a while before clicking next.
In PSD
Eset Multi-Device : hxxp://adf.ly/xYUUa
ESET Cyber Security Pro : hxxp://adf.ly/xYbhj
ESET Cyber Security : hxxp://adf.ly/xYc6X
ESET Smart Security : hxxp://adf.ly/xYcXM
ESET NOD32 Antivirus : hxxp://adf.ly/xYdMj
ESET NOD32 Antivirus 4 Linux : hxxp://adf.ly/xYdcF
ESET Mobile Security : hxxp://adf.ly/xYuFI
Why in PSD? I think that maybe people with extra idea might can edit and addup it for better design in future, and maybe in future who knows Maybe will used our design for next version
Both Transparent and normal art:
-
@SCR
Thanks for mentioning. I was too late.
However the majority of the pictures are official - picked from different sources, but everytime they are from ESET or it's partners.
@rugk, .. Oops sorry didn't mean to steal your thunder
I based the "not official" on the comment by foneil, I stand corrected.
@SCR
No really. It's nice that you pointed to my thread. Like I said I was just too late.
And the "official" of course depends on how you define it.
I have worked up some ESET art design that might can be used for some seller or some fans that find it hard to look the ESET Product box that satisfy their needs in in RAR. It contain, EAV, ESS, ECS, ECSP, EMS, EAV4, EMDSP:
*Please acknowledge that this link will bring you to the ads pages, and needed to wait for a while before clicking next.
In PSD
Eset Multi-Device : hxxp://adf.ly/xYUUa
ESET Cyber Security Pro : hxxp://adf.ly/xYbhj
ESET Cyber Security : hxxp://adf.ly/xYc6X
ESET Smart Security : hxxp://adf.ly/xYcXM
ESET NOD32 Antivirus : hxxp://adf.ly/xYdMj
ESET NOD32 Antivirus 4 Linux : hxxp://adf.ly/xYdcF
ESET Mobile Security : hxxp://adf.ly/xYuFI
Why in PSD? I think that maybe people with extra idea might can edit and addup it for better design in future, and maybe in future who knows Maybe will used our design for next version
All of this picture (Without PSD) Can be download here:
Both Transparent and normal art:
-
I think that the official box art (as it's called) is only available for download by approved ESET Partners (through a partner center site). If you are an ESET Partner or Reseller, then you can access box art, banners, and all other graphic collateral. Could I follow-up on and verify this? Yes, probably. I'll check.
*Update: Yes, only ESET Partners who have signed an agreement have access to those assets.
Is it? I wonder why my distributor didnt provide me one, the one before im getting from my distributor is the one they stored from dropbox, i will ask them again about this.
@khairulaizat92
Have you also looked at the second page of my "ESET picture gallery thread"?
I had found some (high-quality) images of some boxes some time ago.
Unfortunately they are ("only") from the ESET Germany, so the text on the boxes is of course in German.
Just FYI I will update this thread right now, because of some other findings - but no these aren't pictures of boxes...
(BTW: You can also follow the thread to get information about the latest updates automatically)
Edit: Okay, thread was updated.
And of course if you find something which could be added there then feel free to PM me and if it's something which fits there then I will add it soon.
@SCR
Thanks for mentioning. I was too late.
However the majority of the pictures are official - picked from different sources, but everytime they are from ESET or it's partners.
Thanks @rugk i already seen it, and as its in germany, and i didnot have enough skills to edit it, so i kind of rejected it. Thanks
)
Address Blocking Notification
in Malware Finding and Cleaning
Posted
Thanks @marcos for helping in detecting the malware. The malware has been extracted, and if it was the culprit, the signature will be updated in few days maybe.