JamesR

ESET Staff
  • Content count

    13
  • Joined

  • Last visited

  • Days Won

    1

JamesR last won the day on October 30 2014

JamesR had the most liked content!

About JamesR

  • Rank
    ESET North America

Profile Information

  • Gender
    Not Telling
  1. From the log you provided, only the E: drive appears to be affected. This is likely a drive that is hosting shares to the network. If this is true, then it is not the Server itself which is infected and there is another computer on your network which is infected and likely not protected by a security product. These can be tricky to resolve, but if you examine the Threat Logs in the ESET Security product installed on the server, instead of ERA, then you should see a column indicating a user name which is generating the threat alert. As long as it shows an actual username (not "NT Authority/System") you will now have the user account which is creating the malicious .lnk files and you simply need to identify which computer that user is logged in from. If the above doesn't work, you can try and isolate which computers are not protected by an ESET Product in ERA and then install ESET on those computers. However, this isn't fool proof as a computer which is on your network, but not in Active Directory wont show in ERA. Attached screen shows where to go in ERA to sort your lists to find computers which don't have ESET Security products installed. In short, your server is protected but you have at least 1 or more computers on your network, which are not protected by ESET. Once you find these computers, you will be able to remedy your situation.
  2. Sentroshi, If you can provide me with the ESET logs in a PM, I can try to help verify what is causing the alerts to trigger. Please follow the instructions below and then PM me the zip file made. 1. Download the ESET log collection tool by clicking or copy/pasting the following URL into the address bar of your web browser: ------------------------------------------------------------------------------ hxxp://download.eset.com/special/ESETLogCollector.exe ------------------------------------------------------------------------------ 2. Save the file "ESETLogCollector.exe" to the desktop of your system. 3. Right-click the file and select "Run as administrator". If prompted, enter the username and password for an administrative account. 4. Click "Accept" to accept the End-User License Agreement (EULA). 5. Click "Collect & Archive". This will generate a zipped archive containing logs from your system and any installed ESET antivirus product. The archive will be saved using the file path and file name specified in the "Save archive as" field. Please wait until you see the message "All files have been collected and archived." It may take some time to process.
  3. BSOD - ekrn.exe

    Hello, For any Gigabit users recieving BSOD's, can you try the following to uninstall System Information Viewer from Programs/Features? System Information Viewer will be labeled as SIV. Steps for those with ESET already installed and recieving BSOD's: 1. Boot to Safe Mode 2. Open an administrative command prompt and run the following 2 commands to allow unisntalls (we will undo this later): REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service" REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" /VE /T REG_SZ /F /D "Service" 3. Navigate to "Control Panel" then "Programs and Features" 4. Locate SIV and uninstall it 5. Back in your administrative command prompt, run the following 2 commands undo what was done in step 2 REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" 6. Reboot your computer and verify if all is well. Steps for those who do not have ESET installed: 1. Navigate to "Control Panel" then "Programs and Features" 2. Locate SIV and uninstall it 3. Install ESET and update If this works to resolve the issue, please reply to this post.
  4. For what you are attempting to do, you will need to create a configuration file. I have attached a configuration file which has only the 2 options you are looking for. To use it, just place it in the same folder as the .msi you will be using. Do not rename the file, it must be named "cfg.xml" Please note that the attached cfg.xml will only work on Home Editions of ESET and has only been tested on Home v8 but should work on Home v4 and newer products. If in the future you would like to make your own configuration file, you can use the following steps to create your own configuration (These steps are can be pretty tricky so please use at your own risk): 1. Install ESET and do not change any settings 2. Export the settings from "Setup > Import and Export settings" and save as "default.xml" 3. Make the configuration changes you desire in the ESET GUI 4. Export the new settings from "Setup > Import and Export settings" and save as "altered.xml" 5. Use your favorite comparison program to compare the files (I prefer Notepad++ with the "Compare" plugin) and locate the items which changed (In Notepad++ they will be highlighted in green) 6. Now comes the tough part, delete the extra settings while preserving the structure of the xml. The above steps are what I did to create the attached configuration. When creating it, I did create a bad config first as I accidentally deleted one of the closing sections of the xml and overlooked that it was missing when I first tested. There is a lot of room for human error when making your own configs. On could just use the configuration file from step 4 and name it "cfg.xml" but this can lead to unintentional problems. For example, exporting a config from Smart Security and importing it to NOD32 will add firewall rules to your NOD32 install. These firewall rules wont work as NOD32 doesn't have a firewall, but I have seen where adding settings which do not exist, lead to undesired results. cfg.xml
  5. Hello, I have submitted your URL as a sample so ESET can add detection. In the future, you can submit malicious or suspect URLs via this ESET KB Article: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141#SubmitWebsite
  6. Hello, If you are still having this issue, it is likely due to your Mac having a Permissions problem with your user profile. To fix this you can run the following command to resolve the issue. sudo chown -R "$USER" "$HOME" There is also another method of correcting Permission issues using Mac OS X's GUI which is fully detailed in ESET's KB Article here: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2835
  7. Hello, In some testing I and another did today, we beleive we may have found the solution you are looking for. Can you execut the 2 following commands from a terminal and then rebooting? As you are using the "Microsoft's purchase/rebranding of ESET" you may need to locate the "esets_set" command and change the file path to reflect the path to your "esets_set". Please inform us if this works to filter all the esets entries in your system.log. sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class=none sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class If for some reason the commands are giving syntax errors, please let me know the following information: - The Mac OS X version - Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro) - The version number for your CyberSecurity product (5 or 6). We may need to adjust the folder path depending on your installed ESET product. Again, please reply to this thread to let us know if this resolves the issue.
  8. Hello, [Edited to have the confirmed solution. Kudos to AlexJ for supplying the final solution.] In some testing I and another did today, we beleive we may have found the solution you are looking for. Can you execute the following command from a terminal and then rebooting? Please inform us if this works to filter all the esets entries in your system.log. sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none You will notice the commands will first add "syslog_facility = none" to the esets.cfg. This tells ESET to no longer log any items to the system.log If for some reason the commands are giving syntax errors, please let me know the following information: - The Mac OS X version - Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro) - The version number for your CyberSecurity product (5 or 6). We may need to adjust the folder path depending on your installed ESET product. Again, please reply to this thread to let us know if this resolves the issue.
  9. Suspiciously Short Virus Scan?

    What you are reporting is normal. When running a Smart Scan ESET is using Smart Optimization. What this does is it checks to see if a file has changed since the last time it was scanned with a specifice Virust Signature. Smart Optimization also uses ESET LiveGrid (aka Threat Sense) to avoid scanning files which were already confirmed clean by others using ESET Software. This helps ESET scan and protect a computer swiftly while maintaining security and accuracy. If you are wanting to scan without Smart Optimization, you can start a Custom Scan and ensure you select the scan profile "In-Depth scan". Then put a checkmark in each item you wish to scan. Should be any "Local Drives", "Operating Memory" and "Boot Sector". The In-Depth profile does not use Smart Optimization and thus will always take a longer time than a Smart Scan.
  10. Hello and welcome Please follow instructions below if you believe a website has been incorrectly blocked
  11. Fortunately the issue you are describing is not malware and Microsoft has a Knowledge Base article on how to resolve your issue. Please reference the article here: hxxp://support.microsoft.com/kb/2463892 If this does not resolve your issue, please contact Microsoft for support.
  12. w32/blaster worm - help!

    Hello Janices, What you are reporting appears to be a Fake Antivirus which prevents the launching of .exe files when in normal mode. Please try running the ESET Rogue Application Remover(ERAR). You will likely need to download it to a thumbdrive from a non infected machine. You can find download links and instructions for ERAR here: hxxp://kb.eset.com/zap/SOLN3035
  13. Yes the ESETSirefefCleaner will not only correct the junctions/symbolic links which Sirefef puts in Windows Defender/Microsoft Security Essentials, but it will also repair the services which Sirefef removes from a system.
  14. 555-555-0199@example.com