-
Posts
12,195 -
Joined
-
Last visited
-
Days Won
320
Everything posted by itman
-
I searched the web about this and could not find anything in regards to this Microsoft change you state. Eset Browser Privacy & Security will prompt you to add its extension. I suspect this is what you observed. It appears to me you have been infected with one of browser search engine hijack malwares.
-
Website is blocked by ESET with a JS/Agent.rjr Trojan Warning
itman replied to kichus's topic in Malware Finding and Cleaning
Looks like the web site is no longer infected. Neither Sucuri or Eset detect any malware. -
Green Border
itman replied to hustlxr's topic in ESET Internet Security & ESET Smart Security Premium
Refer to the below screen shot. Assuming that Eset Safe Banking & Browsing is enabled with default settings, the green frame should appear on all supported; Chrome, Edge, and Firefox, browser web pages. -
Website is blocked by ESET with a JS/Agent.rjr Trojan Warning
itman replied to kichus's topic in Malware Finding and Cleaning
Sucuri is detecting magneto malware; namely malware.magento_shoplift.38.1. Refer to this article: https://labs.sucuri.net/signatures/sitecheck/malware-magento_shoplift-38-1/ . -
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html This CERT article lists firmware known to be vulnerable along with recommended mitigations: https://www.kb.cert.org/vuls/id/132380
-
Website is blocked by ESET with a JS/Agent.rjr Trojan Warning
itman replied to kichus's topic in Malware Finding and Cleaning
Same here using Firefox. However, Sucuri detects web site injection. It could be Eset Secure Browser mode for EIS and ESSP is blocking the code injection. It also appears to be an infected WorkPress plug-in, http://infinitumpartners.com.au/wp-content/uploads/2021/11/OTP2-Dark-overlay-60.jpg?id=3552 -
The domain is detected by 9 other security vendors besides Eset at VirusTotal: https://www.virustotal.com/gui/url/3e2debcb23564992506ed8278d6cd572be29bcd7c8d0436148600dd70f7b0858 . Most detect it as phishing.
-
First, review this: https://support.eset.com/en/kb6205-manage-auto-renew-settings-for-your-eset-licenses#disable . Are you stating you are receiving the "waiting for verification" e-mail as a result of trying to disable auto renew option via Eset eStore logon as noted in the above linked article?
-
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
Eset does now detect it as "A Variant Of MSIL/AVBDiscSoft.A Potentially Unwanted Application" per recent VT scan: https://www.virustotal.com/gui/file/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0?nocache=1 . I say now since prior scan results at VT were 7 months old with only two vendors detecting it. -
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
A fairly recent detection of MSIL\AVBDiscsoft.A at Hybrid-Analysis: https://www.hybrid-analysis.com/file-collection/651d7f7ee010e723a20317b5 with detailed analysis here: https://www.hybrid-analysis.com/sample/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0 shows the malware present in DotNetCommon64.dll. Since this is a file infector, I would say you should at least run sfc /scannow from admin command prompt window to verify no OS files have been tampered with. -
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
As far as DaemonTools goes : https://www.bleepingcomputer.com/forums/t/572079/2-mals-included-with-daemon-tools-install-file-from-disc-soft-website/ . -
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
It's not ransomware; https://www.fortiguard.com/encyclopedia/virus/10141333 https://www.trendmicro.com/vinfo/us/security/definition/file-infecting-viruses -
Interactive alerts when we turn on the computer
itman replied to Hardq's topic in Malware Finding and Cleaning
Again, if you are deploying Eset recommended firewall rules against ransomware as noted in this article: https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware , one of those rules is to block any inbound/outbound rundll32.exe network traffic. You will have to determine if the rundll32.exe network traffic being detected is legit OS/app network traffic or not. If the network traffic is legit, you will have to create a firewall rule to allow it. Move this allow rule/s prior to the existing deny rundll32.exe rules you created. -EDIT- An example of how to determine if outbound app based rundll32.exe network traffic is legit: https://superuser.com/questions/1598094/rundll32-exe-making-outbound-tcp-connection . -
Some additional ways partial data recovery might be possible; https://www.pcrisk.com/removal-guides/28739-cdpo-ransomware
-
This is the latest variant of STOP/DJVU ransomware. Unfortunately, file decryption is not possible. More information here: https://malwaretips.com/blogs/cdpo-virus/
-
Try the remediation steps shown in the 'Troubleshooting activation errors' section of this Eset article: https://support.eset.com/en/kb7297-resolve-act-or-ecp-errors-during-activation-home-users . If the problem persists, uninstall and reinstall Eset. If the problem persists, contact your in-country Eset authorized vendor: https://www.eset.com/int/support/contact/ . Mouse click on the link, "Product activation troubleshooting."
-
Try this;
-
Correct. Voluum is ad tracking software. When you added the uBlock Origin extension, it blocked the ad from being displayed on the web page. Additionally, UBlock Origin uses a default TPL that can detect and block voluum.com attempted access; refer to this posting: https://forum.eset.com/topic/37661-jsvoluuma-pop-up/?do=findComment&comment=171600 . If no further Eset alerts occur with the uBlock Origin extension installed, your problem has been resolved.
-
If you still get the Windows installer error w/Eset uninstalled, refer to this article: https://medium.com/@windows10help/how-to-fix-windows-10-installer-error-1601-6fc92be4a2ac .
-
Interactive alerts when we turn on the computer
itman replied to Hardq's topic in Malware Finding and Cleaning
Referring to this alert, do you have a HIPS rule that monitors child process startup from PowerShell? If this is the case, you will have to exclude conhost.exe since a number of Win internal maintenance PowerShell scripts invoke conhost.exe.