-
Content Count
8,013 -
Joined
-
Last visited
-
Days Won
195
Everything posted by itman
-
Virus that steal YouTube links not detected
itman replied to Dakmp's topic in Malware Finding and Cleaning
YouTube scams are nothing new. Below are a couple of them: https://www.msn.com/en-us/news/technology/how-malware-started-a-bitcoin-hack-that-youtube-just-can-e2-80-99t-keep-up-with/ar-BB17JlUW https://www.leaprate.com/cryptocurrency/regulation-cryptocurrency/crypto-fraud-alert-new-trojan-horse-malware-on-youtube-bitcoin-video/ This is one reason many security forums prohibit YouTube reference link posting. -
A couple of closing comments here. 1. You disabled Eset thereby allowing the malware to install a bootkit on your device. Hopefully, you learned a lesson to never do that again. 2. You need to upgrade to Win 10 ASAP. Why? The likelihood of boot/rootkits occurring on Win 10 x(64) is greatly reduced due to kernel patch protection; i.e. KPP, employed in Win 10. Additionally, Eset running on Win 10 employs an early launch anti-malware; i.e. ELAM, driver that loads at boot time prior to any other app drivers. In this case, Eset would have been able to block the bootkit from loading a
-
I read a posting over at bleepingcomputer.com that Kaspersky's TDSSKiller will remove this type of boot/rookit. You can give it a shot and see if it detects and removes the rootkit. It runs very fast and will produce a log file. Review the log file and see if anything was detected. If so, wording will probably exist instructing you to reboot the PC to complete removal of the rootkit. TDSSKIller can be downloaded here: https://support.kaspersky.com/5350#list -EDIT- After opening TDSSKiller but prior to running it , select "Change parameters" and ensure all the settings shown in this
-
Virus that steal YouTube links not detected
itman replied to Dakmp's topic in Malware Finding and Cleaning
Panda has an article on this: https://www.pandasecurity.com/en/mediacenter/mobile-news/youtube-virus-tips/ . -
You can try using Kaspersky Virus Removal tool: https://support.kaspersky.com/8528 . Make sure when run to select "Change parameters" and select all objects shown including the system drive. Note: If this app refuses to run or aborts shortly after startup, rename the file download - KVRT.exe - to something else and run the renamed executable.
-
Further clarification need on this. Are you referring to the Eset desktop toolbar icon missing? Does Eset still exist in the Win 10 Start menu? Is the Eset service, "Eset Service," listed in Control Panel -> System and Security -> Administrative Tools ->Services? Is the service started and running? Does this folder, "Eset", still exist in C:\Program Files? Does it contain the "Eset Security" folder? Does this folder contain sub-folders and files?
-
False "Website certificate is revoked" message
itman replied to hectorx's topic in ESET NOD32 Antivirus
Same here connecting from the U.S. No issues from Eset connecting to this URL, https://status.camerfirma.com , using Firefox, Edge - Chromium, or Internet Explorer. -
Do you have an existing Eset product installed on this device? If it is not Eset Endpoint Antivirus, it should be uninstalled prior to installing the version of Eset Endpoint Antivirus you downloaded. Perhaps you have Eset Endpoint Security installed on the device?
-
If problems persist after running ESET Online scanner, you could also try performing a Win system restore using a restore point prior to when you installed the app/malware. This won't remove all of the malware and/or app but should reset system settings to what existed prior to the app install. This will hopefully also restore Eset functionality to the point you could run a full scan with it. Note: the malware may have disabled system restore functionality.
-
Cannot download installers with Protect 8.0
itman replied to Command IT's topic in Remote Management
No offense taken. My advice is submit the installer to Hybrid-Analysis: https://www.hybrid-analysis.com/ , for a full sandbox analysis and see what it determines. -
Cannot download installers with Protect 8.0
itman replied to Command IT's topic in Remote Management
Further analysis of VT sandbox findings confirms my early suspicions. To understand what is going on, two epi.exe, aka bootstrapper.exe, processes are running. One as the parent process and one as a child processes. Note that the epi.exe processes are not the same. The malicious process being detected at VT is the unsigned parent epi.exe process. The child epi.exe process spawned is legit and validly signed. Ref.: https://www.virustotal.com/gui/file/a7af6d852fadd2bf4b9ef36b3f96e322e08254b20682fe174b0c38738e5f3864/detection Of note is most of the VT detection's for the pare -
Cannot download installers with Protect 8.0
itman replied to Command IT's topic in Remote Management
VT is slowing conflicting info. per the below screen shot. Again, its flagging bootstrapper.exe as the problem. This file is signed. Also, VT lists epi.exe. But, when I scanned the hash for the extracted file, there were no detections. It's as if VT is perhaps detecting the downloaded ver. of epi.exe which I assume is a latest ver. update of the file? -
Cannot download installers with Protect 8.0
itman replied to Command IT's topic in Remote Management
Perhaps the prudent thing to do here is that Eset provide the file hash for epi.exe. Then compare that hash value to the epi.exe file hash value downloaded. -EDIT- Also the VT detection is for bootstrapper.exe which appears to create the following: C:\Users\<USER>\AppData\Local\Temp\eset\bts.session\{02D83BBE-EB93-B7D9-1A5E-10CDAD2E32F1}\epi.exe C:\Users\<USER>\AppData\Local\Temp\eset\bts.session\{02D83BBE-EB93-B7D9-1A5E-10CDAD2E32F1}\sciter-x.dll C:\Users\<USER>\AppData\Local\Temp\eset\bts.session\{02D83BBE-EB93-B7D9-1A5E-10CDAD2E32F1}\eguiActivation.d -
A couple more discussion points on this issue. If you have a Visa or MasterCard logo debit card and the merchant accepts either in credit card form, they must also accept a debit card for payment by either. If they don't, they are in violation with their existing payment processing agreement with Visa or MasterCard. Something for you to check out. If this is the case, you can file a formal complaint with Visa or MasterCard. The only other reason I can think of is why a merchant wouldn't accept a debit card deals with payment issues. A debit card transaction is for all practical purp
-
You're referring to "seats." For example, a 3 PC license has only one license key but 3 seats allocated to it. When this license is installed on a PC, a seat is allocated to it. To reallocate a previous used seat to another device, you uninstall Eset on the device where it is installed. This should automatically remove this seat allocation in Eset License Manager. You can now install Eset on another device and a seat will be allocated to this device in Eset License Manager. However, sometimes things get screwed up for a variety of reasons and the seat allocation in Eset License Manag
-
Addon Isssue for FF BPP Profile
itman replied to COStark26's topic in ESET Internet Security & ESET Smart Security Premium
Of note is if you run in permanent private browser mode in Firefox as I do, all your history is auto deleted at browser close time. -
Appears it depends on whether your debit card is restricted to use only within Canada: https://travel.stackexchange.com/questions/112712/can-i-use-us-bank-issued-credit-debit-cards-in-canada#comment274511_112714 I believe most Visa/Mastercard sponsored bank issued debit cards can be used internationally but some countries have problems. You need to contact your bank about use of your debit card outside of Canada. Your complaint should be why Eset N.A. does not have a relationship with financial concerns outside of the U.S. in countries that th