itman
-
Posts
12,197 -
Joined
-
Last visited
-
Days Won
321
Posts posted by itman
-
-
Just now, RetroRafay said:
Will ESET remove that virus if it gets in my computer?
Maybe. It all depends if Eset can detect the malware. If its 0-day malware, I would say you will probably be nailed.
-
1 minute ago, RetroRafay said:
Because let's say that I add an exception to this, would my computer be damaged or maybe hackers will take over it?
That is a distinct possibility. Since the web site is infected, creating an exception for the detection is done at your own peril.
-
Based on prior forum postings on this topic, one possibility is vulnerable software exists on the device and these detection's are attempts to exploit those vulnerabilities.
Review of the Eset logs on the device should yield details on the source of these detection's.
-
Refer to this posting for further assistance: https://www.bleepingcomputer.com/forums/t/788610/how-to-repair-encrypted-files-yyza-extension-stop-djvu/?p=5549768 .
Note that unless someone else has paid the ransom and provided the decryption key to Emsisoft, it will not be possible to decrypt files using their decrypter tool.
-
This is a newer Djvu ransomware variant. As such, it is highly unlikely a decryption key exists for it.
PCRisk has a detailed article on this ransomware here: https://www.pcrisk.com/removal-guides/27456-yyza-ransomware .
-
When you were infected with this ransomware, did you have an Eset product installed?
-
I can access whclab.com w/o issue using Eset. This includes the checkout area where magacart malware hides.
-
4 hours ago, Marcos said:
Their administrator has blocked the "parked domains" category in Web Control.
Per APIVoid, the domain is not parked;
-
5 hours ago, Wingo-IT said:
wingomarkets.com
I can connect to this domain w/o issue using Eset.
It appears the issue lies with Myfxbook and how they have configured their Eset installation.
-
Did you try to activate Eset using your existing Eset license key?
I have had HDD crashes in the past resulting in Win 10 being installed from scratch on new HDD. Then Eset being installed. I never had an issue activating Eset again using my existing license key.
-
41 minutes ago, am_dew said:
If I export my EIS settings, then uninstall EIS for a few days, then if I re-install EIS, and then import those saved settings back into EIS, will things be exactly like they were before I uninstalled EIS?
Correct.
-
18 hours ago, Dan_Baird said:
Thanks a lot for the assist. Will try, then get back to you if it fixes.
Note that the Windows Security Center validation is to verify if Eset is properly registered within it. Proper Eset registration yields an "on" status for Eset Security and firewall with Microsoft Defender and Windows firewall showing an "off." status. Ensure you post the result of this verification.
Once this verification as to status is completed, we can proceed with other possible causes why the Microsoft Defender Engine process might be running.
-
Further analysis yields there is a way to provide to provide ACS support for Win 10 1903+ versions. Microsoft has removed all ACS support KB's for Win 10 versions prior to 1903 from the Win Catalog other than LTSB versions.
If you refer to Micosoft's article on ACS support: https://support.microsoft.com/en-au/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4 , you will note there is no KB listed for Win 10 1903. Likewise if you try to install the KB listed for Win 10 1909, that won't work either because it is for LTSB version only.
However if you access KB5005611 which is the ACS support KB listed for Win 10 2004, 20H2, and 21H1, it states the update applies to all Win 10 versions 1903 and later;
Select the version 21H1 update applicable to your OS version.
For additional reference you can refer to the Sophos ACS article: https://support.sophos.com/support/s/article/KB-000045019?language=en_US
Finally and important, you need to verify that this certificate,Microsoft Identity Verification Root Certificate Authority 2020, exists in your Win root CA store using certmgr.exe. If it does not, you will need to download and install the certificate manually. Refer to the above linked Microsoft ACS article on how to do that.
-
I have a suspicion why Eset might be throwing a detection on this game.
A couple of comments from Reddit;
QuoteI just finished downloading riders republic on epic games launcher, it was a 22gb download and when i clicked launch it took me to Ubisoft connect where it proceeded to start another 24 gb download. When I searched online it says that the game is only 22gb in size so can anyone explain what is going on or is this some kind of issue with the game?!
I had this game installed before but deleted it. The first time I downloaded it this did not happen so i am very confused.QuoteUbisoft connect is like malware. Had the same thing happen. I selected to install it to my external disk drive then finished downloading and installing then Ubisoft connect decided it needs to go on my SSD then reinstalled the whole thing. Fuck Ubisoft connect. It’s somehow worse than EA origin
https://www.reddit.com/r/gaming/comments/11ef1ga/i_just_downloaded_riders_republic_and_its_making/
-
13 hours ago, cyberhash said:
I have upc.exe in the same folder and it does not show as being detected
Are you receiving any Eset detection on RidersRepublic.exe?
-
I will also note that Eset detected a malware status of RidersRepublic.exe when the following occurred per your posted Eset Detection log entry;
"Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe."
So this upc.exe file should also be submitted to Eset for analysis via Submit sample for analysis option in the Eset GUI Tools section.
You can also submit this upc.exe file to VirusTotal.com and see if detection's for it exist there.
-
1 hour ago, Gunzta said:
could you possibly hold my hand a little more and walk me through your reply in language that I might understand?
With the low detection rate at VirusTotal, it could be an Eset false positive detection.
You should submit RidersRepublic.exe to Eset for review as such. You do this by accessing the file in Eset GUI Quarantine section. Mouse right click on the file and select, Submit sample for analysis. Change the Reason for submitting the sample field to "False positive file."
-
Presently two detection's at VT on this one; Eset and Rising: https://www.virustotal.com/gui/file/6a948d7ee8796b35543075dec549956d84e3d7026c48657335f9d2fc6712a2c2/detection .
Eset might be triggering on the presence of VMProtect.
-
3 hours ago, Marcos said:
Clicking the link above downloads the file alright without any alert being triggered by ESET.
Augur detection triggers in ESSP using Firefox;
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/6/2023 3:14:54 PM;HTTP filter;file;https://smelel.icu/sm/redirect?landID=40&company=29374&uuid=e641a93e-8f14-40a7-9316-1d443f385b06&apiKey=b68c106c3df6f586f8cb1f48c5036112;ML/Augur.C trojan;connection terminated;xxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (3AC154D0A0390E254E88F9BF89E7040B00ED02F3).;2C03C7B3B8AEAD5C16FB471F5760B54641AFE5E6;10/6/2023 3:14:51 PMhttps://www.virustotal.com/gui/file/05f1adce2d162fc881ccc2f633342dade521e92fa0a0d84f14ced9f8f436fa8c
-
Belaboring to the nth degree on this subject, the problem is how Win Server 2008 performs Win updating.
Note that in Win 10, a cumulative update is actually installed after a system restart when Windows enters its isolated startup mode; i.e. blue screen with circle rotating mode. Such is not the case for Win Server 2008. It appears, the update is fully installed with only a system verification done as to its status after system restart.
What happened with the KB5006728 update was upon required system startup after installation, Eset verified that ACS was installed and set the HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\ACSSupport key. Windows then completed the verification for the KB5006728 update by verifying if ESU existed since this update was only allowed in this status. Windows seeing that ESU was not in effect, then rolled back the KB5006728 update by uninstalling it. Eset did not recognize that KB5006728 was uninstalled removing ACS support. From this point on, Eset thinks ACS support is still installed because HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\ACSSupport key states it is.
This issue doesn't exist in Win 10 EOL/EOS versions because Windows checks for ESU support prior to beginning the KB installation processing and terminates it at that point with appropriate lack of ESU support reason for installation failure.
-
9 minutes ago, Marcos said:
This value is created regardless of what updates are installed. It's created when an ACS test is successful and the signature is confirmed to be trusted.
1 hour ago, LesRMed said:I restarted the server, and on reboot I got the screen about applying updates, but then got Failure configuring updates (as expected) and reverting changes.
At system restart, ACS support did exist via KB5006728 previous install. However, due to lack of MAK license; i.e. ESU, KB5006728 install was rolled back resulting in the device without ACS support.
-
56 minutes ago, LesRMed said:
I installed KB5006728 again. After the install, but before restarting, I again verified that the ACSSupport registry key did not exist. I restarted the server, and on reboot I got the screen about applying updates, but then got Failure configuring updates (as expected) and reverting changes.
The anomaly here is on Win 10, these KB updates won't even start installing. Therefore, HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\ACSSupport key never gets created. I attribute this to the age of Win Server 2008 R2 and that Win Updating was in a developing state then. Also and very much evident is Eset never tested that these Microsoft KB's actually worked on EOL and EOS OS versions.
56 minutes ago, LesRMed said:I give up.
Same here. I am "throwing in the towel" on the ACS support baloney since there is no way to implement it on EOL and EOS OS versions w/o ESU.
-
6 minutes ago, LesRMed said:
The only way you can get ESU on 2008 R2 now is to move the server to Azure
Is that that a big deal? The whole point is to get ACS installed on the device. After that, you don't need ESU anymore.
-
On 10/4/2023 at 10:30 AM, LesRMed said:
it looks like ESU actually looks for a MAK to determine if the update is allowed.
QuoteHow you get ESUs depends on where your server is hosted. You can get access to ESUs through the following options.
-
Non-Azure physical and virtual machines - If you can't connect using Azure Arc, use Extended Security Updates on non-Azure VMs, by using a Multiple Activation Key (MAK) and applying it to the relevant servers. This MAK key lets the Windows Update servers know that you can continue to receive security updates. See Access your Multiple Activation Key from the Microsoft 365 Admin Center to learn more. 1
https://learn.microsoft.com/en-us/windows-server/get-started/extended-security-updates-deploy
-
874 EsetIPBlacklist.A on Users Work From Home Computer
in ESET Endpoint Products
Posted
Is Huntress EDR software installed on this device?