itman

You can also use the Eset offline installation method to install NOD32 as noted here: https://support.eset.com/kb2885/?pmv=print&locale=hu_HU&viewlocale=en_US . Note: you want to download ver. 12.0.31 which is the most current ver..

Refer to this for possible solutions: https://support.eset.com/kb2955/ . Reply back if you are still having installation issues.

My best guess is NOD32 was not completely uninstalled and remnants of it still exist. As noted in the Eset Knowledgebase article on the installer, it is sometimes necessary to run it multiple times. It may also be necessary to manually uninstall any existing Eset drivers if they exist in Windows device manager : https://support.eset.com/kb2289/?locale=en_US&viewlocale=en_US

If the ransomware is indeed GrandCrab 5.1, you can download the Bitdefender decrypter here: https://www.bleepingcomputer.com/news/security/gandcrab-decrypter-available-for-v51-new-52-variant-already-out/ Also more info on how to use the tool is here: https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/ . It appears they haven't updated the site yet to show details on the suffix/s used by the 5.1 version.

If you need further inducement to apply the above SMBv1 mentioned patch, here's another one attacking Italian concerns: https://blog.trendmicro.com/trendlabs-security-intelligence/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability/

Do you have issues with other software updating? How about Win Updates - do they download and install within a reasonable amount of time?

What I am wondering is if for some strange reason on this device, Eset has gotten stuck in a never ending update loop. Perhaps caused by updates running at default scheduled times but prior updates still in progress; or Eset detects they are but in reality are not? What might be worth a shot is to temporarily disable all updating as shown in the Eset Knowledgebase article: https://support.eset.com/kb2767/ . Reboot the device. Then verify if the product updating activity has stopped. If the product updating activity has ceased, then reenable the previous disabled settings and verify that Eset is now updating as scheduled and without issue. If after reboot the product updating activity is still active, let the device run for a while to complete any current activity in process. Once that stops, then reenable the previous disabled settings and verify that Eset is now updating as scheduled and without issue.

Or, just post a screen shot with the Eset alert shown. Do you use Chrome as your browser?

Again as previously explained, its a scam e-mail. Everything stated in the e-mail is untrue. Sometimes a bit of deductive logic goes a long way in these situations. If the e-mail author had all the capability he states, your PC would already have had all its files encrypted and you would be greeted with the typical ransomware desktop screen at boot time. BTW - you should not be opening e-mails from unknown/untrusted sources unless you previously verified that the sender was legitimate.

FYI - MSRT is downloaded and run with each Win Update monthly cumulative update as noted in the link reference posted below. Therefore, there is no need to download it separately. It is also of dubious effectiveness: https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx As far as Microsoft Safety Scanner which is a bootable media installation, you can create a more effective like solution using the Eset "SysRescue Live" option available in the Eset GUI Tools section. Bottom line - Eset provides you with all the system security you need.

Correct. But you should verify this using Win Security Center. The below screen shot is for Win 10 1809: Correct. Although really not needed, running most non-realtime security software for a second opinion should cause no issues. For example, you could configure Windows Defender to perform "Periodic scanning." The only issue in this regard and possibly with other like security software is system resource usage. In the case of Windows Defender, it will load its engine at boot time which consumes quite a bit of memory although the engine is only used for its once a day periodic scanning.

Doubt the installation of Eset has anything to do with this browser error. The error is usually an access permissions issue associated with a directory/file on the server you are connected to. Additional causes are here: https://www.lifewire.com/403-forbidden-error-explained-2617989 . I would contact the vendor associated with survey as to possible causes and remedies.

Since you have received no response to this issue in the Malwarebytes forum where you also posted, it appears you have a malicious Chrome extension installed that is connecting to this domain. You will have to remove each extension one by one until you find the one that is performing the attempted connection. My guess it is the extension associated with the game you mentioned. You can also at your own peril and definitely not recommended, add an exclusion for scrlink.cool for malware scanning within Eset Web Access protection as shown in the below screen shot:

First, make sure your browser pop-up settings are properly configured to block or ask you permission for pop-ups to run. If you are using Chrome, refer to this article: https://support.google.com/chrome/answer/2765944?co=GENIE.Platform%3DDesktop&hl=en

BTW - scrlink.cool is also blocked in IE11:

Another thing you can do is open an admin command prompt window. Then enter "tracert scrlink.cool " as shown in the below screen shot. As shown, I see a connection to one of my ISP servers that forwards the connection to a relay server in Amsterdam. This in turn routes the connection to its final destination, customer.worldstream.nl. Of note is URLVoid does show one malware detection for customer.worldstream.nl: https://www.urlvoid.com/scan/customer.worldstream.nl/. However, it is from WOT which leads me to believe the site is OK. However, it appears this is a "hosting" server with other sub-domains associated with it; at least hundreds per Robtex. So it may be that Eset is detecting one or more of the sub-domains as malicious?

Since you are no longer using a VPN, go here: https://dnsleaktest.com/ and click on the Standard test. All the IP address shown should be associated with your ISP assuming you're using your ISP DNS servers. My ISP is AT&T and here are my results: Query round Progress... Servers found 1 ...... 6 IP Hostname ISP Country 12.121.118.19 none AT&T Services United States 12.121.118.22 none AT&T Services United States 151.164.110.241 none AT&T Internet Services United States 12.121.118.58 none AT&T Services United States 151.164.110.238 none AT&T Internet Services United States 12.121.118.51 none AT&T Services United States

Go here: https://thebestvpn.com/chrome-extension-vpn-dns-leaks/ and click on "take test here link." Report back with test result.

I don't have an answer for you. It is possible your Internet traffic is being monitored, etc.. It has happened previously in Egypt: https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country .

That IP address also resolves to customer.worldstream.nl per IPVoid and is 100% clean: http://www.ipvoid.com/ip-blacklist-check/ .

Interestingly, URLVoid scan of scrlink.cool shows the reverse DNS to customer.worldstream.nl in the Netherlands: https://www.urlvoid.com/scan/scrlink.cool/ . It is 100% clean.

Appears Chrome has an issue with Cloudflare and everything else from that matter. Per Robtex: https://www.robtex.com/dns-lookup/scrlink.cool

I would have first set the Eset firewall to its default setting of Automatic which allows all outbound connections and see if that resolved the Chrome issue. I would also delete all existing rules that apply to Chrome. -EDIT- Prior to deleting the Chrome rules, take a screen shot of all its existing rules. Those can then be reapplied one by one testing the impact of each rule to determine the rule/s preventing Chrome's start up or impacting its execution.

Eset doesn't have a detailed write up on this variant, Win64/Vools.F trojan, but does have one for an earlier variant: https://www.virusradar.com/en/Win64_Vools.B/description . It appears this malware is designed to exploit the well publicized SMBv1 vulnerability disclosed here and patched in 2017: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010

What version of Windows do you have installed? How are you trying to open the command prompt window? Via Start menu option? If you are using Win 10, enter "command" less the quote marks in the desktop lower toolbar search window. Then click on Command Prompt in the displayed window.