-
Posts
12,155 -
Joined
-
Last visited
-
Days Won
319
Everything posted by itman
-
Strange. I am not getting any alert, but Eset Web Filtering is detecting and blocking it; Time;URL;Status;Detection;Application;User;IP address;Hash 2/5/2024 9:22:22 AM;https://near.flyspecialline.com;Blocked;Internal blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;xxxxxxxx;2606:4700:3033::6815:4c11;ACC1CEC6D99C83F3D99BC4D0FEFC058D349CA731
-
I'm not receiving any Eset alerts on the web site. Also, Sucuri doesn't detect any malware.
-
Since "unfortunate souls" keep posting in the forum about a way to decrypt their files w/o using Eset to prevent the ransomware in the first place, the following might be informative. Note that this tool applies to cryptor's that perform partial file encrytion and only for a limited number of file extension types; https://www.bleepingcomputer.com/news/security/online-ransomware-decryptor-helps-recover-partially-encrypted-files/ https://www.helpnetsecurity.com/2024/01/31/free-ransomware-recovery-tool-white-phoenix-web-version/ White Phoenix web site here:https://getmyfileback.com/
-
Website blocked by JS/Agent.RJR trojan
itman replied to SamSJHeron's topic in Malware Finding and Cleaning
It's magento malware. Most likely will not manifest until web site purchase check-out activities. Sucuri will show the code signature it's detecting: https://sitecheck.sucuri.net/results/www.scientex.com.my . -
I searched the web about this and could not find anything in regards to this Microsoft change you state. Eset Browser Privacy & Security will prompt you to add its extension. I suspect this is what you observed. It appears to me you have been infected with one of browser search engine hijack malwares.
-
Website is blocked by ESET with a JS/Agent.rjr Trojan Warning
itman replied to kichus's topic in Malware Finding and Cleaning
Looks like the web site is no longer infected. Neither Sucuri or Eset detect any malware. -
Green Border
itman replied to hustlxr's topic in ESET Internet Security & ESET Smart Security Premium
Refer to the below screen shot. Assuming that Eset Safe Banking & Browsing is enabled with default settings, the green frame should appear on all supported; Chrome, Edge, and Firefox, browser web pages. -
Website is blocked by ESET with a JS/Agent.rjr Trojan Warning
itman replied to kichus's topic in Malware Finding and Cleaning
Sucuri is detecting magneto malware; namely malware.magento_shoplift.38.1. Refer to this article: https://labs.sucuri.net/signatures/sitecheck/malware-magento_shoplift-38-1/ . -
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html This CERT article lists firmware known to be vulnerable along with recommended mitigations: https://www.kb.cert.org/vuls/id/132380
-
Website is blocked by ESET with a JS/Agent.rjr Trojan Warning
itman replied to kichus's topic in Malware Finding and Cleaning
Same here using Firefox. However, Sucuri detects web site injection. It could be Eset Secure Browser mode for EIS and ESSP is blocking the code injection. It also appears to be an infected WorkPress plug-in, http://infinitumpartners.com.au/wp-content/uploads/2021/11/OTP2-Dark-overlay-60.jpg?id=3552 -
The domain is detected by 9 other security vendors besides Eset at VirusTotal: https://www.virustotal.com/gui/url/3e2debcb23564992506ed8278d6cd572be29bcd7c8d0436148600dd70f7b0858 . Most detect it as phishing.
-
First, review this: https://support.eset.com/en/kb6205-manage-auto-renew-settings-for-your-eset-licenses#disable . Are you stating you are receiving the "waiting for verification" e-mail as a result of trying to disable auto renew option via Eset eStore logon as noted in the above linked article?
-
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
Eset does now detect it as "A Variant Of MSIL/AVBDiscSoft.A Potentially Unwanted Application" per recent VT scan: https://www.virustotal.com/gui/file/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0?nocache=1 . I say now since prior scan results at VT were 7 months old with only two vendors detecting it. -
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
A fairly recent detection of MSIL\AVBDiscsoft.A at Hybrid-Analysis: https://www.hybrid-analysis.com/file-collection/651d7f7ee010e723a20317b5 with detailed analysis here: https://www.hybrid-analysis.com/sample/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0 shows the malware present in DotNetCommon64.dll. Since this is a file infector, I would say you should at least run sfc /scannow from admin command prompt window to verify no OS files have been tampered with. -
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
As far as DaemonTools goes : https://www.bleepingcomputer.com/forums/t/572079/2-mals-included-with-daemon-tools-install-file-from-disc-soft-website/ . -
Detection of possible ransomware, no option to clean
itman replied to d3adfish's topic in Malware Finding and Cleaning
It's not ransomware; https://www.fortiguard.com/encyclopedia/virus/10141333 https://www.trendmicro.com/vinfo/us/security/definition/file-infecting-viruses