itman

Strange. I am not getting any alert, but Eset Web Filtering is detecting and blocking it; Time;URL;Status;Detection;Application;User;IP address;Hash 2/5/2024 9:22:22 AM;https://near.flyspecialline.com;Blocked;Internal blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;xxxxxxxx;2606:4700:3033::6815:4c11;ACC1CEC6D99C83F3D99BC4D0FEFC058D349CA731

I'm not receiving any Eset alerts on the web site. Also, Sucuri doesn't detect any malware.

AMSI can be disabled via reg key hack: https://www.elastic.co/guide/en/security/current/modification-of-amsienable-registry-key.html

If this output received when Eset showed the AMSI not functional alert, it appears the alert is a bogus one.

The following run from admin cmd prompt window will verify if Eset AMSI is running properly;

It is normal EIS behavior to keep Windows Defender firewall service running. If you refer to your above Windows Defender firewall settings screen shot, you will observe the wording that Eset "manages" its usage.

The usual reason for this behavior is if additional anti-keylogger software such as KeyScrambler is installed on the device. This type of software will conflict with anti-keylogger protection of Secured browser feature.

Since "unfortunate souls" keep posting in the forum about a way to decrypt their files w/o using Eset to prevent the ransomware in the first place, the following might be informative. Note that this tool applies to cryptor's that perform partial file encrytion and only for a limited number of file extension types; https://www.bleepingcomputer.com/news/security/online-ransomware-decryptor-helps-recover-partially-encrypted-files/ https://www.helpnetsecurity.com/2024/01/31/free-ransomware-recovery-tool-white-phoenix-web-version/ White Phoenix web site here:https://getmyfileback.com/

Appears to me, it's related to how you are specifying your Win Downloads file. Normally, it's located in this path,C:\Users\xxxxxxxx\Downloads.

It's magento malware. Most likely will not manifest until web site purchase check-out activities. Sucuri will show the code signature it's detecting: https://sitecheck.sucuri.net/results/www.scientex.com.my .

Article on this activity here: https://www.nbcchicago.com/consumer/evite-scam-watch-what-you-click-this-holiday-season/3297616/

I searched the web about this and could not find anything in regards to this Microsoft change you state. Eset Browser Privacy & Security will prompt you to add its extension. I suspect this is what you observed. It appears to me you have been infected with one of browser search engine hijack malwares.

Looks like the web site is no longer infected. Neither Sucuri or Eset detect any malware.

No problem here on ESSP ver. 17.0.16 for on-demand in-depth scan of memory, boot/UEFI, WMI, and registry. It took 26 mins. for my Win 10 22H2 build. I didn't notice any hang activity on anything.

Refer to the below screen shot. Assuming that Eset Safe Banking & Browsing is enabled with default settings, the green frame should appear on all supported; Chrome, Edge, and Firefox, browser web pages.

Sucuri is detecting magneto malware; namely malware.magento_shoplift.38.1. Refer to this article: https://labs.sucuri.net/signatures/sitecheck/malware-magento_shoplift-38-1/ .

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html This CERT article lists firmware known to be vulnerable along with recommended mitigations: https://www.kb.cert.org/vuls/id/132380

Same here using Firefox. However, Sucuri detects web site injection. It could be Eset Secure Browser mode for EIS and ESSP is blocking the code injection. It also appears to be an infected WorkPress plug-in, http://infinitumpartners.com.au/wp-content/uploads/2021/11/OTP2-Dark-overlay-60.jpg?id=3552

The domain is detected by 9 other security vendors besides Eset at VirusTotal: https://www.virustotal.com/gui/url/3e2debcb23564992506ed8278d6cd572be29bcd7c8d0436148600dd70f7b0858 . Most detect it as phishing.

First, review this: https://support.eset.com/en/kb6205-manage-auto-renew-settings-for-your-eset-licenses#disable . Are you stating you are receiving the "waiting for verification" e-mail as a result of trying to disable auto renew option via Eset eStore logon as noted in the above linked article?

Eset does now detect it as "A Variant Of MSIL/AVBDiscSoft.A Potentially Unwanted Application" per recent VT scan: https://www.virustotal.com/gui/file/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0?nocache=1 . I say now since prior scan results at VT were 7 months old with only two vendors detecting it.

A fairly recent detection of MSIL\AVBDiscsoft.A at Hybrid-Analysis: https://www.hybrid-analysis.com/file-collection/651d7f7ee010e723a20317b5 with detailed analysis here: https://www.hybrid-analysis.com/sample/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0 shows the malware present in DotNetCommon64.dll. Since this is a file infector, I would say you should at least run sfc /scannow from admin command prompt window to verify no OS files have been tampered with.

As far as DaemonTools goes : https://www.bleepingcomputer.com/forums/t/572079/2-mals-included-with-daemon-tools-install-file-from-disc-soft-website/ .

It's not ransomware; https://www.fortiguard.com/encyclopedia/virus/10141333 https://www.trendmicro.com/vinfo/us/security/definition/file-infecting-viruses

Highly unlikely. Refer to this posting: https://superuser.com/questions/759495/can-a-windows-installation-damage-an-hdd . You can also contact the manufacturer of the laptop about the issue.