Jump to content

itman

Most Valued Members
  • Posts

    12,082
  • Joined

  • Last visited

  • Days Won

    319

Kudos

  1. Upvote
    itman received kudos from Trooper in JS/Agent.RJR Trojan?   
    I can access the web site w/o any Eset alert.
  2. Upvote
    itman gave kudos to safety in I got ransomware attacked in 2016, I have the files, how to decrypt them?   
    I think the decryption of your mp3 files was correct using esetteslacryptdecryptor.exe, but there is also a second layer of encryption, and this, unfortunately, is Cryptowall 3. Judging by the first 16 bytes at the beginning of each file after decryption. (The first 16 bytes are the same for all files)
    723800F3740E5CF011BDB7F6EE44EC63

  3. Upvote
    itman received kudos from chris00002 in Long Time User but some questions please.   
    If your concern is that file names are fully displayed, enable the two File Explorer options shown in the below screen shot;

  4. Upvote
    itman received kudos from jeifabdi in Canary file   
    https://help.eset.com/glossary/en-US/canary_file.html
    Assumed here is these are "bait" files which are commonly used in anti-ransomware apps to detect ransomware encryption activities.
  5. Upvote
    itman gave kudos to Nightowl in Question about a Virus   
    I guess @Purpleroses is confused between HTTPS scanning and secure browser protection
    Browser protection helps incase something bad passed and was able to intercept your keystrokes or something like that , the secure browser will be scrambling your keystrokes , so whatever eavesdropping or logging you keys , will have it encrypted.
     
    HTTPS scanning is different , ESET will add it's own certificate into the machine then it will be able to scan the HTTPS traffic , and if a malware was sent through that HTTPS traffic , ESET will be able to pick it up , without the certificate that ESET adds , it will not be able to scan the HTTPS traffic
    I could be mistaken of what I described , correct me if I am wrong please.
  6. Upvote
    itman received kudos from angeldust in powershell/Agent.AXL trojan   
    There's an older thread in the forum on a similar PowerShell malware. In this case, a rogue sub-directory was created in C:\Windows\System32: https://forum.eset.com/topic/32653-annoying-powershellagentaew-on-each-start-need-assitence/#elControls_152733_menu .
    In any case, diagnosis will be a bit involved.
  7. Upvote
    itman received kudos from ESSPUSR in Licensing FAQ   
    Yes as long as you purchase a license for at least two devices.
    Ref.: https://support.eset.com/en/home
  8. Upvote
    itman received kudos from BLM in MSIL/Injector.WGJ   
    The problem here is by your previously posted admission, you have been infected for months with this malware. The longer the malware remains resident, the more system damage that can be done; e.g. downloading of additional malware, etc..
    I recommend you ask for malware removal assistance at one of the like sites previously posted. These sites specialize in removing entrenched multiple malware.
  9. Upvote
    itman received kudos from Vineri13 in whiskergalaxy.com   
    Yeah, Eset shows it as a PUC;

  10. Upvote
    itman received kudos from BLM in MSIL/Injector.WGJ   
    Older posting for like malware variant here: https://forum.eset.com/topic/28522-dotnet-msil-injectorvgr/ .
    In this case, malware was resident in;
    https://forum.eset.com/topic/28522-dotnet-msil-injectorvgr/?do=findComment&comment=134240
  11. Upvote
    itman gave kudos to Marcos in Windows Security Center Service unable to load instances of AntiVirusProduct from datastore.   
    You can install v17 and then:
    Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} Grant full control to you Delete the key Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} Grant full control to you Delete the key Please modify the registry with care since deleting incorrect keys or values may render the machine unbootable or cause other issues. Create a restore point first.
  12. Upvote
    itman received kudos from cofer123 in Windows Security Center Service unable to load instances of AntiVirusProduct from datastore.   
    The worst type of vulnerability is one in an AV product due to the elevated privileges it runs under. Now that this vulnerability has been publicly released, expect attackers to start actively exploiting it.
    Again, you have been advised. It's your decision if you chose to ignore it.    
  13. Upvote
    itman received kudos from kvgr in Website JS/Agent.rjr   
    Strange. I am not getting any alert, but Eset Web Filtering is detecting and blocking it;
    Time;URL;Status;Detection;Application;User;IP address;Hash
    2/5/2024 9:22:22 AM;https://near.flyspecialline.com;Blocked;Internal blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;xxxxxxxx;2606:4700:3033::6815:4c11;ACC1CEC6D99C83F3D99BC4D0FEFC058D349CA731
  14. Upvote
    itman received kudos from kvgr in Website JS/Agent.rjr   
    The problem is I could fully access the web site w/o issue. No alert and no blocked access.
    Correct. Alert now shown and web site access blocked.
  15. Upvote
    itman received kudos from hazzy in A driver cannot load on this device   
    Same issue reported here: https://forum.eset.com/topic/38541-ehdrvsys-failed-to-load/ . Appears issue was never resolved.
  16. Upvote
    itman received kudos from autobotranger in Question regarding Eset Firewall and Windows   
    It is normal EIS behavior to keep Windows Defender firewall service running. If you refer to your above Windows Defender firewall settings screen shot, you will observe the wording that Eset "manages" its usage.
  17. Upvote
    itman received kudos from d3adfish in Detection of possible ransomware, no option to clean   
    A fairly recent detection of MSIL\AVBDiscsoft.A at Hybrid-Analysis: https://www.hybrid-analysis.com/file-collection/651d7f7ee010e723a20317b5 with detailed analysis here: https://www.hybrid-analysis.com/sample/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0 shows the malware present in DotNetCommon64.dll.
    Since this is a file infector, I would say you should at least run sfc /scannow from admin command prompt window to verify no OS files have been tampered with.
  18. Upvote
    itman received kudos from d3adfish in Detection of possible ransomware, no option to clean   
    It's not ransomware;
    https://www.fortiguard.com/encyclopedia/virus/10141333
    https://www.trendmicro.com/vinfo/us/security/definition/file-infecting-viruses
  19. Upvote
    itman received kudos from d3adfish in Detection of possible ransomware, no option to clean   
    As far as DaemonTools goes : https://www.bleepingcomputer.com/forums/t/572079/2-mals-included-with-daemon-tools-install-file-from-disc-soft-website/ .
  20. Upvote
    itman gave kudos to Marcos in System startup. Powershell.exe is started by Ekrn.exe which runs continuous and uses 20%+ cpu time.   
    Just to make sure, does removing ESET with the ESET Uninstall tool in safe mode and installing the latest version from scratch make a difference? PowerShell should be run only once after installation or upgrade to install EsetContextMenu.msix.
  21. Upvote
    itman received kudos from Bezdar in Eset Internet Security - Does it check both inbound and outbound traffic?   
    The Eset firewall configured at default settings and rules only monitors inbound Internet traffic. All outbound Internet is allowed.
  22. Upvote
    itman received kudos from Davebert in Browser search text is jibberish or encrypted   
    HitmanPro Alert has a CryptoGuard feature that encrypts keystrokes. As such, this will most likely conflict with Eset's Secure browser keylogger protection which scrambles keystrokes.
  23. Upvote
    itman received kudos from igotthisone in Push Notification Service Servers Cannot be Reached...   
    Refer to below screen shot;

  24. Upvote
    itman received kudos from tommy456 in Eset Ultimate upgrade offer, and why start at 5 devices?   
    Discussed at length in this thread: https://forum.eset.com/topic/38965-eset-security-ultimate/?do=findComment&comment=176737 and others on this topic.
  25. Upvote
    itman gave kudos to User in websites archive.today / archive.is / archive.fo /archive.li / archive.md / archive.vn / archive.ph not reachable with ESET Internet Security   
    Users of Kaspersky had the same problem with these domains and they provided a solution: 
    add the domain names (archive.today / archive.is / ...) in the "Encryted Connections Examination" as "Trusted Addresses"
    See last posting in this German forum:
    https://forum.kaspersky.com/topic/probleme-mit-archiveis-oder-archiveph-35965/
    So is this not possible in EIS?
×
×
  • Create New...