d3adfish

oh i just re-read your reply it didn't actually get detected as ransomware, i believe it was unwanted application, it was when i looked up MSIL\AVBDiscsoft.a somewhere it said that that was used in ransomware attacks

wow, that's crazy. i have, and i'm sure lots of other people, have been using that program for prob 20+ years. i wonder why all of a sudden they would turn a legit program into malware. seems strange. well thanks for the info.

well thanks for the reply, after i deleted the files in the first two locations it's no longer detecting the third location so i'm guessing maybe that c:\documents and settings\me is actually the same place as c:\users\me ? and that the third detection was actually a repeat? and in settings i have "cleaning level" set to "always ask the end user" because i don't want it automatically deleting stuff that is safe, like it's done to me in the past, but yeah it would be the normal pop-up telling me it's detected a potentially unwated program but in the dialog there's no option to clean or delete. i guess at that point i would have to do a manual scan to be able to have the option to clean or delete? (sorry i can't get screen shot, i already manually deleted file)

windows 10 enterprise possible infected program: daemon tools lite possible infection: MSIL\AVBDiscsoft.a ok so i did a scan today and detection of MSIL\AVBDiscsoft.a which eset says is ransomware but the dialog box gives me no option to clean the program that is supposedly infected is Daemontools which is a program that's been around since forever and it's been a long time but i'm sure i downloaded it from the official site, but maybe i got phished? i'm not a noob, so could be false positive? idk, but to be safe i wanted to delete the files anyway. so i can find in c:\users\me\dtlite.exe which i deleted and was also detected at c:\program files\daemon tools lite\setup.dll which i deleted the other is in c:\documents and settings\me\dtlite.exe which is system folder and could only find by showing system files in windows explorer, but that directory is still inacessible. so how do i delete that one? and is it something i should be concerned with in the first place?

you may be disable one of the entries out of your "startup" folder in windows task manager i you have multiples? that may or may not show icon in taskbar anymore after doing that, but if you check your security page in windows settings or services it's actually still running. mines been doing that ever since i had to do a reinstall about a year ago but since then i've just lived with it. but it's usually not 5 min after startup, maybe 5-10 seconds

ok, just for craps and laughs i just went and checked my moms computer which i also have ESET installed on and all the folders on her PC are also marked as "read only" too which is now got me really intrigued. so i'm gonna take it that the newly added eset ransomware protection has nothing to do with it because that's what you told me earlier, but i just thought maybe you or some other users could do a quick check and see if the folders on you guys pc's are showing "read only" too??? just in case it's normal eset behavior now. thanks, J

ok that allowed me to activate defender but "controlled folder access" was already disabled. (which is their ransomware protection) so i still have every folder on my computer marked as "read only". guess i'll keep digging and update here if i figure it out.

ok so i think i may have figured it out. it may be related to a part of windows defender called "controlled folder access" but being i'm using eset i can't even get to that page to change the setting. back in the win 7 days i use to be able to go in and disable the eset service and cancel the startup program to boot w/out eset protection so maybe windows defender would kick in but now it won't let me disable the service. i've gone into advanced settings and disabled "protected service" and "self defense" and rebooted but i still can't disable the eset service. is there any way to do that without uninstalling?

yes, i can open them fine, i was wondering if it's ransomware >protection< that is making them read only? like as a way to protect them? i was just googling what would make files read only and not be able to revert to non-read only and it said it could be a/v or ransomeware protection thats making them like that. and i thought seeing something about them adding some type of ransomware protection in the latest version of eset so that may be the cause? never had this issue before. so basically my whole hard drive now is read only and can't be changed. edit: i haven't tried messing with it with eset disabled yet but maybe i should try that? edit 2: my OS and programs are on a seperate SSD and i just checked and they are all marked "read only" too. so something weird is def going on.

so i have a pretty big music collection that i keep on a traditional hard drive. normally everything works as usual. well a recent folder that i've added for some reason when i try to open it it takes forever while it's populating all the track titles, artist, etc. seemed weird because normally it they open relatively fast. so i did a couple defrags, still doiing it. so i was digging and come to find out, under properties, like everything on that hard drive is "read only" now. so i tried unchecking it, apply, ok, over and over on different folders and it sometimes it acts like it's doing something then i check it and it's still read only. searched for causes and one of them is it could be a from ransomware protection or some other form of A/V so that's why i'm here wondering if ESET has anything to do with it or knows why that's started happening. thanks, J

so i came across this video today saying malicious websites are loading what looks like trusted and signed windows update files on peoples computers but was actually self executing ransomware, and that it was slipping past malware detection on some computers. just wanted to make you guys aware of it. also wondering if for some reason a computer started running the "malicious update"/encryption, would the best thing to do to unplug the machine or hold down power button?

what about the "system startup file check" that's in "scheduler"? i have that unchecked. i know that improves boot times. is that really needed after you have run a full scan?