Well I have an appointment with the malware team tomorrow. I believe when I updated my Endpoint a hacker took advantage of what must have been a very narrow window have you ever discovered a script on your system but it was able to a execute because I know it ran. And the hacker was able to upload it on to my system. Now my network is flooded with what seems to eset like normal traffic but the certificates of the ssl2/tls are bogus. Eset is now not functioning 100% they either changed alott of file privages or the Management application is not fucting properly because I have a good lot of files that can no longer be scanned and cleaned by eset. I have a feeling they are encrypting my drive using be crypto and slowly making copy's of my files and replacing them I have heard about this tactic and it has on flaw it can be stopped asking as it doesn't complete.lyou can write a recursive script to replace the filing system because I know where the originals are. I just thought I would make the risk of updating can be that 30 min w/o cloud connectivity I believe all data points to that event being the start. And it went on for 3 days and I wasn't any wiser until I got the results of a virus scan the concerned me then ran sysinspector and found the script that I am guessing they were able to do that PowerShell resverse shell and was able to achieve rce then the script impersonated my identity I suspect that they used another shell to run a container and that container is encrypting my system some knows how to make illigitmate apps tick eset both by traffic and by detection. I hope that my appointment with the malware team gets a detection for this attack vector because it is highly sophisticated and could do major problems in the wild.
