Aryeh Goretsky

ESET Moderators
  • Content count

    587
  • Joined

  • Last visited

  • Days Won

    31

Aryeh Goretsky last won the day on January 4

Aryeh Goretsky had the most liked content!

About Aryeh Goretsky

  • Rank
    N/A

Contact Methods

  • Website URL
    http://www.eset.com/

Profile Information

  • Gender
    Male

Recent Profile Visitors

752 profile views
  1. Hello, We do not have anything in beta test at the moment, as we just shipped V10 of our home user programs, and V6.5 of the programs for businesses. Public beta test cycles for new programs will start up later in the year. For more information, including a signup form, visit https://beta.eset.com/. Regards, Aryeh Goretsky
  2. Hello, ESET's name for this threat actor is Sednit, and has released extensive reports on their activities over the past three years or so. Here are some of the articles: Sednit: A very digested read [2016-11-11] En Route with Sednit: Full Whitepaper [2016-10-27] En route with Sednit - Part 2: Observing the Comings and Goings [2016-10-25] Lifting the lid on Sednit: A closer look at the software it uses [2016-10-25] New ESET research paper puts Sednit under the microscope [2016-10-20] Sednit APT Group Meets Hacking Team [2015-07-10] Sednit Espionage Group Attacking Air-Gapped Networks [2014-11-11] Sednit espionage group now using custom exploit kit [2014-10-08] Back in BlackEnergy*: 2014 Targeted Attacks in Ukraine and Poland [2014-09-22] Miniduke still duking it out [2014-05-20] And here is a very partial listing from ESET's threat encyclopedia entries: Win32/SandaEva Win32/Sednit Win32/USBStealer Win32/Exploit.CVE-2014-1761 And here are some direct links to white papers mentioned in the above: En Route with Sednit - Part 1: Approaching the target [PDF] En Route with Sednit - Part 2: Observing the Comings and Goings [PDF] En Route with Sednit - Part 3: A Mysterious Downloader [PDF] En Route with Sednit: Full Whitepaper [PDF] (combines the three preceding reports into one ~140 page report) And here are some related links with additional IoCs and related research from ESET's GitHub account: ESET | Malware-IoC | Sednit Indicators of Compromise ESET | Malware-Research | Miniduke It would appear that some of the information in the GRIZZLY STEPPE report may have been borrowed from ESET's research, although it is hard to say since no security companies were mentioned in it. As a reminder, ESET identifies this threat actor as the Sednit group. ESET makes no claim as to their affiliation (or lack thereof) with any government, as attribution is a matter for governments and outside the scope of ESET's mission. Regards, Aryeh Goretsky
  3. Hello, If you can give ESET's office a call at +1 (866) 343-3738 during business hours, a customer service rep should be able to give you information on the license's history. Regards, Aryeh Goretsky
  4. Hello, You can use the form at https://www.eset.com/us/support/lost-license/ to retrieve your license key. Regards, Aryeh Goretsky
  5. Hello, This can occur if you run third-party programs which offer to clean up the system, optimize it, remove un-needed files, etc. As it turns out, they can break things by removing files your system needs, like uninstaller for the older version of ESET Smart Security that was on your system. You can run the ESET Uninstall Tool to manually remove the old version of ESET Smart Security. When it is finished, go ahead and reboot and install the current version. The tool and instructions can be downloaded from http://support.eset.com/kb2289/?locale=en_US. Regards, Aryeh Goretsky
  6. Hello, This sounds like it might be a USB autorun worm of some kind that is modifying HTML and JS files on your system in order to include a link to a network-based copy of itself. If your copy of ESET's software didn't detect it, you may wish to send some copy of the infected file, as well as a few modified files to the virus per the instructions in ESET Knowledgebase Article #141, "How to submit a virus, website or potential false positive sample to ESET's lab." Regards, Aryeh Goretsky
  7. Hello, This occurs when notification level for Windows Updates in your copy of ESET NOD32 Antivirus is set to Optional Updates, correct? Various hardware manufacturers (motherboard, network card/PHY, modem, sound card, video card, etc.) have been submitting updated versions of their device drivers to Microsoft’s Update Catalog as soon as they complete WHCK testing and get their WHQL certification. This is something Microsoft has been requesting those manufacturers do for a while, because it ensures that computers will always get the latest device drivers available when they do their checks for Windows updates. Basically, it’s similar to what Microsoft’s doing with Windows 10, where it wants all computers to have the latest Windows version installed. In this case, though, it's not just patches and updates from Microsoft, but device drivers from third-parties as well. Some manufacturers, like Intel, update their drivers more frequently in the Microsoft Update Catalog than they do for the device drivers they release to the public for download from their support web sites. Of course, there are manufacturers who do the opposite as well, releasing device drivers to the public as they become available but only uploading them to Windows Update Catalog once a year (or maybe even just once at all), like Creative Labs. Both approaches have their pro's and cons, but it can get a little messy sometimes if version checks don't work well, or if a new device driver gets installed which only has partial support for older hardware. Anyways, ESET's check for missing updates does a system call that pulls data about the update status from the Windows Update Catalog, which is why these are showing up in the ESET user interface. The problem with doing this via a system call, though, is that while that device drivers are published to the Windows Update Catalog, they won’t always show up as packages published or released for download via Windows Update (the program you run under Windows). They can still get installed, but you have to do so manually through the Device Manager, which does get its driver updates though the catalog. Here’s how to do that, step-by-step: Open Device Manager (filename: DEVMGMT.MSC). Select View | Show Hidden Devices from the menu bar at the top. Navigate through each tree of items until you find the respective listings for each device. The Intel Watchdog Timer will be under System Devices as "Motherboard resources" and the Samsung hardware may be under Network Adapters or Universal Serial Bus Controllers. When you come to one of the devices, right-click on it, and select Update Driver Software from the context menu which pops up. This will cause Device Manager to request the updated drivers directly from the Windows Catalog of drivers, bypassing the Windows Update universal app. When all is finished and down, you'll have the latest drivers installed. In some cases, a reboot may be required to allow the newer driver to load. By the way, unlike previous versions of Windows, where you could launch Windows Update by creating a shortcut to run WUAPP.EXE, Windows 10 no longer includes that program since it's now a part of the Preferences universal app. You can create a shortcut to launch Windows Update, though, by creating a shortcut with a target of ms-settings:windowsupdate (which, for some reason, is case-sensitive) or if that doesn't work, by using a target of CONTROL.EXE /name Microsoft.WindowsUpdate (which is not case-sensitive, as far as I can tell). Regards, Aryeh Goretsky
  8. Hello, As part of our ongoing desire to provide you with the best and most secure experience possible, on December 15, 2016, the ESET Security Forum will be upgrading to a new version of its forum software. This change will largely be transparent for most users, and should have no impact on your ability to log in, search for answers, or ask questions. A couple of changes, however, may affect some users: Usernames will no longer be shown on messages. Only the Display Name will appear. BBCode is being deprecated in favor of new HTML-based WYSIWYG editor. The Friends system is being dropped due to lack of usage. There may be some other small changes in the forum's look and feel, but these will largely be cosmetic in nature. We will be updating the forum's online help to match these new experiences. If you have any questions, please feel free to ask them, below. Regards, Aryeh Goretsky
  9. Hello, There are plans to release a new version of ESET SysRescue, however, I don't have a timeframe for when it will be available yet. Regards, Aryeh Goretsky
  10. Hello, Can you send me a private message with your username (portion of license that begins with EAV-##########), sales order number (if purchased online) or email address used when registering the software? Regards, Aryeh Goretsky
  11. Hello, The errors on the hibernation file and virtual memory paging file occur because those files are held open exclusively by the operating system kernel and cannot be accessed. The errors on the MBR likely occurred because a card reader was plugged in somewhere (could even be part of a USB printer or scanner) and its card slots were enumerated by the operating system and assigned drive letters. However, without having any kind of media plugged into them, attempting to scan them triggers a "MBR cannot be read" error, which is what is expressed in the scanning log for them. Regards, Aryeh Goretsky
  12. Hello, Are you thinking of HIPS, perhaps? Regards, Aryeh Goretsky
  13. Hello, I do not believe that anything has been announced yet publicly. That said, ESET will be at VMworld 2015 from August 30 - September 3, 2015 in San Francisco, so if there are any announcements, that is likely when they would be made. Regards, Aryeh Goretsky
  14. Hello, What brand and model of video card is being used in the computer? Regards, Aryeh Goretsky
  15. Hello, Some features of ESET's software, such as HIPS, interact with the operating system at a low level where changes to the kernel can have a detrimental effect on the performance, reliability or functionality of the software. As such, these features have to have their compatibility verified with each build of Windows and any necessary changes made and verified as working internally before ESET would even consider releasing them into the pre-release channel of updates for the software. The state of Wndows 10's kernel is somewhat in flux as Microsoft is still in the process of building the operating system, so ESET's support cannot be finalized for it, either. Right now, Windows kernel version-dependencies have been updated to Windows 10 Build 10041, and support for adding newer builds is ongoing. Please keep in mind, though, that Windows 10 itself is still very much under construction, so you should consider ESET's support of the operating system to be preliminary, as well. Full support will be available shortly after the operating system is available in the retail channel. By the way, in the retail channel means that you can buy computers with it pre-installed, that boxed retail copies can be purchased from store shelves, etc. That does not mean the moment it becomes available for download on MSDN, or pirated builds from dodgy sites. Now, with all of that said, ESET is really interested in your feedback on how its programs work under Windows 10, so please report any feedback you have (bugs, enhancement requests, etc.). Regards. Aryeh Goretsky