Jump to content

Search the Community

Showing results for tags 'adware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • ESET General Forums
    • ESET Announcements
    • General Discussion
    • Forum FAQ's and Rules
    • Submit a virus, website or potential false positive sample to the ESET lab
    • Quick questions by guests (registration not required)
    • WeLiveSecurity.com
  • ESET Home User Products
    • ESET Internet Security & ESET Smart Security Premium
    • ESET NOD32 Antivirus
    • ESET Cyber Security (for Mac)
    • ESET Cyber Security Pro (for Mac)
    • ESET NOD32 Antivirus for Linux Desktop
    • ESET Products for Mobile Devices
    • Web portals
  • Malware Detection and Cleaning
    • Malware Finding and Cleaning
    • ESET Standalone Malware Removal Tools
  • ESET Business User Products
    • Customer Research Opportunity
    • Gartner Peer Insights review invitation
    • ESET Cloud solutions
    • ESET Endpoint Products
    • ESET Products for Windows Servers
    • ESET Products for Linux Servers
    • ESET Products for Mobile Devices
    • Remote Management
    • ESET INSPECT (Detection and Response)
    • ESET Products for Virtualized Environments
    • Encryption
    • ESET Licensing for Business
    • Other ESET business products
  • ESET Beta Products
    • ESET Beta Products for Home Users
    • ESET Beta Products for Business Users
  • Slovak and Czech forums
    • ESET NOD32 Antivirus, ESET Internet Security a ESET Smart Security Premium
    • Produkty pre mobilné zariadenia
    • Vírusy a iné hrozby
    • Ostatné


  • Files
    • Early Access
    • Miscellaneous
    • Outlook plugin BETA
  • ESET Cyber Security 7 BETA
  • ESET Bridge BETA

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






User type

Found 12 results

  1. Dears, I am always getting this notification. Tried scanning and removing items using adwcleaner, it cleans but when i restarts its the same situation. ESET couldn't find any threats so far. I am using ESET Endpoint security solution in my entity. Requesting your support. Thanks and Regards, Clinton
  2. How Can i fix pop up coming up every 10-15 minutes asking "How do you want to open this type of link (http)?" Then if i select google chrome it redirects me to random ad website. I tried Eset endpoint, Trojan, Kasperski and Malwarebytes antiviruses but they can't detect any malware. Please help me this is the most annoying thing i have ever seen. EDIT: I also tried setting default applications and attaching file type to google chrome but it didn't work. I asked about this problem on microsoft forum too, but sadly they couldn't give me helpful answer...
  3. Hello, I have been having an annoyance with a popup recently to a website called "aftomedia". I've tried scanning multiple times and I've tried downloading malwarebytes to find it to no avail. The urls are always a little different, here are two examples: (I don't know how the website works so ill remove the protocol and the period before com) yvr.aftomedia com/afm/mF3fGd?site=imgur.com&crid=842&sourceid=adtech&xwsid=9432-194735&auction_price=0.148&lat=0.0&lon=0.0&udid=&cb=6822955 yvr.aftomedia.com/afm/mF3fGd?site=imgur.com&crid=842&sourceid=adtech&xwsid=9432-194735&auction_price=0.148&lat=0.0&lon=0.0&udid=&cb=31093671 But the IP remains the same I saw there was a post on here where someone was given a specialized removal software from the IP and I hope someone has one here. Please help me figure out how to remove this adware
  4. Hi I'm looking for a way to remove some PUM.Dns infections on a customer PC. Virus Total flags it as a Win32.WisdomEyes.It seems to be uploading data at various times causing up to 100% cpu resources. Eset EndPoint does not pick it up on scan. ADW picks it up and removes some files if the pc is off line but once the pc is back on line back to square one. Any help appreciated.... Just to note customer pc is used from 6am to 10pm 7 days a week with 4 to 6 users. I have tried numerus tools to try to remove it with no success ie. Scan / removal Online - Offline etc. Registry Infections Flagged: [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD} | DhcpNameServer : ([ireland][ireland]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD} | DhcpNameServer : ([ireland][ireland]) -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2719048277-607677208-3562655459-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : I have a small Endpoint log that I can PM as customer personal information is prevalent.
  5. I have tried scanning with Avira, ESET Smart Security, ESET Online Scanner, Malwarebytes, Hitman Pro, ADWCleaner and Windows Defender. I have tried posting on other forums but I usually get no answer. It affects all browsers on my PC, including the steam store, and in-game steam browser. Lots of guides suggest checking the extensions and unwanted programs. I don't find anything in there. Hitman Pro finds tracing cookies and ADWCleaner sometimes fix registries, but it doesn't get removed. I have changed my DNS settings on my router and it's still here. Any help?
  6. Surfing (for a new door) tonight, my wife ran her 64-bit Win7 Ultimate into what's apparently a 'tech help' scam (screen shot attached). Couldn't shut the tab in Chrome so Task Manager-closed the whole browser. Upon reboot began to run NOD32, which promptly reported a blocked boot sector in the logical drive I park data in -- not drive C: but an E: I carved out of the hard drive back when. NOD32 was finding NO infections per se but a lot of corrupted files; so I shut the machine completely down. Before I turn it back on, should I load Eset's ERARemover or what? Nobody in this forum nor webwide is remarking this specific problem set. Thanks in advance for any real insight anyone can offer.
  7. Given ESET has helped me out in the past with virus removal tools I thought I'd post here first . 10 days ago I installed software from vttp://stereomixplus.com (replace v with h) to allow streaming my own internal PC audio online. After a few minutes I started noticing multiple background chrome processes making 200+ connections to different IPs. Initially hoping it was just an infection confined to Chrome I uninstalled, but then noticed exactly the same thing with background internet explorer processes in Kaspersky network monitor, so I blocked all connections, did numerous scans with various anti adware and malware scanners, and with Adwcleaner discovered numerous leftovers from Lavasoft Web Companion so I initially put it down to this. However, after a few days I unblocked internet explorer in Kaspersky, but required permission, I was then alerted when an encrypted connection was attempted to be made to vast.ssp.optimatic.com, so I blocked that and then checked Kaspersky Network Monitor. Again, there were 200+ connections to different ips in a background Internet Explorer process, so I blocked all net access, and blocked internet explorer again in Kaspersky settings. However, I then looked at process explorer, and I could see the 2nd highest cpu usage was by interstatnogui.exe located at C:\Users\YOURUSERNAME\AppData\Roaming\Interstatnogui , and it turns out this file was installed as I installed the Stereo_Mix_Plus_Setup.exe Looking at the strings of the exe in process explorer (attached as txt), I found quite a bit of data that links it to other malware, including the Weatherman trojan by the fact the programmer has put his user account name Ozrenko , the use of the Interstat theme, weather data in the strings, links to vttp://interstat.eu (replace v with h) classified as a malicious site by numerous providers: https://www.virustotal.com/en/url/826307362cf601012c703e9510275310a2876fd55505b6618656d8732f0c7d02/analysis/ I summed most of this up, with virustotal and reasoncore links on tenforums in this post hxxp://www.tenforums.com/antivirus-firewalls-system-security/63767-hundreds-hidden-chrome-now-ie-processes-after-installing-software-3.html#post820218 All the exes I think are variants inetstat.exe interstat.exe speedtray.exe isup.exe UserMon.exe inter_weather_v320.exe interstat.exe gpupd55f74af50.exe inter_weather2.exe softwebbar.exe sftwbbr_v333.exe NetworkMonitor.exe BandwidthMon.exe bandwidthstat.exe speedmon.exe inter_bandwidth_v339.exe interstatnogui.exe - Copy.txt
  8. Dear Support, I would like to know what can be done for the alert which is detecting this toolbar being installed part of the real player program, how can i control this behavior of eset alerts of shown as critical can i remotely do the deleting of this file on a case by case or set this particular program exe as unwanted and for removal list. Please advise as many users have this shown as threat , where as an admin has no control on remotely deleting this installer files. thanks shaik
  9. Hi, I'm one the fans of eset products and using eset internet security for many years without any problems but about a few days ago i start to see some adds around website i open in all browsers , taking too much cpu and ram and bandwidth usage in the first i thought maybe it`s on websites but then i figure it out it`s kind of malware or even virus that now take all over my phones , mobile , labtops after i do full scan with Eset and not found any virus or malware i try to install many antivirus and antispam and they have the same result only malwarebytes detect something related to it and just delete it and block the connection to it , but seems this anti malware can not remove it completely cause every site i opened the block notification comes popup everytime the IP and port is different I try many ways when i search around internet to remove this ( clear cache all browsers , set dns on automatic , try to locate and uninstall it ) nothing work and this addware back after a few hours or restarts please take a look and find a way to protect your fans ...
  10. Dear Sirs, We are the owners of the community and web site hxxp://www.freedownloadmanager.org/. We've recently analyzed the download link of our own FDM client (fdminst-cust.exe) by Virus Total and found out that your ESET-NOD32 online Antivirus has detected it as Malicious, when all other other Antivirus systems (such as Mcafee, Virus Total, Dr. Web, etc.) didn't find any suspicious content there. We hereby would like to confirm that it is 100% clean. Please would you consider this report at https://www.virustotal.com/en/file/aba50b4c8f25a3010ed612a3c41829154ed55d4f6416bebdce9bd6d887e67423/analysis/ and explain us the reasons of such marking our link by your system? Could you please recheck this problem and remove this misleading and shaking our reputation report from the your Antivirus? We look forward to your reply. Yours faithfully, FDM Team support@freedownloadmanager.org
  11. Hello, I did some research on the file GuardMailRu.exe and in this site (respecively: habrahabr.ru/post/149636/ ) it says that it adds a toolbar to IE, Firefox and Opera browsers, which I can confirm since 1 account on this machine (respectively the one that installed something that I'm unaware of which also installed the toolbar) has the toolbar on IE, Firefox and Opera. I hope that you can inspect these files and possibly find a solution. P.S. The file runs on the System privilege level and when i tried to terminate the program it executed (approx.) 3000 more executables with the same filename. I sent an archive with these files for inspection. The installation folder consisted of these branches. CASE SENSITIVE Mail.ru-----Guard-------GuardMailRu.exe | |__GuardMailRu.dll Sputnik |____mailrusputnik.exe |____MailRuSputnik.dll |____SputnikFlashPlayer.exe For some reason it doesn't allow me to upload the files, but I sent them for inspection.
  12. Hi ESET, I have been forced to re write this post as my previous post was closed before I had the chance to answer, also the post I made around 20 minutes ago was also deleted. " The software in question is not detected as malware (ie. virus, trojan, etc.) but as a potentially unwanted application (PUA). The software was analyzed in ESET's malware research lab and was found to meet criteria for PUA detection. Detection of PUA is fully optional, and it's up to the user if they want to opt for detection or not. Even with PUA detection enabled, the user can exclude the application from scanning so that it's not detected. Having said that, we'll draw this thread to a close." As mentioned by Marcos It is detected as a PUA now if you do a scan on virustotal for any of sites, including our homepage you will find that only ESET blocks this with the term "Malware site" ESET has also blocked our IP so nobody who has purchased our software can use it. This is a very urgent matter as we are getting hundreds of emails from our paying customers wanting to use the software. I would also like to ask is there any reason that we are receiving a different treatment to anyone else? What I mean by this statement is when ever we open a post it is closed with an answer that doesn't allow me to respond, and I noticed this doesn't happen to anyone else. I also noticed that when I posted in another topic, I was told to stop stealing threads, which can be seen here. https://forum.eset.com/topic/271-my-website-is-blocked-by-smart-security/#entry1051 I then took a look at a thread posted earlier this month, and noticed people were getting serious answers and not being told to stop "hijacking threads" but got actual answers from ESET moderators. The example can be seen in the link below. https://forum.eset.com/topic/250-eset-has-blocked-my-site-what-to-do/ All I am trying to get done is for ESET to remove the IP block on its servers and actually block individual sites that they have a problem with (if there are any we will get them fixed straight away) I pleed with ESET to provide any assistance with this and to provide any information that can assist us in fixing the issue. We have sent over 50 emails to samples@eset.com and I know there is no response but they are for URLs that are clearly safe such as our home page, buy page, etc. This can be seen on virustotals scan. You will see that only ESET has us blocked on more than 15 links. I hope we can get this fixed ASAP and thank you for taking the time to respond to my post. I would also like to apologize to the ESET moderators for any confusion or anything that WhiteSmoke has done to create such any form of "hate" by them. Once again, thank you, WhiteSmoke Inc.
  • Create New...