Jump to content

Search the Community

Showing results for tags 'cleaning'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ESET General Forums
    • ESET Announcements
    • General Discussion
    • Forum FAQ's and Rules
    • Submit a virus, website or potential false positive sample to the ESET lab
    • Quick questions by guests (registration not required)
    • WeLiveSecurity.com
  • ESET Home User Products
    • ESET Internet Security & ESET Smart Security Premium
    • ESET NOD32 Antivirus
    • ESET Cyber Security (for Mac)
    • ESET Cyber Security Pro (for Mac)
    • ESET NOD32 Antivirus for Linux Desktop
    • ESET Products for Mobile Devices
    • Web portals
  • Malware Detection and Cleaning
    • Malware Finding and Cleaning
    • ESET Standalone Malware Removal Tools
  • ESET Business User Products
    • ESET Cloud solutions
    • ESET Endpoint Products
    • ESET Products for Windows Servers
    • ESET Products for Linux Servers
    • ESET Products for Mobile Devices
    • Remote Management
    • ESET Enterprise Inspector (EDR)
    • ESET Products for Virtualized Environments
    • Encryption
    • ESET Licensing for Business
    • Other ESET business products
  • ESET Beta Products
    • ESET Beta Products for Home Users
    • ESET Beta Products for Business Users
  • Slovak and Czech forums
    • ESET NOD32 Antivirus, ESET Internet Security a ESET Smart Security Premium
    • Produkty pre mobilné zariadenia
    • Vírusy a iné hrozby
    • Ostatné

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Interests

  1. Hi I'm looking for a way to remove some PUM.Dns infections on a customer PC. Virus Total flags it as a Win32.WisdomEyes.It seems to be uploading data at various times causing up to 100% cpu resources. Eset EndPoint does not pick it up on scan. ADW picks it up and removes some files if the pc is off line but once the pc is back on line back to square one. Any help appreciated.... Just to note customer pc is used from 6am to 10pm 7 days a week with 4 to 6 users. I have tried numerus tools to try to remove it with no success ie. Scan / removal Online - Offline etc. Registry Infections Flagged: [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD} | DhcpNameServer : 89.19.64.164 89.19.64.36 ([ireland][ireland]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD} | DhcpNameServer : 89.19.64.164 89.19.64.36 ([ireland][ireland]) -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2719048277-607677208-3562655459-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : I have a small Endpoint log that I can PM as customer personal information is prevalent.
  2. Has anyone experience this virus attaching itself through Google Docs? My daughter's school issued laptop is not picking it up but when she logged into her google account on my Mac to print her document my Anti-Virus goes off 16 times. Any idea how to clean this up off her Google document? They are a group working on these documents though. I am surprise Google doesn't have built-in virus protection maybe an opportunity there Eset. :-)
  3. Surfing (for a new door) tonight, my wife ran her 64-bit Win7 Ultimate into what's apparently a 'tech help' scam (screen shot attached). Couldn't shut the tab in Chrome so Task Manager-closed the whole browser. Upon reboot began to run NOD32, which promptly reported a blocked boot sector in the logical drive I park data in -- not drive C: but an E: I carved out of the hard drive back when. NOD32 was finding NO infections per se but a lot of corrupted files; so I shut the machine completely down. Before I turn it back on, should I load Eset's ERARemover or what? Nobody in this forum nor webwide is remarking this specific problem set. Thanks in advance for any real insight anyone can offer.
  4. Excuse me,but I need a help. I can't find any solution from google's solution and facebook pc group. My flashdrive got a trojan virus from cyber cafe which cannot be defined. I used nod32 to scan but still can't remove it. My pc got that virus because I plugged in my flashdrive. The virus named:Trojan downloader:win32 wauchos A The Problem: I use the nod32 to scan my whole pc many times,but it still show up errors. The pictures are based on the nod32 logs. I can't find the virus location nor can remove it. I used show hidden files,usbfix,avast antivirus and microsoft safety scanner,but still cant fixed it. My flashdrive has stuff but it shows up nothing on my pc.
  5. Teslacrypt 3.0 now appends .mp3 to the names of all encrypted files. Basically, it is the same virus that changes its minor features. The just-surfaced version of this ransomware comes up with its original names of the ransom notes: H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].png H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].txt H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].HTML Teslacrypt 3.0 holds data stored in a computer system for ransom. The data remains on a host machine. The virus applies a sophisticated encryption so that any application cannot read the affected files. To render files with .mp3 extension into a readable format, a victim is told to pay a certain amount. The amount is payable in bitcoins and via TOR network. The scam is an ongoing affair. The ransomware in question is but one of a number of counterparts. They differ by the encryption method applied, prevailing propagation schemes, ransom, amount. etc. Within its variety, Teslacrypt 3.0 modifications undergo continuous improvements to complicate the removal of this virus and the recovery of files with .mp3 extension. That sounds too dull for a victim. Let us consider it from another angle, though. As the ransomware requires constant approval and updating it has multiple vulnerabilities. Even if you get your data encrypted and the value of thus affected information is very high, please do not rush into paying the ransom. Most likely, a ransom-free solution for your case is available. There are plenty of data recovery tools. Some of them are tailored to handle the data encrypted for ransom. Most likely, such tools would perform a satisfactory backup. In order to restore complete access to the latest editions of the encrypted files, relevant decryption key shall apply. Once inside a computer system, the virus completes its installation. The successful installation enables the infection to scan any drive available from the affected machine. That extends to any mapped drives, including network and web-hosted sources. The detected items cover nearly any files on scanned drives. That is, the rogue applies a very broad filter. It detects files with specific extensions. The extensions include virtually any existing variants. The data detected by Teslacrypt 3.0 is modified using a sophisticated decryption technique. A private key is used and dispatched to a remote server. Victims are presented with a relevant ransom note that details the method and terms of payment and other applicable conditions. Its language may vary from case to case ranging from rather flattering to rather threatening and mocking. Indeed, unless you acquire the private key, the decryption of .mp3 files is not feasible. Fortunately, cases have been reported of releasing thousands of keys by white hat hackers and cyber police. Hopefully, that is to be the case for the ransomware in question, too. Again, as stated above, there are a number of approaches enabling sufficient backups for ransomed data. If hit by the virus, kindly apply the backup solutions rather than providing further incentives to the crooks by transferring the amount claimed. It is also important to note that a victim needs to get rid of Teslacrypt 3.0 upon completing required recovery actions. Failure to remove Teslacrypt 3.0 may entail further damages. Removal of .mp3 file extension virus disables the option of applying the decryption key.
  6. I have a server infected with a ramsomware. ESET File Security has not detected the threat. He renamed spreadsheets (.xlsx) for the .LeChiffre extension. Do you have any removal tool or recovery of files? Thanks. André L.R.Ferreira
  7. Today when I was doing something on the web, Google Chrome connected by itself to api.wipmania.com. This was totally unrelated to the sites I was using (at least I believe so). I wouldn't even have know about it, except that NOD32 showed a warning that Chrome is attempting a secure connection to that site, but with an untrusted certificate. I googled that domain and most results were about viruses. So I figured I'd gotten a virus. Also, this site says the virus (which they say accesses that domain) can control the traffic of chrome.exe. My question is, what do I do now? How do I remove this virus, if there is one? For now I'm planning to: run a full (not "smart check") NOD32 scan over the following night (maybe I should do it in safe mode?) run a check with several of the leading free scanners like Kaspersky in case NOD32 misses it get my PC to a repair shop Thanks in advance!
  8. I do not lock my web site is clean my website is www.fullextremo.com now I hope your answer is clean I do not lock my web site is clean
  9. I used the ESET SysRescue Live CD recently on a friend's computer which is having issues with someone with malicious intent spying on it and their accounts, but we have no idea how, or if the problem is even linked to malware at all. The scan came up with this one file is identified as a threat: /media/LocalDisk2/Windows/System32/MRT/3AC662F4-BBD5-4771-B2A0-164912094D5D/FilesStash/8084C12D-55D6-8FA0-7260-10BEA64DD6E4 - probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application - action selection postponed until scan completion ESET just identified the threat, but I saw no option to clean or delete it. It was a free version, not sure if there is a paid version of SysRescue and whether we need that in order to actually deal with the threat. Firstly, should the threat be removed, and secondly, how? I am not sure if it is possible to actually navigate to any particular file on the computer and delete it in this case. Thank you for your help.
  10. I keep take notification every 25 sec about this url:hxxp:// differentia.ru/diff.php and with ip:109.206.186.164 and i don't know what to do to delete the site. my version is eset NOD32 8.1 home edition. Thank you
  11. Dear Support, I would like to know what can be done for the alert which is detecting this toolbar being installed part of the real player program, how can i control this behavior of eset alerts of shown as critical can i remotely do the deleting of this file on a case by case or set this particular program exe as unwanted and for removal list. Please advise as many users have this shown as threat , where as an admin has no control on remotely deleting this installer files. thanks shaik
  12. Dear forum, as i booted my computer today i experienced some strange behaviour while browsing any browser. Almost every page i visit is beeing blocked by eset smart security with a notification for a potential malware (JS/srcInject.B Trojan). Normally i would suspect that a single site or maybe two has problems with an ad beeng served over a third party server. But some of the sites dont display any ads at all. I suspect the infection is on my end and the trojan is trying to send me to another malicious site to download some more malware. I've already run a smart-search, nothing found.... and a malwarebytes-antimalware - scan. nothing found either. Attached you'll find a screenshot if my recent eset log and i've pasted the log from the latest hijackthis scan taken a few minutes ago below. I am currently downloading the eset sysrescue drive to my usb. If nothing helps i will reinstall my system but i would highly appreciate not having to take these steps. I hope you guys can help me here. Kind regards, Michael Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 12:46:53, on 29.02.2016 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.10586.0020) FIREFOX: 42.0 (x86 de) Boot mode: Normal Running processes: C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Michael\AppData\Local\FluxSoftware\Flux\flux.exe C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe C:\Program Files (x86)\Steam\bin\steamwebhelper.exe C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Users\Michael\Downloads\HijackThis_2.0.5.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe O4 - HKLM\..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe /autorun O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Michael\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe O4 - HKCU\..\Run: [f.lux] "C:\Users\Michael\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - Startup: CurseClientStartup.ccip O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{48c1a36e-b02b-4beb-ab55-0043769bf7aa}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - X:\Games\Smite\HiPatchService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: RadeonPro Support Service - Mr. John aka japamd - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15305 bytes
  13. ESET has been detecting and deleting the same virus from the same location every day for the last few weeks. According to the logs which I have attached, every morning on startup the virus gets deleted which means that it is being reinstalled every 24 hours. I have run a bootable bitdefender disk a few days ago but it did not succeed in killing this particular virus. Any responses are appreciated Thanks, Dan
  14. Hi, so I was going to upload some files from my pendrive to my computer when It begins to "detect malware". I selected a file in order to upload it, and it was deleted, along with all the other files. I looked in the recycle bin and they were not there. My file history was not turned on, so a copy of those files on my pen drive were not saved. I don't know what else to do! Please help.
  15. Inserted older 2Gb flashdrive (generic?) into Toshiba Satelitte L500 laptop running Windows 7 ESET (Smart Security 4 All-in-one Internet Security PC Download Version) scan started at 6:29 PM Then screen went black - user quickly removed flashdrive in fear of bug in system Messages displayed: "Waiting for background programs to close: Line across screen "Closing programs and shutting down" CANCEL button - when selected nothing changed/happend Lower RHS desktop time / clock displays 6:33 PM - even though several hours have now passed. Internet was not being used at the time - although regular updates are applied to software (ie MS OS, Eset) whenever we go on the internet. We have never had anything like this happen before - would appreciate advice / suggestions - not sure whether to do forced shut down / hold down power button on laptop. (Sending this from PC)
  16. I use veracrypt to decrypt my truecrypt drives. Yesterday, I ran veracrypt, and the dialog/box that came up was fully (99%) in some arabic scrollwork...NOT English so, I thought, after closing and reopening with same results, maybe I could 'remove' or 'uninstall' the program, then re-install? Right? Wrong...the uninstaller was in Arabic Not English either...so I didn't know what buttons to push on the dialog box... finally, I used the uninstall without tracing log feature, (Revo Uninstaller Pro) and it has been uninstalled...I have yet to download and re-install Veracrypt...but if this happened once...won't it happen again?... Q: Wow...this is a powerful way to destroy data in my system...how did this 'hack' or corruption take place with ESET running??? Please explain to me this. Thanks
  17. Hello. My name is Stanley and I am the developer of Polarity Browser. A couple of my users have informed me that Polarity is being detected as a false positive by ESET. According to my scans on VirusTotal, it is currently detected as a "variant of MSIL/Packed.Confuser.J suspicious". Polarity is indeed compressed and obfuscated to protect it from theft. VirusTotal results: https://www.virustotal.com/en/file/2655c02f1b29872f55572847cc97064888a41aa97718f40d3fe49b1630400ceb/analysis/1440980966 I hope you guys understand and reevaluate this program. It really does mean a lot to me as a solo developer. Thank you for your consideration, Stanley
  18. Dear ESET, We have a situation where ESET Endpoint AV could detect a malware but failed to quarantine or remove the Win32/Filecoder.EM.Trojan. Based on ESET URL hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2372, There is no malware removal tools for Win32/Filecoder.EM.Trojan. We have run full scan and do the necessary to delete the infected machine with ESET Endpoint Antivirus however, the malware still unable to get clean. Please refer below image for your reference. For your information too we have been submitted the file for ESET analysis. The scan was done under IN-Depth scan profile yet ESET not able to removed it. Ive attached a file for you to view and hope it help you on your investigation. Hope you could comeback with good findings. Thanks, Aswath k
  19. Hello! I have a problem with my professor Computers, affected by “LNK/Agent.BO Trojan” that spreading by USB disks. The Eset NOD32 Antivirus installed on my own computer already has identified and deletes it. But I can’t install the Eset antivirus on my Prof. computer for some reason. Therefore, I found a way to clean the USB disks by DOS command line but I need to clean up the Computer manually. I should also mention that his MacAfee antivirus database contains the virus but does not work because the virus operation. I would greatly appreciate it if you show me a procedure to eliminate that virus manually. Thank you very much for your assistance Yours faithfully Armin Ray
  20. Operating system = Windows 7 home and Eset Smart security 8 I get this Trojan warning: Win32/Fynloski.AM RegSvcs.exe(4004) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(4004) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3456) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3456) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3456) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3504) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3504) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3380) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3380) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3612) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3612) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3244) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3244) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(5792) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(5792) een variant van Win32/Fynloski.AM trojaans paard opgeschoond - bevatte geïnfecteerde bestanden RegSvcs.exe(5432) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(5432) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(5432) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(5432) een variant van Win32/Fynloski.AM trojaans paard opgeschoond - bevatte geïnfecteerde bestanden RegSvcs.exe(3500) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3500) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3496) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3496) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3536) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3536) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(1540) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(1540) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3792) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3792) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3676) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3676) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderen RegSvcs.exe(3676) een variant van Win32/Fynloski.AM trojaans paard opgeschoond door te verwijderenThe list in log file keeps going on and on. Everytime I open the computer I get two warnings and it removes the "Trojan"" but the warnings keep comming back. I tryed Mailwarebites and hitman pro. I even tryed Bitdevender Boot CD but no trojan''s been found. Please help me.
  21. Merhaba (Hi), ESET virus was not detected. maybe you want to add to the database, I share with you the file link. I want to help you. It's worth adding to your database. I help you, eset virüs database + Many people have a difficult time remaining Many people have a difficult time remaining. Many people have a difficult time remaining Virüs: Dosyalarım.exe link: hxxp:// www18.zippyshare.com/v/amEh6ikY/file.html thanx, I help you I help you It's worth adding to your database It's worth adding to your database It's worth adding to your database It's worth adding to your database
  22. I got 2 recent HP PCs in Win7 64 bits with NOD32 v8 running with the most restrictive settings, our payement software detected the presence of a version of dridex/dryer not seen by nod32 : how is it possible to get rid of it ?
  23. Hi every one. Having a hell of a time trying to remove TOP8844 from my desktop. I have Nod32 installed but it is not capable of removing this pest.. Does some one knows a tool to remove it? Having searched hi and low the Internet e nothing seams to solve it.. Best regard fro Brazil
  24. Hi, Upon loading my website is showing Threat: HTML/ScrInject.B.Gen virus and the site is put in quarantine, blocking access to it. I've cleaned the files, installed Sitelock, used other tools to find any bad code, and asked my host (hostgator) to scan and remove any suspicious or infected files from my wordpress installation, which they did. However the site is still apperantly hacked with an inject. Database was also checked. Could it be a false positive? If so, why? Can you provide more information on the line of code that the software picks up and deems a threat? That would be very helpful in cleaning the supposedly 'bad files'. Any help at all would be appreciated. The site is winatbinaryoptions dot com. Thanks
  25. Hi, I have noticed a blockage trying to visit a multi media installer website the other day. Checking on eset cyber security pro, I found this virus quarantined 3 times. Here is the log content 21/03/14 17:12:50 HTTP filter archive hxxp:// www.connectmult imedia.com.au JS/Agent.NKW trojan connection terminated - quarantined 747john 21/03/14 17:11:51 HTTP filter archive hxxp:// www.connectmultimedia.c om.au JS/Agent.NKW trojan connection terminated - quarantined 747john 21/03/14 17:11:16 HTTP filter archive hxxp:// www.connectmultimedia.co.au/hom e-page JS/Agent.NKW trojan connection terminated - quarantined 747john I am doing a smart scan now, if negative, can I suppose it didn't spread into my computers, all Mac Mavericks V.10.9.3, all protected by Eset CP 6.0.9.1 Any information about this threat would be welcome, thanks, John
×
×
  • Create New...