Jump to content

Search the Community

Showing results for tags 'powershell'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ESET General Forums
    • ESET Announcements
    • General Discussion
    • Forum FAQ's and Rules
    • Submit a virus, website or potential false positive sample to the ESET lab
    • Quick questions by guests (registration not required)
    • WeLiveSecurity.com
  • ESET Home User Products
    • ESET Internet Security & ESET Smart Security Premium
    • ESET NOD32 Antivirus
    • ESET Cyber Security (for Mac)
    • ESET Cyber Security Pro (for Mac)
    • ESET NOD32 Antivirus for Linux Desktop
    • ESET Products for Mobile Devices
    • Web portals
  • Malware Detection and Cleaning
    • Malware Finding and Cleaning
    • ESET Standalone Malware Removal Tools
  • ESET Business User Products
    • ESET Cloud solutions
    • ESET Endpoint Products
    • ESET Products for Windows Servers
    • ESET Products for Linux Servers
    • ESET Products for Mobile Devices
    • Remote Management
    • ESET Enterprise Inspector (EDR)
    • ESET Products for Virtualized Environments
    • Encryption
    • ESET Licensing for Business
    • Other ESET business products
  • ESET Beta Products
    • ESET Beta Products for Home Users
    • ESET Beta Products for Business Users
  • Slovak and Czech forums
    • ESET NOD32 Antivirus, ESET Internet Security a ESET Smart Security Premium
    • Produkty pre mobilné zariadenia
    • Vírusy a iné hrozby
    • Ostatné

Categories

  • Files
    • Early Access
    • EES / EEA 9 BETA
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Interests

Found 2 results

  1. We need some help removing the same powershell infection that that has been reported last year where the CPU runs at 100%. We have followed the instructions provided by JamesR with no success. Article here: https://forum.eset.com/topic/14821-malicious-powershell-script-wmi-for-persistance/ The WMILister_30.vbs does find and remove some entries but they keep coming back. Powershell 99%. Attached are the ESET Log Collector logs from the log collector as well as the logs from the WMILister_30.vbs Please assist! ELC_logs.zip WMILister_30 logs.zip
  2. Hello guys, We've a new customer that moved from Hauri to ESET Secure Business. They're installing EES in 180 computers and there're at least 4 PCs that are infected by Win64/Agent.IV malware that persist upon restart. The problem is that on demand scan shows computers as clean however upon restart ESET warns again about the same malware and so on. I think it's a file less infection. PowerShell process is always in RAM and in firewall log we can see there're a lot of SMB/EternalBlue detections coming from private and public IPs. There're also some Win32/Emotet and PowerShell/Agent detections in some computers. What we tried so far: -Two or more on demand analysis of computers without success. -Installation of all Microsoft patchs including the one mentioned in the article httpsx://support.eset.com/kb6481/. -Anti-Ransomware politics applied using HIPS though ERA. I think we need @JamesR expertise. All ELC files can be downloaded from here: httpsx://we.tl/S5mP6afOQY Thank you all.
×
×
  • Create New...