Search the Community

Hello, As I know if you run eset uninstalltool in safe mode you can uninstall agent and endpoint. If a zero day ransomware reboots the pc into safe mode is there any client settings to be enabled to prevent the ransomware from uninstalling the endpoint security? https://www.zdnet.com/article/snatch-ransomware-reboots-pcs-in-windows-safe-mode-to-bypass-antivirus-apps/ Thanks, Peter

we are install eset antivirus is unable to stop virus in my computer all file corrected Mess drop by virus is below Your All Files Encrypted With High level Cryptography Algorithm If You Need Your Files You Should Pay For Decryption You Can Send 1MB File For Decryption Test To Make Sure Your Files Can Be Decrypted After 48 hour If You Dont contact us or use 3rd party applications or recovery tools Decryption fee will Be Double After Test You Will Get Decryption Tool Your ID For Decryption:V24ebEl6JQ Contact Us: RDP700@protonmail.com Screenshot is attached

Hello. I used your product NOD32 in the past, and I heard that a new version has been released recently. I am currently concerned with ransomware protection, so I am very interested in capabilities of the ransomware shield component. I don't want to lose my data to something like bad rabbit :(. So, I've decided to check if NOD32 is the product that I need. As I understand it, ransomware outbreaks happen because it takes time to add malware signatures to antivirus database, so most antivirus products have good dynamic analysis. I wanted to test how ESET deals with "unknown" ransomware. To do it, I've disabled real-time file system protection and advanced memory scanner, leaving ransomware shield enabled. After that I launched a WannaCry sample, and it successfully encrypted my test files. In my understanding, ransomware shield must have been sufficient to stop a well-known sample. What am I doing wrong? Should I enable some additional settings?

https://www.virustotal.com/#/file/1001a8c7f33185217e6e1bdbb8dba9780d475da944684fb4bf1fc04809525887/detection

hello friends my friend's computer files was encrypted. (docs, excel, spss , ...) (windows is normall) extension of file was changed to .bef5 in any folder we saw: _README_.hta file and files with chanegd name like: 3CGg7QHcMK.bef5 what he must do to decrypt his files? thnaks when _README_.hta was opend, show this page: (also attached) CERBER RANSOMWARE Instructions Can't you find the necessary files? Is the content of your files not readable? It is normal because the files' names and the data in your files have been encrypted by "Cerber Ransomware". It means your files are NOT damaged! Your files are modified only. This modification is reversible. From now it is not possible to use your files until they will be decrypted. The only way to decrypt your files safely is to buy the special decryption software "Cerber Decryptor". Any attempts to restore your files with the third-party software will be fatal for your files! You can proceed with purchasing of the decryption software at your personal page: If this page cannot be opened click here to generate a new address to your personal page. At this page you will receive the complete instructions how to buy the decryption software for restoring all your files. Also at this page you will be able to restore any one file for free to be sure "Cerber Decryptor" will help you. If your personal page is not available for a long period there is another way to open your personal page - installation and use of Tor Browser: 1. run your Internet browser (if you do not know what it is run the Internet Explorer); 2. enter or copy the address https:// www.torproject.org/download/download-easy.html.eninto the address bar of your browser and press ENTER; 3. wait for the site loading; 4. on the site you will be offered to download Tor Browser; download and run it, follow the installation instructions, wait until the installation is completed; 5. run Tor Browser; 6. connect with the button "Connect" (if you use the English version); 7. a normal Internet browser window will be opened after the initialization; 8. type or copy the address in this browser address bar; 9. press ENTER; 10. the site should be loaded; if for some reason the site is not loading wait for a moment and try again. If you have any problems during installation or use of Tor Browser, please, visit https://www.youtube.comand type request in the search bar "Install Tor Browser Windows" and you will find a lot of training videos about Tor Browser installation and use. Additional information: You will find the instructions ("*.hta") for restoring your files in any folder with your encrypted files. The instructions ("*.hta") in the folders with your encrypted files are not viruses! The instructions ("*.hta") will help you to decrypt your files. Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions. English

please help to recover my files. Files are encrypted by cerber ransomware and also changed file name with extension .96b1.. isthare any eset tool for decrypt those files....

Help Us, my computer treat virus .zepto file, how decrrypt file locked zepto. I Need Help

Hi. Will it be possible for the decoding of the new version of enigma (*.enigma)? beginning with the spread of 10 August 2016. (the previous version was transcribed.) Examples of encrypted files can add to the message.

I clicked on a link in an email saying someone in hong kong bought something off our apple account on iTunes said and to press it if it wasn't us, so stupidly did. By the way there were 2 purchases we did not make. The email contained about four lines yet the size was 1,591 kb with 455 pages found in the message source file. I had to enter the password for the account but only got a picture of the page which was not operational. I looked at the email and all the misspellings so tried to find the message source on google - eservicesuport@acountinclogin.onmicrosoft.com didn't find it. looked at location of the link I pressed - "already-inclink.com/conect.php" - didn't come up on google and no longer functioning. I searched my computer for today's date to look for evidence and found 12.4 MB folder named "eav_logs" hidden in documents with matching time. It contains folders on windows, eset, configuration and more files, e.g. metadata, info.xml, much much more There are three computers on the network and all have the same relevant HIPS log under 2000 pages. I don't know what has been done or what info they have besides apple password for iTunes. I found purchases we did not make on iTunes. I don't know if they can follow our keystrokes. i'm trying to put all computer files on external hard drive before using fixes. can I shut down computer pressing start button to avoid further problems?? can I use restore to previous date to remedy? I deleted the "eav_logs" folder and put it on a zip drive for reference and sent the email to spam server, deleted emails off computers and server but kept a copy of eml file for referenceYour Apple ID has been used to buy '' black gold ''‏‏‏.emlYour Apple ID has been used to buy '' black gold ''‏‏‏.eml. did deep scan of one computer so far and no threats found. I need to know how to proceed or where to post this or who to contact at ESET.

Just want to share interesting information: ESET releases new decryptor for TeslaCrypt ransomware hxxp://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/ How do I clean a TeslaCrypt infection using the ESET TeslaCrypt decrypter? hxxp://support.eset.com/kb6051/

I tried to post a version this question yesterday, but without success. I need to clean a TorrentLocker (Cryptolocker-like)* infection from my Windows 7 laptop. The computer was infected despite Eset antivirus running, however I realised there was a problem and shut it down before TorrentLocker had encrypted all at-risk files on the hard disk. I have since booted using ESET SysRescue and run a scan, which showed no infection, although the original zip/exe file was still on the hard disk. (I have now deleted it manually using a linux-live CD.) I have not restarted Windows since. How can I be sure that the infection is gone before I try to retrieve files from backup and go back to using the computer? Is there any way to use ESET SysRescue to check in the most recent logs on the computer (as opposed to the ESET SysRescue logs) whether anything was quarantined or deleted before the computer was shut down? Your help is appreciated. *www.staysmartonline.gov.au/alert_service/message?id=1132172&name=New+ransomware+threat+for+Australia%3A+SSO+Alert+Priority+High+#.VHP2qcnDXSw www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/ www.isightpartners.com/2014/08/analysis-torrentlocker-new-strain-malware-using-components-cryptolocker-cryptowall/

Hi Team, After several days (weeks?) of testing "ESET HIPS against CryptoLocker" I can confirm that I sure would recommend it, at least regarding the part that it does not interfere with legitimate applications. This is the resulting page when "something" (an .EXE) tries to execute itself from %AppData%: (see attached image 01) So, HIPS will ask customer for action, and also an "automatic" exception rule can be added from within alert window (as this example for some Java's module): (see attached image 02) The original rule (named "CryptoLocker") looks like this: (see attached image 03) Rule asks me whenever an EXE tries to execute. At the start, I was not sure whether subfolders will be included in rule, but this proves they are. The only "problem" is that I did not manage to create generic rule (using %AppData% variabla) – I had to enter full path. So, from my point of view – I will give this rule a go :-) Tomo

Hi all, Do we have some detailed data about this malware? Tomo

hello i get infected with the virus fbi agent how do i clean and fix my computer