Jump to content

New User, Need help with infected files.


Recommended Posts

Hey everyone, have got a problem. i have my ESET scan my computer every night and yesterday it came up with a threat and infected files. It did not clean those files. I copied the log report and included it here. I also have gone through a couple different steps to try and clean these files to no avail. One in particular was do a scan in safe mode but i couldnt even get ESET to run in safe mode. Any help will be appreciated thank you.

Log
Scan Log
Version of virus signature database: 14894 (20170206)
Date: 2/6/2017  Time: 8:37:09 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;F:\Boot sector;C:\;F:\
Boot sector of disk C: - error opening [4]

C:\Users\xerox\AppData\Local\Temp\HYD19ED.tmp.1486414487\HTA\3rdparty\FS.dll - a variant of Win32/FusionCore.K potentially unwanted application - action selection postponed until scan completion

Number of scanned objects: 368049
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 9:09:15 PM  Total scanning time: 1926 sec (00:32:06)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 

Edited by Marcos
Redundant records removed
Link to post
Share on other sites
  • Administrators

It's actually not a threat but a potentially unwanted application. At the end of the scan, the user should have been presented with a window where the desired action could be selected.

Link to post
Share on other sites
  • ESET Insiders

at the bottom of screen you got "action after scan" and you need to select what you want to do, as you can see it is selected "No Action".

Edit: sorry yes, I've got the same problem here, action after scan reffers to action in sense shutdown/sleep etc. When I select from popup menu "scan file" on infected file I got only information tah threats are found, but no options to select cleaning it in any way.

Edited by mandiato
Link to post
Share on other sites
  • ESET Insiders

It looks like on sshot below right now on my system, but I remember that for a long time I also cannot bring that requester to front, I was only informed about threats found. But maybe time to upgrade your installation to latest v10 version?

Regards

ESET.png

Link to post
Share on other sites

Also don't forget to set your cleaning level.

Cleaning levels

 

Real-time protection has three cleaning levels (to access cleaning level settings, click ThreatSense engine parameter setup in the Real-time file system protection section and then click Cleaning).

No cleaning – Infected files will not be cleaned automatically. The program will display a warning window and allow the user to choose an action. This level is designed for more advanced users who know which steps to take in the event of an infiltration.

Normal cleaning – The program will attempt to automatically clean or delete an infected file based on a predefined action (depending on the type of infiltration). Detection and deletion of an infected file is signaled by a notification the bottom-right corner of the screen. If it is not possible to select the correct action automatically, the program provides other follow-up actions. The same happens when a predefined action cannot be completed.

Strict cleaning – The program will clean or delete all infected files. The only exceptions are the system files. If it is not possible to clean them, the user is prompted to select an action by a warning window.

WARNING

If an archive contains a file or files which are infected, there are two options for dealing with the archive. In standard mode (Normal cleaning), the whole archive would be deleted if all the files it contains are infected files. In Strict cleaning mode, the archive would be deleted if it contains at least one infected file, regardless of the status of the other files in the archive.

http://help.eset.com/essp/10/en-US/index.html?work_avas_realtime_cleaning.htm

 

Link to post
Share on other sites
16 hours ago, TomFace said:

Also don't forget to set your cleaning level.

Cleaning levels

 

Real-time protection has three cleaning levels (to access cleaning level settings, click ThreatSense engine parameter setup in the Real-time file system protection section and then click Cleaning).

No cleaning – Infected files will not be cleaned automatically. The program will display a warning window and allow the user to choose an action. This level is designed for more advanced users who know which steps to take in the event of an infiltration.

Normal cleaning – The program will attempt to automatically clean or delete an infected file based on a predefined action (depending on the type of infiltration). Detection and deletion of an infected file is signaled by a notification the bottom-right corner of the screen. If it is not possible to select the correct action automatically, the program provides other follow-up actions. The same happens when a predefined action cannot be completed.

Strict cleaning – The program will clean or delete all infected files. The only exceptions are the system files. If it is not possible to clean them, the user is prompted to select an action by a warning window.

WARNING

If an archive contains a file or files which are infected, there are two options for dealing with the archive. In standard mode (Normal cleaning), the whole archive would be deleted if all the files it contains are infected files. In Strict cleaning mode, the archive would be deleted if it contains at least one infected file, regardless of the status of the other files in the archive.

hxxp://help.eset.com/essp/10/en-US/index.html?work_avas_realtime_cleaning.htm

 

Thank You TomFace.

Also, someone please explain this to me. 18 Threats Found, 7 Cleaned. Next Scan. 0 Threats.589b8013da249_Desktop02_08.2017-15_28_31_01.thumb.png.25ec1c7e071f3cb17eedb96c3c71e68c.png

Link to post
Share on other sites
45 minutes ago, SamHolmes said:

Also, someone please explain this to me. 18 Threats Found, 7 Cleaned. Next Scan. 0 Threats.

Eset performs an "Initial" scan every time it is installed/reinstalled. This is a very thorough scan of the OS installation HDD/SSD. Depending on the number of files present, the scan can take some time.

The manual scan you ran is by default a "Smart" scan. It will not scan all files present as is done by the "Initial" scan. Smart scan checks for directories/files/registry areas and the like commonly associated with malware activity. It also wlll not scan files previously scanned unless they have been modified.

Post a screen shot of the scan log showing files not cleaned. 

Link to post
Share on other sites
17 hours ago, itman said:

Eset performs an "Initial" scan every time it is installed/reinstalled. This is a very thorough scan of the OS installation HDD/SSD. Depending on the number of files present, the scan can take some time.

The manual scan you ran is by default a "Smart" scan. It will not scan all files present as is done by the "Initial" scan. Smart scan checks for directories/files/registry areas and the like commonly associated with malware activity. It also wlll not scan files previously scanned unless they have been modified.

Post a screen shot of the scan log showing files not cleaned. 

Ive included screen shots of the log and the infected files. All the blue have the "error opening". This was an enormous log.

Desktop 02.09.2017 - 09.44.02.02.png

Desktop 02.09.2017 - 09.44.21.03.png

Desktop 02.09.2017 - 09.44.34.04.png

Desktop 02.09.2017 - 09.45.06.05.png

Desktop 02.09.2017 - 09.47.06.06.png

Desktop 02.09.2017 - 09.47.13.07.png

Desktop 02.09.2017 - 09.47.19.08.png

Desktop 02.09.2017 - 09.47.41.10.png

Desktop 02.09.2017 - 09.47.47.11.png

Desktop 02.09.2017 - 09.48.40.13.png

Link to post
Share on other sites

Those detections are for "potentially unwanted applications." See this thread for reference: https://forum.eset.com/topic/10840-what-action-should-i-take-for-this-file/

If you decide to remove them, the associated software will not longer be functional. Run another Eset scan. Then note the screen shot  in the above referenced link displayed at the end of the scan. Click on the wording "Action for all listed threats." Then select what you want to do from the options shown.

Eset's definition of a potentially unwanted application i.e. PUA:

Potentially unwanted applications

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks

Link to post
Share on other sites
  • ESET Insiders

OK. I finally reproduce that:ESET_bug.thumb.PNG.d591ae9da49a68cc5a5a4691b5ef7cfb.PNG

And after scan I can only dismiss and cannot select action. This happened with scan on demand from popup menu. This happened at default settings, so something goes wrong here. If I try to download infected file from Internet, it is blocked, and temp file is deleted, but when I run scan on demand I'm only informed about infection fact, and ESET shows that selection is postponed to end of scanning, but at end of scanning I can only dismiss information and log, I cannot select cleaning action. And as I said this is on default settings with clean install (no playing with changing detection level, or actions. Pure default settings.

When I try to run that file it is cleaned by default by deleting infected doc from archive, but there's no possibility to select action after on demand scan.

Something wrong goes here, so I'll raise bug at bugtracker.

Link to post
Share on other sites

Try this. Enter Eset GUI. Click on Setup, then Advanced Setup on the bottom of the page.

Click on On-Demand computer scan. Then open ThreatSense settings by clicking on the "+" sign.

Change Cleaning Level to No Cleaning as shown in the below screen shot. Click OK on that screen and any subsequent screens to save your settings.

Run an On-Demand scan. At the end, you should be shown a screen that will allow you to delete/quarantine etc. the PUA's.

Then repeat the above steps and reset Cleaning Level to Normal.

Eset_Scan_Options.png

Edited by itman
Link to post
Share on other sites
  • ESET Insiders

This won't help at all, in both cases in log is mnessage about postponed asking user for action but no action window shows up at the end, user can only dismiss log files... At attached sshot  upper vindow is from scaning with no action lower with normal ... No difference.ESET_bug_2.thumb.PNG.bcfb541c540924168b59583429101552.PNG

Link to post
Share on other sites
  • ESET Insiders

Yep, but this is only test file, one and only one which is actually available to such test on my system, so when I delete it, I cannot any longer reproduce that bug. And this is bug when something should ask what to do, and don't do it, leaves infection with false sense of security. Right now I'm in contact with devs to nail it down.

Link to post
Share on other sites
  • ESET Insiders

I nailed it down a little bit further... And it occurs only when I start scanning from popup menu in "Fences" on desktop, using Windows Explorer or DirectoryOpus listers when selecting scan option leads to proper window with scan results and action to take. So this is something with interact between fences and ESET in my case.

Link to post
Share on other sites
36 minutes ago, mandiato said:

Yep, but this is only test file, one and only one which is actually available to such test on my system, so when I delete it, I cannot any longer reproduce that bug. And this is bug when something should ask what to do, and don't do it, leaves infection with false sense of security. Right now I'm in contact with devs to nail it down.

Experimenting with live malware is a no-no. Since the file is in an archive, it can do no damage. If it was extracted from same, Eset would detect and delete it. Ditto if it was executed.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...