Jump to content

Virus disguised as ESET update!


Recommended Posts

While browsing Chrome, I kept getting a popup window for an ESET security update. It asked me if I wanted to update now or later. I clicked "now" and it immediately uninstalled ESET and Windows gave me a warning that I had no virus software installed. I restarted my computer and I couldn't click on any of the links in my google search. The mouse was a curser, not a pointer and was acting weird. I restarted again in safe mode and am running a scan. I wanted to warn everyone about this.

Link to comment
Share on other sites

It's important to learn the difference between a browser popup window and an application popup window.
As far as Eset is concerned, if you have ANY doubt close any popup window and close your browser. Manually open Eset by double clicking on the Eset Tray Icon (by the clock in the lower right corner of your taskbar).  Any important message or update notifications will be displayed within Eset.

Edited by MarcFL
Link to comment
Share on other sites

17 hours ago, Sachalek said:

While browsing Chrome, I kept getting a popup window for an ESET security update. It asked me if I wanted to update now or later.

A bit of user security education goes a long way. Applications including security ones do not update via a browser. Applications have their own internal updaters that perform such functions.

The only way I am aware of Eset could have been completely uninstalled is via Windows uninstall programs feature. Strongly suspect that the malware found a way to disable Eset realtime protection. This could have been only done on Win 10 via Eset's GUI on Win 10. Theoretically possible since it does not run as a kernel mode protected process.

Did you actually verify that Eset is physically uninstalled? For example are its directories missing from the Windows programs folder and its ekrn.exe service missing from Control Panel -> Administrative Tools -> Services?

Link to comment
Share on other sites

22 hours ago, Sachalek said:

I clicked "now" and it immediately uninstalled ESET and Windows gave me a warning that I had no virus software installed.

Another possibility here is that everything you saw on your PC screen was fake. When you clicked on the Eset update popup from Chrome, you were redirected to a site serving up malware. It then displayed a screen indicating Eset had been uninstalled and then displayed a fake control panel security settings screen showing no AV is installed. While all this is going on, the malware downloaded and executed.

You stated that you were running a scan in safe mode. Did you actually reinstall Eset prior to doing that? If not, Eset was never actually uninstalled. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...