TomFace 539 Posted June 28, 2018 Share Posted June 28, 2018 (edited) I just complete a run of ERARemover and it came back clean, however it showed a message about submitting a report to ESET which I have never seen before. It did not give me an option to do so at the time (in it's window). So how should I proceed? Sorry I do not have a screen shot and was not able to reproduce it with subsequent ERAR runs. I did do a log collection (using ALL with ELC). Edited June 28, 2018 by TomFace Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted June 28, 2018 Administrators Share Posted June 28, 2018 ERAR is an obsolete tool which was useful at time of infamous LockScreens before the era of Filecoders that encrypt files. I will check if it's still available for download and we'll most likely remove it from download servers. Link to comment Share on other sites More sharing options...
TomFace 539 Posted June 28, 2018 Author Share Posted June 28, 2018 The last update for KB335 https://support.eset.com/kb3035/ was 4.30.18. So Marcos, are you telling me that the message I received via ERAR should just be ignored? When I ran ELC, the final screen advised me that there were "warnings". Please advise. Link to comment Share on other sites More sharing options...
TomFace 539 Posted June 28, 2018 Author Share Posted June 28, 2018 (edited) Update 6.28.18 11:46EDT...apparently my results may have something to do with using my (new) VPN. I don't understand as I am in the USA and the VPN server I use is also in the USA. I am still learning about VPNs. I just re-ran ERAR and noticed that the internet was showing "inactive" at the beginning. Once I turned my VPN off, and tried ERAR again, I then got internet "active" and was also asked if I wanted to send the previous report to ESET Live Grid...which I did do. I may have missed the "inactive" alert previously as I am pretty sure I had my VPN on. Anyone have any thoughts on this? And is ERAR still a relative download? And what about the "warnings" that were indicated to me at the conclusion of running ELC? Should I be concerned and open a ticket up? Any input would be appreciated. Edited June 28, 2018 by TomFace date correction Link to comment Share on other sites More sharing options...
itman 1,740 Posted June 28, 2018 Share Posted June 28, 2018 (edited) Out of curiosity, I just downloaded it. It appeared to run fine on Win 10 1803. Nothing found on my device. I did get hit with a screen locker while browsing a few weeks back. In that instance, I just manually terminated the browser w/o interacting with the web page in any way. I would just clear out the directory ERAR creates in %LocalAppData%\Temp, reboot, turn off your VPN, and then run the utility again and see if you get any warnings. -EDIT- Also appears it creates a directory of rouge hashes, etc. it uses for comparison when scanning: Edited June 28, 2018 by itman Link to comment Share on other sites More sharing options...
itman 1,740 Posted June 29, 2018 Share Posted June 29, 2018 Well, I just observed where using this utility could cause problems in Win 10 on non-Win 7 upgraded versions. It creates a service to load a kernel? driver efavdrv.sys from %LocalAppData%\Temp directory "on the fly." Link to comment Share on other sites More sharing options...
Recommended Posts