BrownB 0 Posted December 7, 2018 Share Posted December 7, 2018 Hello, I have a PC in my organization where Nod32 v.4 is running. In the last 3 days it is showing an alert about Win32/Ramnit.CS virus found in operating memory=c:\windows\system32\wups.dll it seems to happen randomly during the day. I tried the offline scan using latest image of ESET SysRescue Live, updated when started, and it founds 0 threats. Then I let the user work again on the PC, but after some hours again the alert was popped up. I asked the user about his activities ant everything seems ok. What other problems could make the malware remain on the pc after a SysRescue scan? Thank you all for the support. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted December 7, 2018 Administrators Share Posted December 7, 2018 V4 is an ancient version which does not provide sufficient protection against current threats and is not supported any more either. Uninstall it and install the latest Endpoint v7 (or 6.5 in case of WinXP) asap without disabling any protection features or default settings. After activation and update, run a full scan and reboot the machine after the scan was completed. Should the problem persist: - gather logs with ESET Log Collector (select Threat detection in the ELC menu) - Procmon boot log Upload the stuff in an archive encrypted with the password "infected" to a safe location and email samples[at]eset.com while providing a download link as well as a link to this topic. Link to comment Share on other sites More sharing options...
Recommended Posts