MxRay 0 Posted September 16, 2019 Posted September 16, 2019 (edited) Hi, today I've discovered that my PC is possibly under threat of some malicious software. It started when I've tried to do a Windows Update which showed me an error. Next logical step for me is to see what Eset has to say about it (I already had NOD installed) and at this point my heart skipped a beat because ESET wasn't even running. When I tried to start it, its Program Files directory was completely empty. I rushed to download an installer. The installation fails every time right after "Deleting services" step. The Specialized cleaner does not find anything. Online scanner found 2 trojan horses and deleted them but it did not help. I started to do my own investigation and few things hit me as suspicious. Windows Security does not show anything. There are already 2 Eset related services that are stopped and cannot be started again. Both of which point to non existing files in the Eset Program Files directory. So here goes: In the meantime I'm I've installed trial version of Kaspersky and trying do a proper full scan. Side note: I'm using dualboot of Windows 10 along with ArchLinux, in case it is somehow important. UPDATE: Manually deleted old Eset services and the error code has changed to MSI.1923 eav_logs.zip Edited September 16, 2019 by MxRay
MxRay 0 Posted September 16, 2019 Author Posted September 16, 2019 (edited) Ok, full scan with Kaspersky and following restart has solved it! Here's its scan report export (some entries are for my own education/sandbox testing). kaspersky scan result.txt Edited September 16, 2019 by MxRay
itman 1,807 Posted September 16, 2019 Posted September 16, 2019 4 hours ago, MxRay said: t started when I've tried to do a Windows Update which showed me an error. Next logical step for me is to see what Eset has to say about it (I already had NOD installed) and at this point my heart skipped a beat because ESET wasn't even running. When I tried to start it, its Program Files directory was completely empty. Was NOD32 running after you booted the PC for the first time today? Was the Eset status icon present on the desktop taskbar? Did its visual status indicate anything wrong with Eset?
MxRay 0 Posted September 16, 2019 Author Posted September 16, 2019 Unfortunately, I don't know at which point Eset did not start. Although, considering that the last Windows Update check ran on 14.9. I'd presume it's the day that my PC got infected. The Eset icon is always hidden in the tray menu so it did not occur to me as weird right away. Moreover there were no alerts from the Eset itself that there is some kind of threat incoming.
itman 1,807 Posted September 16, 2019 Posted September 16, 2019 35 minutes ago, MxRay said: The Eset icon is always hidden in the tray menu so it did not occur to me as weird right away. Drag it to the desktop taskbar and it should remain unhidden.
Recommended Posts