Jump to content

Archived

This topic is now archived and is closed to further replies.

johnh

repeatedly NSIS / CoinMiner.T Trojan

Recommended Posts

Aletra virus repeatedly NSIS / CoinMiner.T Trojan. Disinfected by deletion but does not appear in the registry or in quarantine. Then once again comes NSIS / CoinMiner.T Trojan ....
Help

Share this post


Link to post
Share on other sites

For a start, please provide logs collected with ESET Log Collector. Feel free to post the generated archive here since attachments are not available to other users than ESET's staff.

Share this post


Link to post
Share on other sites
2 hours ago, johnh said:

oK. I will

You have removed the logs. Any reason for that?

Share this post


Link to post
Share on other sites

I'd strongly recommend uninstalling EEA v5 and installing the latest EEA v7.1. Instead of updating from a mirror, I'd suggest using ESET HTTP Proxy to cache dowloaded files and thus save network traffic. Also when updating from a mirror you lose streamed updates that are downloaded every few minutes and thus ensure maximum protection against newly emerging threats.

As for the malware, it seems to be spreading from a remote share. Does temporarily disconnecting the machine from LAN stop malware detections? Please carry on as follows:
- upgrade Endpoint on the machine to v7.1. Ideally install Endpoint from scratch, ie. uninstall v5 first.
- run a full disk scan
- collect fresh logs with ELC and upload the generated archive here.

Share this post


Link to post
Share on other sites

Ok. Thanks very much fo the help.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...