quazi27 0 Posted April 9, 2014 Share Posted April 9, 2014 Does anyone know of a removal tool for the waski.a trojan virus? I keep getting this thing popping up... Much appreciated folks!!! Alan Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 9, 2014 Share Posted April 9, 2014 Hello Alan, Are you having trouble removing the trojan with ESET installed ? ESET Antivirus software detects and removes the threat automatically: Win32/TrojanDownloader.Waski You should be able to run a smart scan or in-depth and remove at the end of the scan or during. Download a trial today; and should you decide to purchase, let us know if you have any questions. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted April 9, 2014 Administrators Share Posted April 9, 2014 Please post a screen shot of the alert you're receiving or the appropriate complete record from your "Detected threats" log. Also enclose information about installed modules and signature database from the About window (accessible from the right-click tray icon menu). Link to comment Share on other sites More sharing options...
quazi27 0 Posted April 10, 2014 Author Share Posted April 10, 2014 We are using Version 4.2.76.0 Installed Components: Virus signature database: 9661 Rapid Response Module: 3946 Update Module: 1050 Antivirus and antispyware scanner module: 1423 Advanced heuristics module: 1147 Archive support module: 1194 Cleaner module: 1087 Anti-stealth support module: 1058 ESET SysInspector module: 1240 Self-defense support module: 1018 Rea-timefile system protection module: 1006 Won't let me do a screenshot....but here's the info from the Log: win32/trojandownloader.waski.a trojan - contained infected files.... There are multiple instances of this and it pops up everyday even after cleaning and clearing the logs... Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 10, 2014 Share Posted April 10, 2014 (edited) Quazi, the reason infection may not be cleanable is due to your outdated version. I recommend upgrading to version 7 for free, and attempt to clean again. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2885 Edited April 10, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted April 10, 2014 Administrators Share Posted April 10, 2014 The message "contained infected files" is logged when a message with a malicious attachment is detected and the attachment is removed. At any rate, I'd strongly recommend upgrading to the latest version 7.0.302.26. Link to comment Share on other sites More sharing options...
quazi27 0 Posted April 10, 2014 Author Share Posted April 10, 2014 Just to clarify....we use version 4.2.76 Business edition.....we don't use the Home version. Any ideas on how to stop this alert from triggering everyday? Please advise.... Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted April 10, 2014 Administrators Share Posted April 10, 2014 As long as you receive spammed email with Waski attached, you'll get this warning. The latest version for business users is Endpoint 5.0.2228 downloadable from ESET's website. Link to comment Share on other sites More sharing options...
jacobmarsh 0 Posted April 11, 2014 Share Posted April 11, 2014 Waski.a is a vicious Trojan that can be propagated by adware and other malicious viruses. This often utilizes some loopholes to sneak into your system. To remove it, you can take following steps:- Press F8 key to enter the safe mode with networking. End the process of Win32/TrojanDownloader.Waski.A by pressing ctrl+ alt + Del button. Remove Win32/TrojanDownloader.Waski.A from Windows Start-up items. Scan your system with the help of best malware protection tools like Immunet, Norton 360, Panda Cloud, Kaspersky, Bitdefender etc. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted April 11, 2014 Administrators Share Posted April 11, 2014 End the process of Win32/TrojanDownloader.Waski.A by pressing ctrl+ alt + Del button. I presume this won't be possible as the OP keeps receiving spammed email with Waski attached which is removed by ESET and thus never makes it to inbox so it cannot be accidentally run. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 11, 2014 Share Posted April 11, 2014 The only best malware tool i see in your list is Bitdefender. lol As Marcos stated, this is an email alert which is quarantined upon arrival by ESET, not an active infection or malicious process on his workstation. Link to comment Share on other sites More sharing options...
rozermartin28 1 Posted April 14, 2014 Share Posted April 14, 2014 Try the below mentioned steps, this will definitelyt helps you in solving your problem:- Step 1: Restart the system in Safe Mode with Networking. Keep press F8 when the machine starts to boot up. Step 2: Delete startup items of Win32/TrojanDownloader.Waski.A virus. Press Win+ R, type “msconfig” and click OK. Step 3: Remove registry entries of Win32/TrojanDownloader.Waski.A virus. Press Win+R to open Run, type “regedit” and hit OK. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon "Shell" = "[random].exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0 Step 4: Show hidden files and delete related files of Win32/TrojanDownloader.Waski.A virus. Click Start menu, select Control Panel, and search Folder Option. %AllUsersProfile%\random.exe %AllUsersProfile%\Application Data\.dll Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted April 14, 2014 Administrators Share Posted April 14, 2014 Try the below mentioned steps, this will definitelyt helps you in solving your problem This won't help if the Waski trojan was removed before being received by the email client and thus there was no chance to run it at all. At least this seems to be the case according to what the OP wrote. Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 378 Posted April 16, 2014 ESET Moderators Share Posted April 16, 2014 Hello, Keep in mind that the upgrade from ESET NOD32 Antivirus Business Edition 4.2 to ESET Endpoint Antivirus 5.0.228.0 (the latest version) is a free upgrade. You can use your existing license credentials to download it as well as the latest version of ESET Remote Administrator to manage it. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Recommended Posts