AhadOC 0 Posted February 15, 2020 Share Posted February 15, 2020 went out last night.. just got home next day just now... eset home security premium detected a local/ tmp NSA nsw.tmp virus.. i cant find anything about it on google! HELP! what is this??? ill attach pic.. says its some service malwarebytes tried to access.. says it all in image. there still on pc some of the tmp files... .. diff ones with ns starting with that are in tmp folder,... ill add those too.. to attachments is this some government virus? my father does work for Department of defense... wondering if they hacked / are spying on me since we share same wifi etc as his government issued DOD LAPTOP at home.. and i talk bad also on... some higher ups LOL specially online pleas help! Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 386 Posted February 16, 2020 ESET Moderators Share Posted February 16, 2020 Hello, You will probably need to submit the files in question to ESET's threat lab for a more definitive analysis (see ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?" for detailed instructions) but generally speaking, NS-prefixed temporary directories and files denote an application which has been packaged with NullSoft Scriptable Install System which, as the name implies, is a software program for making installers for other software. Nullsoft is the same company that made Winamp, a popular program for playing MP3s back in the late 1990s. The detection being reported by ESET's software is of a Potentially Unwanted Application, which is a class of applications that are not malicious software in and of themselves, but that perform activities you might or might not want being performed on your computer (hence the use of the word "potentially"). More information about them can be found in ESET Knowledgebase Article 2629, "What is a potentially unwanted application or potentially unwanted content?" or the in the Potentially Unwanted Applications White Paper published in ESET's WeLiveSecurity blog. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted February 16, 2020 Most Valued Members Share Posted February 16, 2020 If your malwarebytes is running as realtime also along with ESET , that will make your system run crazy and cause conflicts because both apps will try to claim the found malware and try to remove it , so that will make conflicts If yes , you should keep malwarebytes as standalone scanner and ESET as realtime-scanner. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted February 16, 2020 Most Valued Members Share Posted February 16, 2020 15 hours ago, AhadOC said: went out last night.. just got home next day just now... eset home security premium detected a local/ tmp NSA nsw.tmp virus.. i cant find anything about it on google! HELP! what is this??? ill attach pic.. says its some service malwarebytes tried to access.. says it all in image. there still on pc some of the tmp files... .. diff ones with ns starting with that are in tmp folder,... ill add those too.. to attachments is this some government virus? my father does work for Department of defense... wondering if they hacked / are spying on me since we share same wifi etc as his government issued DOD LAPTOP at home.. and i talk bad also on... some higher ups LOL specially online pleas help! Are you using malwarebytes in realtime as this is often not recommended as the two AVs may conflict with each other Link to comment Share on other sites More sharing options...
itman 1,743 Posted February 16, 2020 Share Posted February 16, 2020 (edited) 15 hours ago, AhadOC said: went out last night.. just got home next day just now... eset home security premium detected a local/ tmp NSA nsw.tmp virus.. i cant find anything about it on google! HELP! what is this??? To begin with, what is being detected by Eset is a potentially unwanted application; i.e. PUA; not a virus. The Eset alert appears to indicate the source to be MBAM real-time engine which really doesn't make any sense. Note that MBAM has a like detection for this PUA: https://blog.malwarebytes.com/detections/pup-optional-fusioncore/ . What we have here is a classic example of why two AV real-time solutions should not be running concurrently. It appears MBAM detected the PUA first and locked/quarantined the file or something similar. Eset then detected the PUA but identified MBAM as the source process due to the above stated activity. If the alert "Clean" option was selected, it might in all likelihood delete the MBAM service process resulting in a real mess. MBAM real-time scanning option needs to be disabled. You can then use it as a second opinion on-demand scanner. Edited February 16, 2020 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted February 16, 2020 Most Valued Members Share Posted February 16, 2020 2 hours ago, itman said: To begin with, what is being detected by Eset is a potentially unwanted application; i.e. PUA; not a virus. The Eset alert appears to indicate the source to be MBAM real-time engine which really doesn't make any sense. Note that MBAM has a like detection for this PUA: https://blog.malwarebytes.com/detections/pup-optional-fusioncore/ . What we have here is a classic example of why two AV real-time solutions should not be running concurrently. It appears MBAM detected the PUA first and locked/quarantined the file or something similar. Eset then detected the PUA but identified MBAM as the source process due to the above stated activity. If the alert "Clean" option was selected, it might in all likelihood delete the MBAM service process resulting in a real mess. MBAM real-time scanning option needs to be disabled. You can then use it as a second opinion on-demand scanner. Probably what happened here that they conflicted over the file Malwarebytes got first to it, and then ESET noticed it , so it will try to claim it from Malwarebytes , but will be prevented. Link to comment Share on other sites More sharing options...
Recommended Posts