henrik_admiral 0 Posted January 5, 2021 Posted January 5, 2021 I got infected by a virus, i made the mistake of turning the protection of my ESET off because i downloaded an application from somewhere and they said i need to turn off protection to install it successfully this is the file : https://www.virustotal.com/gui/file/e4efd1d6c7eaf477e83f38b2dca11515c6847fddd0b8ae1f89a334f2e3326df5 now ESET doesn't work anymore, it got deleted by the virus after my computer got restarted, now i cant install ESET anymore! when i install it, it gets deleted again, what should i do ?
Administrators Marcos 5,461 Posted January 5, 2021 Administrators Posted January 5, 2021 Try running a disk scan with ESET Online scanner prior to installing ESET.
itman 1,806 Posted January 5, 2021 Posted January 5, 2021 If problems persist after running ESET Online scanner, you could also try performing a Win system restore using a restore point prior to when you installed the app/malware. This won't remove all of the malware and/or app but should reset system settings to what existed prior to the app install. This will hopefully also restore Eset functionality to the point you could run a full scan with it. Note: the malware may have disabled system restore functionality.
Most Valued Members Nightowl 206 Posted January 6, 2021 Most Valued Members Posted January 6, 2021 Windows Defender AV will be able to pick it up also if it's not disabled by the malware Here it's described how you can remove the virus manually through safemode : https://medium.com/@beckylongman2015/how-to-remove-trojan-win32-skeeyah-a-bit-completely-283cf8edbc77
henrik_admiral 0 Posted January 6, 2021 Author Posted January 6, 2021 (edited) 22 hours ago, Marcos said: Try running a disk scan with ESET Online scanner prior to installing ESET. 21 hours ago, itman said: If problems persist after running ESET Online scanner, you could also try performing a Win system restore using a restore point prior to when you installed the app/malware. This won't remove all of the malware and/or app but should reset system settings to what existed prior to the app install. This will hopefully also restore Eset functionality to the point you could run a full scan with it. Note: the malware may have disabled system restore functionality. ESET online scanner didn't help i'm still infected and it couldn't find anything malicious in my system, it says all clean! and i don't have a restore point.... I know I'm still infected because ESET gets deleted as soon as i install it, i can open it for 5-6 second then its GONE so ESET literally cannot remove this ?!!! Edited January 6, 2021 by henrik_admiral
henrik_admiral 0 Posted January 6, 2021 Author Posted January 6, 2021 7 hours ago, Nightowl said: Windows Defender AV will be able to pick it up also if it's not disabled by the malware Here it's described how you can remove the virus manually through safemode : https://medium.com/@beckylongman2015/how-to-remove-trojan-win32-skeeyah-a-bit-completely-283cf8edbc77 That guide didn't help, in safe mode i cannot see any suspicious process in task manager and it says delete "Trojan name", what does that even mean, whats the trojan name? couldn't see any skeeyah.exe and that article links to websites that are down
itman 1,806 Posted January 6, 2021 Posted January 6, 2021 Ignoring the Eset issue for the moment if this is Win 10, Windows Defender should be active and functioning as your real-time protection. Did you check Windows Security Center and verify this is the case?
itman 1,806 Posted January 6, 2021 Posted January 6, 2021 (edited) 2 hours ago, henrik_admiral said: I know I'm still infected because ESET gets deleted as soon as i install it, i can open it for 5-6 second then its GONE Further clarification need on this. Are you referring to the Eset desktop toolbar icon missing? Does Eset still exist in the Win 10 Start menu? Is the Eset service, "Eset Service," listed in Control Panel -> System and Security -> Administrative Tools ->Services? Is the service started and running? Does this folder, "Eset", still exist in C:\Program Files? Does it contain the "Eset Security" folder? Does this folder contain sub-folders and files? Edited January 6, 2021 by itman
henrik_admiral 0 Posted January 6, 2021 Author Posted January 6, 2021 (edited) 22 minutes ago, itman said: Further clarification need on this. Are you referring to the Eset desktop toolbar icon missing? Does Eset still exist in the Win 10 Start menu? Is the Eset service, "Eset Service," listed in Control Panel -> System and Security -> Administrative Tools ->Services? Is the service started and running? Does this folder, "Eset", still exist in C:\Program Files? Does it contain the "Eset Security" folder? Does this folder contain sub-folders and files? I am using windows 7, 64 bit i thought ESET got deleted or something, but Actually it seems like ESET process is still up, but i cannot open ESET, when i try to open it nothing shows up. ESET services are running but i still cannot interact with ESET gui anymore, i tried to reinstall it, no luck. sometimes i get blue screen as well. and ESET files doesn't seem to be deleted now that i checked again. when i restart the computer, i can open it for 5-6 seconds and after that it gets closed and its services get stopped, and no matter how hard i try to click on different options in its icon, it wont open anymore. Edited January 6, 2021 by henrik_admiral
itman 1,806 Posted January 6, 2021 Posted January 6, 2021 1 hour ago, henrik_admiral said: ESET services are running but i still cannot interact with ESET gui anymore, i tried to reinstall it, no luck. sometimes i get blue screen as well. and ESET files doesn't seem to be deleted now that i checked again. when i restart the computer, i can open it for 5-6 seconds and after that it gets closed and its services get stopped, and no matter how hard i try to click on different options in its icon, it wont open anymore. You posted two conflicting statements. First, you stated services are running. Next, you state Eset services are stopped after boot time. If Eset services are currently stopped, restart them. Now try to access Eset GUI via Start menu and run an Eset scan.
Most Valued Members peteyt 396 Posted January 6, 2021 Most Valued Members Posted January 6, 2021 1 hour ago, henrik_admiral said: I am using windows 7, 64 bit i thought ESET got deleted or something, but Actually it seems like ESET process is still up, but i cannot open ESET, when i try to open it nothing shows up. ESET services are running but i still cannot interact with ESET gui anymore, i tried to reinstall it, no luck. sometimes i get blue screen as well. and ESET files doesn't seem to be deleted now that i checked again. when i restart the computer, i can open it for 5-6 seconds and after that it gets closed and its services get stopped, and no matter how hard i try to click on different options in its icon, it wont open anymore. You could try to uninstall eset in safe mode with the uninstaller which I will link bellow. This uninstaller can often remove stuff that somehow may have been left. Then reinstall and see if there are any issues https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool
henrik_admiral 0 Posted January 7, 2021 Author Posted January 7, 2021 (edited) 8 hours ago, itman said: You posted two conflicting statements. First, you stated services are running. Next, you state Eset services are stopped after boot time. If Eset services are currently stopped, restart them. Now try to access Eset GUI via Start menu and run an Eset scan. OK i started them manually using task manager, but i still cannot open the gui. also it seems like they get stopped after around 15-20 minutes of booting up, when i start them manually, again they get stopped after around 15-20 minutes. 8 hours ago, peteyt said: You could try to uninstall eset in safe mode with the uninstaller which I will link bellow. This uninstaller can often remove stuff that somehow may have been left. Then reinstall and see if there are any issues https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool tried this as well, still the same thing : i can open it for around 10 second, and can do scans with it, then it gets closed by something and i cannot open it anymore. i used ESET for a long time and never had problems, this only happened after i tried to run that damn installer so I'm 100% sure its because of that. everything seems slower too.. Edited January 7, 2021 by henrik_admiral
Administrators Marcos 5,461 Posted January 7, 2021 Administrators Posted January 7, 2021 As for the scan with ESET Online scanner, do you mean it has run but no threat was found? Please provide logs collected with ESET Log Collector for perusal.
henrik_admiral 0 Posted January 7, 2021 Author Posted January 7, 2021 4 hours ago, Marcos said: As for the scan with ESET Online scanner, do you mean it has run but no threat was found? Please provide logs collected with ESET Log Collector for perusal. i get a blue screen when i run this log collector tried it with default, thread detection, and all options and i still got blue screened after around 10 second of running it i copied the operation log output as fast as i could and copied it before getting a blue screen, this is the output : [9:20:02 AM] ESET Log Collector v4.1.2.0 (9/28/2020) - 64 bit [9:20:02 AM] Copyright (c) 1992-2020 ESET, spol. s r.o. All rights reserved. [9:20:02 AM] [9:20:02 AM] Detected product type: eis [9:20:14 AM] ============================== [9:20:14 AM] ESET logs collection mode: Filtered binary [9:20:14 AM] Number of days to collect target files and log records for: 30 [9:20:14 AM] Saving metadata to C:\Users\henrik\AppData\Local\Temp\elc1EC6.tmp [9:20:14 AM] Adding file: C:\Users\henrik\AppData\Local\Temp\elc1EC6.tmp -> metadata.txt [9:20:14 AM] Adding file: C:\Users\henrik\AppData\Local\Temp\elc1EE6.tmp -> info.xml [9:20:14 AM] Adding file: C:\ProgramData\ESET\ESET Security\versions.csv -> versions.csv [9:20:14 AM] Adding file: C:\Users\henrik\AppData\Local\Temp\elc1F06.tmp -> features_state.txt [9:20:14 AM] === Running processes (open handles and loaded DLLs) === [9:20:14 AM] Exporting... [9:20:15 AM] OK [9:20:15 AM] Adding file: C:\Users\henrik\AppData\Local\Temp\elc1F17.tmp -> Windows/Processes.txt [9:20:15 AM] Adding file: C:\Users\henrik\AppData\Local\Temp\elc1F18.tmp -> Windows/ProcessesTree.txt [9:20:15 AM] === Drives info ===
Most Valued Members peteyt 396 Posted January 7, 2021 Most Valued Members Posted January 7, 2021 Can you confirm it is just eset? I mean what happens if you download something like malwarebytes and run a scan. Just wondering if whatever it is will disable that to
henrik_admiral 0 Posted January 7, 2021 Author Posted January 7, 2021 2 minutes ago, peteyt said: Can you confirm it is just eset? I mean what happens if you download something like malwarebytes and run a scan. Just wondering if whatever it is will disable that to can you give me a list of other suggestions that i should try out? i mostly used ESET and am not familiar with other anti viruses, should i only try malwarebytes and report back?
Administrators Marcos 5,461 Posted January 7, 2021 Administrators Posted January 7, 2021 If possible, create a bootable SysRescue medium and run a disk scan from there.
itman 1,806 Posted January 7, 2021 Posted January 7, 2021 You can try using Kaspersky Virus Removal tool: https://support.kaspersky.com/8528 . Make sure when run to select "Change parameters" and select all objects shown including the system drive. Note: If this app refuses to run or aborts shortly after startup, rename the file download - KVRT.exe - to something else and run the renamed executable.
henrik_admiral 0 Posted January 7, 2021 Author Posted January 7, 2021 6 hours ago, Marcos said: If possible, create a bootable SysRescue medium and run a disk scan from there. Tried the SysRescue, it successfully found 1 threat : MBR sector of the /dev/sda. physical disk - Win32/Rootkit.Agent.OCL trojan - unable to clean but it says unable to clean for some reason... restarted the computer and the problem still exists.. eset gets closed after 10-15 seconds of booting up..
Administrators Marcos 5,461 Posted January 7, 2021 Administrators Posted January 7, 2021 You should restore MBR as per https://neosmart.net/wiki/fix-mbr/.
henrik_admiral 0 Posted January 7, 2021 Author Posted January 7, 2021 24 minutes ago, Marcos said: You should restore MBR as per https://neosmart.net/wiki/fix-mbr/. I am not a technical person and that article is too complex for me to understand I dont understand what is the point of an Anti virus if i have to manually fix everything myself? why can't ESET remove this, even tho it is DETECTING it? why can't ESET fix the MBR itself? whats the point of buying an anti virus then?
Most Valued Members peteyt 396 Posted January 7, 2021 Most Valued Members Posted January 7, 2021 21 minutes ago, henrik_admiral said: I am not a technical person and that article is too complex for me to understand I dont understand what is the point of an Anti virus if i have to manually fix everything myself? why can't ESET remove this, even tho it is DETECTING it? why can't ESET fix the MBR itself? whats the point of buying an anti virus then? MBR is a very tricky thing I belive but my knowledge on that is limited. On that link Marcos gave you there is a bit that offers a download that will do most stuff for you. Other thing as I mentioned would be to download malwarebytes and run a scan but I don't know if this will be the same issue due to it being mbr related
itman 1,806 Posted January 7, 2021 Posted January 7, 2021 (edited) I read a posting over at bleepingcomputer.com that Kaspersky's TDSSKiller will remove this type of boot/rookit. You can give it a shot and see if it detects and removes the rootkit. It runs very fast and will produce a log file. Review the log file and see if anything was detected. If so, wording will probably exist instructing you to reboot the PC to complete removal of the rootkit. TDSSKIller can be downloaded here: https://support.kaspersky.com/5350#list -EDIT- After opening TDSSKiller but prior to running it , select "Change parameters" and ensure all the settings shown in this article are enabled: https://forums.malwarebytes.com/topic/251556-need-help-removing-rootkit-agent/?do=findComment&comment=1335503 . Also read the entire posting which will instruct on how to respond to any detection made by TDSSKiller. Edited January 8, 2021 by itman
henrik_admiral 0 Posted January 8, 2021 Author Posted January 8, 2021 16 hours ago, itman said: I read a posting over at bleepingcomputer.com that Kaspersky's TDSSKiller will remove this type of boot/rookit. You can give it a shot and see if it detects and removes the rootkit. It runs very fast and will produce a log file. Review the log file and see if anything was detected. If so, wording will probably exist instructing you to reboot the PC to complete removal of the rootkit. TDSSKIller can be downloaded here: https://support.kaspersky.com/5350#list THANK YOU!! this solved the problem for me. it found a virus named "DarkGalaxy" and cured the system! ESET really dissapointed me with this one tho, why do i need to use other anti viruses to delete this virus when i purchased ESET? either way thanks everyone for their help!
Administrators Marcos 5,461 Posted January 8, 2021 Administrators Posted January 8, 2021 42 minutes ago, henrik_admiral said: ESET really dissapointed me with this one tho, why do i need to use other anti viruses to delete this virus when i purchased ESET? either way thanks everyone for their help! ESET actually protected you from getting infected by the malware. Once AV protection is disabled and malware is run, it may be very difficult to remove it and specialized tools must be used.
Recommended Posts