Jump to content

Archived

This topic is now archived and is closed to further replies.

KiloG

Possible new virus

Recommended Posts

I am not sure if this is in the right forum, but two days ago i noticed that sometimes nod32 would be really slow, and even get the 'not working' tag on it. I ran multiple scans and found nothing. I then decided to look at my startup programs and i found this hmemmsk.exe i did a simple search in google to see what it was, and it said 6 other antivirus programs listed it as a virus. hxxp://www.herdprotect.com/hmemmsh.exe-7c58e63407035896aa308b5327d5863ecd281c0e.aspx  Why was something in plain view missed by eset? I have already tried manually deleting it but a restart bring the virus back which i expected. how can i get rid of this virus? it seems to be shutting down my eset antivirus which is up to date. 

 

 

Brad

Share this post


Link to post
Share on other sites

Hello,

 

first off delete the registry entry :


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hmemms
C:\users\proximedia\msocache32\patch\files\hmemmsh.exe
 
Second, do you have Potentially unwanted options checked in settings ?
Also what type of scans are you running ?
Have you ran an In-depth scan ?
 
I would highly recommend calling customer care so they can upload samples if ESET did miss the threat.

Share this post


Link to post
Share on other sites

 

Hello,

 

first off delete the registry entry :

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hmemms
C:\users\proximedia\msocache32\patch\files\hmemmsh.exe
 
Second, do you have Potentially unwanted options checked in settings ?
Also what type of scans are you running ?
Have you ran an In-depth scan ?
 
I would highly recommend calling customer care so they can upload samples if ESET did miss the threat.
 
I downloaded AVG to see if maybe it picked up on this virus, and it did. It seems to be gone. C:\users\proximedia\msocache32\patch\files\hmemmsh.exe everything in the patch file is gone. To be honest i dont mess with the settings too much. sometimes i switch eset to the gaming setting (once a month maybe) but besides that, i love how eset is ALMOST set it and forget it. As for the scan i was running, was the smart scan. Also anything i download i always scan before opening. I am pretty cautious, but i really trusted eset. I have been using them for 6-8 years and i am pretty sure this is the first thing that has gotten through (at least to my knowledge). I really cant complain. Just really curious how something in plain site to me at least, could be hidden by eset.

 

Share this post


Link to post
Share on other sites

Hi again,

 

You can't blame ESET, there are thousands of settings that could have been changed.

We would HAVE to take a look to determine what was going on and what happened.

 

Now that you have removed it and its gone, we will never know, and hopefully someone else doesn't catch the threat.

 

Thanks for posting and sharing.

Share this post


Link to post
Share on other sites

Like i said before i was just curious how it could have missed that obvious one. I made it clear that in the years that i have used this product this the first time i have had a problem, which is a pretty good track record if you ask me. i will continue to use eset for all the PCs' in my house.

 

In the future what should i do so that "Now that you have removed it and its gone, we will never know, and hopefully someone else doesn't catch the threat." doesn't happen? Is there protocol i am supposed to follow when i come across something like that again?

 

Also what kind of scan should i be doing if smart scan isn't enough?

Share this post


Link to post
Share on other sites

Hi again !

 

Smart scan is good enough, however we would need to look at the settings specified for the smart scan.

In-depth scan already has all the necessary settings that are very strong for catching threats, however it will be a very long scan as smart optimization is not included.

 

Follow the directions in this KB for if you catch a threat that ESET can't find :

 

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141

Share this post


Link to post
Share on other sites

Smart Scan is mostly enough, but you can also make a customized scan and select there "in-depth-scan".

 

It's also good to submit a sample to ESET. You can do this in your ESET software or in the way described by this knowledge base article.

 

P.S: Arakasi was faster... :blink:

 

Edit: You can also submit a file directly from the context menu. (see the second screenshot I added)

post-3952-0-87132500-1404326591_thumb.png

post-3952-0-27024800-1404332169_thumb.png

Share this post


Link to post
Share on other sites

I'm not sure if it's malware, almost no av detects it after a long time and quite many users have it installed. We'll look into it though.

Share this post


Link to post
Share on other sites

So Marcos, your saying that maybe that wasn't what was trying to shut down eset? It would get to the point where it would stop. When i brought up the task manager eset was 'not responding'. It wouldn't even let me end task.

 

I am stepping out for a few, ill run an in depth scan, and see what it turns up when i return.

 

Thanks for the help, Brad

Share this post


Link to post
Share on other sites

I have some files that are threats and need to be analysed, Eset Smart Security does not detect these files, where can I post these files?

Share this post


Link to post
Share on other sites

I have some files that are threats and need to be analysed, Eset Smart Security does not detect these files, where can I post these files?

 

 

How do I submit a virus, website or potential false positive sample to ESET's lab?
 

Share this post


Link to post
Share on other sites

I have some files that are threats and need to be analysed, Eset Smart Security does not detect these files, where can I post these files?

 

Or have a look above...

to this and this post.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...