Kgold 0 Posted June 17, 2021 Posted June 17, 2021 Dear, Recently, I got the pop up from Eset - I am using Smart Security Premium version. It shows one unwanted application (win64/Coinminer.QG). the file is from C:\intel\update\update.exe I click CLEAN button and try to delete the folder [Intel], it will show up again after I restart my computer. I would like to have a solution for this problem. I am afraid my computer has virus. Thank you all
Administrators Marcos 5,450 Posted June 17, 2021 Administrators Posted June 17, 2021 Please provide logs collected with ESET Log Collector for a start.
Kgold 0 Posted June 17, 2021 Author Posted June 17, 2021 (edited) Hello Marcos, I uploaded the logs collected file. Please check and thanks for your reply. Edited June 17, 2021 by Kgold re-upload again
Kgold 0 Posted June 17, 2021 Author Posted June 17, 2021 sorry for up another post. I uploaded again the file with all data as I follow the tutorial in eset web. 688160463_essp_logs-all.zip
Administrators Solution Marcos 5,450 Posted June 17, 2021 Administrators Solution Posted June 17, 2021 As you can see also in the screen shot above, the PUA is re-created by the application C:\Program Files\Portable Devices\manager.exe. What is the purpose of the app? Can you temporarily uninstall it?
Kgold 0 Posted June 17, 2021 Author Posted June 17, 2021 I don't know what is the purpose of this app. When I open Uninstall, I can not see the name of this app. I also tried to delete the folder and restart my computer. No pop up again. But is it okay now ? do I need to scan or do something to make sure my computer has no virus now ?
Administrators Marcos 5,450 Posted June 17, 2021 Administrators Posted June 17, 2021 1 hour ago, Kgold said: No pop up again. But is it okay now ? The machine should be clean then.
Kgold 0 Posted June 17, 2021 Author Posted June 17, 2021 Oh so thank you so much for your support. I am appreaciated
itman 1,801 Posted June 17, 2021 Posted June 17, 2021 As far as manager.exe goes, as long as it's located in this directory, C:\Program Files\Portable Devices\, it should be legit; ref.: https://www.file.net/process/manager.exe.html . Further evidenced by the fact the file is Microsoft signed.
Recommended Posts