TheNikita 6 Posted May 1, 2023 Share Posted May 1, 2023 Hello! I have a little question. Does ESET fix problems like locked task manager, disabled registry editor, changed WinLogon and so on? For example, Kaspersky Lab products have a special tool that fixes all this. The product from Dr.Web fixes it during a scan (if it finds it). Does ESET fix similar problems? Thank you in advance! Dmitry228 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted May 1, 2023 Administrators Share Posted May 1, 2023 The System cleaner should restore most of system settings modified by malware: Link to comment Share on other sites More sharing options...
Dmitry228 1 Posted May 1, 2023 Share Posted May 1, 2023 Just now, Marcos said: Очиститель системы должен восстановить большинство системных настроек, измененных вредоносным ПО: I had the task manager disabled, but ESET did not find it and did not restore it TheNikita 1 Link to comment Share on other sites More sharing options...
TheNikita 6 Posted May 1, 2023 Author Share Posted May 1, 2023 Confirmed, I also disabled the task manager through the registry editor, but ESET is silent and does not see anything Dmitry228 1 Link to comment Share on other sites More sharing options...
TheNikita 6 Posted May 1, 2023 Author Share Posted May 1, 2023 Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it. Dmitry228 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted May 1, 2023 Administrators Share Posted May 1, 2023 33 minutes ago, Dmitry228 said: I had the task manager disabled, but ESET did not find it and did not restore it Ok, you're right. We'll add support for cleaning it via a module update soon. Quote Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it. I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file. Dmitry228 and peteyt 2 Link to comment Share on other sites More sharing options...
TheNikita 6 Posted May 1, 2023 Author Share Posted May 1, 2023 5 minutes ago, Marcos said: I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file. Shouldn't ESET restore the default value whenever "Shell" is changed? For example, if you change "Shell" from "explorer.exe" to "notepad.exe", there must be some reaction to the change of "Shell", right? When I change "Shell", ESET does not react in any way. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted May 1, 2023 Administrators Share Posted May 1, 2023 "Shell" is an autostart location which is cleaned when malware is registered there. Link to comment Share on other sites More sharing options...
TheNikita 6 Posted May 1, 2023 Author Share Posted May 1, 2023 (edited) If I understood you correctly, this is when a malware known to ESET is registered in "Shell". What if the "Shell" contains some malware that is not yet known to ESET? Or, for example, if some program purposely changes the value of "Shell" to, for example, the same "notepad.exe"? In these cases, ESET will simply keep silent, even though it is supposed to restore the default "Shell" value, just like other antiviruses do. Edited May 1, 2023 by TheNikita Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,257 Posted May 1, 2023 Administrators Solution Share Posted May 1, 2023 If a program changes the value and thus makes the system malfunction, it should be detected as malware. Once such threat is recognized, it will be cleaned from the registry too. Link to comment Share on other sites More sharing options...
TheNikita 6 Posted May 1, 2023 Author Share Posted May 1, 2023 Okay, thanks for the clarification! Link to comment Share on other sites More sharing options...
Recommended Posts