bmekhaled 0 Posted May 11, 2023 Share Posted May 11, 2023 I am getting this message continuously is there any proven solutions ??? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 11, 2023 Administrators Share Posted May 11, 2023 Please provide logs collected with ESET Log Collector for a start. Select "Threat detection" from the menu prior to collecting logs. Link to comment Share on other sites More sharing options...
bmekhaled 0 Posted May 11, 2023 Author Share Posted May 11, 2023 The problem is in my home laptop, I'll put the log ASAP. But if this help, I opened it and read the log the destination mentioned is C:\ProgramData\Microsoft\IOBitUnlocker\loader.vbs but I searched for it and didn't find it, More info.. I've just re installed windows 10, after that I installed essential programs (office,winrar,....) and Eset is one of these programs. After finishing and restarting , Eset doesn't work as usual and refused to be uninstalled I searched and found a special tool from ESET Site that works only in Safemode, i used it an uninstalled Eset then I installed it again and it worked properly, then I got this message. I do not know if this concern the problem Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 11, 2023 Administrators Share Posted May 11, 2023 The VB script runs this PowerShell script: C:\ProgramData\Microsoft\IObitUnlocker\Report.ps1 It's unlikely that a legit app would install its files in the Microsoft folder even if you had IOBit Unlocker app. We'll see if there's anything suspicious in the logs once you provide them. Are there any files in the C:\ProgramData\Microsoft\IObitUnlocker folder after ESET has cleaned the malware? Link to comment Share on other sites More sharing options...
bmekhaled 0 Posted May 11, 2023 Author Share Posted May 11, 2023 logs eis_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 11, 2023 Administrators Share Posted May 11, 2023 Please provide also the content of the folder C:\ProgramData\Microsoft\IObitUnlocker. Link to comment Share on other sites More sharing options...
bmekhaled 0 Posted May 11, 2023 Author Share Posted May 11, 2023 IObitUnlocker.rar Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 11, 2023 Most Valued Members Share Posted May 11, 2023 29 minutes ago, bmekhaled said: logs eis_logs.zipUnavailable Try to set ESET Realtime protection to everything aggressive and run a deep scan and see if it picks few other things because I think from what you downloaded had something malicious or the windows you installed is not a clean one Link to comment Share on other sites More sharing options...
bmekhaled 0 Posted May 11, 2023 Author Share Posted May 11, 2023 would you please tell me the steps I should do Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 11, 2023 Most Valued Members Share Posted May 11, 2023 (edited) 5 minutes ago, bmekhaled said: would you please tell me the steps I should do https://help.eset.com/ees/10/en-US/?idh_config_scanner.html Set all the settings to Aggressive And then run a deep scan https://support.eset.com/en/kb2909-advanced-scanning-options-in-eset-windows-home-products Edited May 11, 2023 by Nightowl Link to comment Share on other sites More sharing options...
itman 1,742 Posted May 11, 2023 Share Posted May 11, 2023 As far as IoBit Unlocker goes, it is legit software: https://www.iobit.com/en/iobit-unlocker.php used to change file permissions in Windows. However, it has been used in malware attacks; Quote Also some ransomware (like Dharma variants) have also been employing Iobit Unlocker to make encyption and deletion easier for the malware. https://www.wilderssecurity.com/threads/wisevector-stop-x.431502/page-8#post-2942745 Unless you intentionally installed IoBit Unlocker, assume it is being used on your device for malicious purposes. Nightowl 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted May 11, 2023 Administrators Share Posted May 11, 2023 We'll add detection for Loader.vbs which attempts to load Report.ps1 that no longer exists on the disk. After detection, the file will be cleaned and removed from autostart locations as well. There is also a benign image image.png in the IOBitUnlocker folder which was seen to have been dropped by an Agent trojan as well. I'd recommend deleting the whole folder C:\ProgramData\Microsoft\IObitUnlocker. Nightowl 1 Link to comment Share on other sites More sharing options...
bmekhaled 0 Posted May 11, 2023 Author Share Posted May 11, 2023 The scan is in progress now I will wait it and see the result Link to comment Share on other sites More sharing options...
bmekhaled 0 Posted May 11, 2023 Author Share Posted May 11, 2023 Just note I didn't install Iobitunlocker and i do not know at all before. But when i faced this problem, i looked up for it and downloaded it and install it, the reason is to get uninstall.exe for it cause before i didnt find it. Bur nothing changed after installing and unibstalling Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 11, 2023 Most Valued Members Share Posted May 11, 2023 (edited) 3 minutes ago, bmekhaled said: Just note I didn't install Iobitunlocker and i do not know at all before. But when i faced this problem, i looked up for it and downloaded it and install it, the reason is to get uninstall.exe for it cause before i didnt find it. Bur nothing changed after installing and unibstalling Is the office cracked or any of the software you downloaded after the clean install was pirated somehow?, could be that where it came from. Edited May 11, 2023 by Nightowl Link to comment Share on other sites More sharing options...
Recommended Posts