GraemeS 0 Posted November 24, 2023 Share Posted November 24, 2023 Hi, Currently in the market for a new AV & Malware package and currently have Eset on 30 day trial, very impressed with it so far, but today I have been getting alerts that I have not seen before from any other package I have been testing. Basically getting many alerts on: 24/11/2023 14:33:36;AMSI scanner;file;script;PowerShell/TrojanDownloader.Agent.GHN trojan;blocked;SFP7\Graeme;;97CE58EC7B6036BD38565612A8C577A66E616299; 24/11/2023 14:33:36;AMSI scanner;file;script;PowerShell/TrojanDownloader.Agent.GHN trojan;blocked;SFP7\Graeme;;97CE58EC7B6036BD38565612A8C577A66E616299; 24/11/2023 14:33:49;AMSI scanner;file;script;PowerShell/TrojanDownloader.Agent.GHN trojan;blocked;SFP7\Graeme;;97CE58EC7B6036BD38565612A8C577A66E616299; 24/11/2023 14:34:18;AMSI scanner;file;script;PowerShell/TrojanDownloader.Agent.GHN trojan;blocked;SFP7\Graeme;;97CE58EC7B6036BD38565612A8C577A66E616299; 24/11/2023 14:34:18;AMSI scanner;file;script;PowerShell/TrojanDownloader.Agent.GHN trojan;blocked;SFP7\Graeme;;97CE58EC7B6036BD38565612A8C577A66E616299; And the list goes on. As I said, none of the other packages I have used, have picked this up, so hoping someone can help. I have attached logs from the Eset Collector Tool. Many thanks essp_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted November 24, 2023 Administrators Share Posted November 24, 2023 Please provide fresh ELC logs collected with "Threat detection" selected in the ELC menu prior to collecting logs. If too big to upload here, upload the archive to a safe location and drop me a personal message with a download link. Also provide: c:\users\graeme\appdata\roaming\other\negi6.ps1 C:\Users\Graeme\AppData\Roaming\NCH Software\J1QhMQI.ps1 C:\Users\Graeme\AppData\Roaming\Foxit Software\LJcNNx.ps1 For now please do not delete any files until we check the above files. Link to comment Share on other sites More sharing options...
GraemeS 0 Posted November 24, 2023 Author Share Posted November 24, 2023 As per instructions please find files attached, all zipped together essp_threat_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted November 24, 2023 Administrators Share Posted November 24, 2023 Please provide the above PowerShell scripts as well. Link to comment Share on other sites More sharing options...
GraemeS 0 Posted November 25, 2023 Author Share Posted November 25, 2023 Sorry, dont know why 7Zip didnt add them, they were all selected. Please find attached now.Powershell.zip Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,085 Posted November 26, 2023 Administrators Solution Share Posted November 26, 2023 The malware should be detected and removed also from scheduled tasks. Please let me know if it's been cleaned completely and if you are no longer getting detection alerts. Link to comment Share on other sites More sharing options...
GraemeS 0 Posted November 26, 2023 Author Share Posted November 26, 2023 I will run a scan now and will let you know once completed. Many thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted November 26, 2023 Administrators Share Posted November 26, 2023 A reboot or update should be enough since the startup scan scans also scheduled tasks and removes malware found there. Link to comment Share on other sites More sharing options...
GraemeS 0 Posted November 26, 2023 Author Share Posted November 26, 2023 Just to confirm that all those Powershell Scripts have not gone and no more system complaining. Many thanks, we were with Eset previously for many years and it was because of their superb support system. Looks like one of the reasons we will be coming back, I am happy to say. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts