angeldust 0 Posted March 5 Share Posted March 5 (edited) Have a nice day! Every day this alert comes up. I have run the full check several times in the last month, but it comes up again. Edited March 5 by Marcos Links removed Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,082 Posted March 5 Administrators Share Posted March 5 Please do not publicly disclose links to logs but drop me a personal message instead. I was unable to download the files without the need to request access. Quote Link to comment Share on other sites More sharing options...
Solution itman 1,662 Posted March 5 Solution Share Posted March 5 There's an older thread in the forum on a similar PowerShell malware. In this case, a rogue sub-directory was created in C:\Windows\System32: https://forum.eset.com/topic/32653-annoying-powershellagentaew-on-each-start-need-assitence/#elControls_152733_menu . In any case, diagnosis will be a bit involved. angeldust 1 Quote Link to comment Share on other sites More sharing options...
angeldust 0 Posted March 6 Author Share Posted March 6 22 hours ago, Marcos said: Please do not publicly disclose links to logs but drop me a personal message instead. I was unable to download the files without the need to request access. Annoying, but Kaspersky (KVRT) solved my problem too. I still use ESET, but it was only a temporary solution. ITman, Thanks for the link! I am sad to see that the incident was almost 2 years ago. Since then ESET has failed to provide a solution to such a problem? Marcos, I look forward if you have other solutions or comments! Thanks essp_logs.zip Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,082 Posted March 6 Administrators Share Posted March 6 1 hour ago, angeldust said: I am sad to see that the incident was almost 2 years ago. Since then ESET has failed to provide a solution to such a problem? The fact that there was a problem cleaning a specific PowerShell malware in the past does not mean that this is the very same case. Unfortunately the ELC logs were not collected with "All" or "Threat detection" template selected in the ELC menu so we cannot figure out the location of the malware. As you wrote, you have already removed the malware so any further logs will not help us. We would need especially the registry dump from an infected system. Quote Link to comment Share on other sites More sharing options...
angeldust 0 Posted March 6 Author Share Posted March 6 (edited) 3 hours ago, Marcos said: Az a tény, hogy a múltban probléma volt egy adott PowerShell kártevő tisztításával, nem jelenti azt, hogy ez ugyanaz az eset. Sajnos az ESET Log Collector naplók nem az ESET Log Collector menüben kiválasztott "Összes" vagy "Fenyegetés észlelése" sablonnal lettek gyűjtve, így nem tudjuk kideríteni a kártevő helyét. Ahogy írtad, már eltávolítottad a kártevőt, így a további naplók nem segítenek nekünk. Különösen a registry dumpra lenne szükségünk egy fertőzött rendszerből. The logs is from yesterday. The state before removal. Edited March 6 by angeldust Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,082 Posted March 6 Administrators Share Posted March 6 As I wrote, the logs were not collected with "All" or "Threat detection" template selected in the ELC menu and therefore a registry dump was missing. Since you have removed the malware, new logs would not help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.