angeldust 0 Posted March 5 Posted March 5 (edited) Have a nice day! Every day this alert comes up. I have run the full check several times in the last month, but it comes up again. Edited March 5 by Marcos Links removed
Administrators Marcos 5,453 Posted March 5 Administrators Posted March 5 Please do not publicly disclose links to logs but drop me a personal message instead. I was unable to download the files without the need to request access.
Solution itman 1,802 Posted March 5 Solution Posted March 5 There's an older thread in the forum on a similar PowerShell malware. In this case, a rogue sub-directory was created in C:\Windows\System32: https://forum.eset.com/topic/32653-annoying-powershellagentaew-on-each-start-need-assitence/#elControls_152733_menu . In any case, diagnosis will be a bit involved. angeldust 1
angeldust 0 Posted March 6 Author Posted March 6 22 hours ago, Marcos said: Please do not publicly disclose links to logs but drop me a personal message instead. I was unable to download the files without the need to request access. Annoying, but Kaspersky (KVRT) solved my problem too. I still use ESET, but it was only a temporary solution. ITman, Thanks for the link! I am sad to see that the incident was almost 2 years ago. Since then ESET has failed to provide a solution to such a problem? Marcos, I look forward if you have other solutions or comments! Thanks essp_logs.zip
Administrators Marcos 5,453 Posted March 6 Administrators Posted March 6 1 hour ago, angeldust said: I am sad to see that the incident was almost 2 years ago. Since then ESET has failed to provide a solution to such a problem? The fact that there was a problem cleaning a specific PowerShell malware in the past does not mean that this is the very same case. Unfortunately the ELC logs were not collected with "All" or "Threat detection" template selected in the ELC menu so we cannot figure out the location of the malware. As you wrote, you have already removed the malware so any further logs will not help us. We would need especially the registry dump from an infected system.
angeldust 0 Posted March 6 Author Posted March 6 (edited) 3 hours ago, Marcos said: Az a tény, hogy a múltban probléma volt egy adott PowerShell kártevő tisztításával, nem jelenti azt, hogy ez ugyanaz az eset. Sajnos az ESET Log Collector naplók nem az ESET Log Collector menüben kiválasztott "Összes" vagy "Fenyegetés észlelése" sablonnal lettek gyűjtve, így nem tudjuk kideríteni a kártevő helyét. Ahogy írtad, már eltávolítottad a kártevőt, így a további naplók nem segítenek nekünk. Különösen a registry dumpra lenne szükségünk egy fertőzött rendszerből. The logs is from yesterday. The state before removal. Edited March 6 by angeldust
Administrators Marcos 5,453 Posted March 6 Administrators Posted March 6 As I wrote, the logs were not collected with "All" or "Threat detection" template selected in the ELC menu and therefore a registry dump was missing. Since you have removed the malware, new logs would not help.
Recommended Posts