Jump to content

ESET is flagging hundreds of legitimate system32 processes as malware and running my computer unusable


Go to solution Solved by Marcos,

Recommended Posts

Posted

Today I was using my PC when, out of the blue, I get an ESET notification stating that a threat "Roseta.ABC" had been found in a file and I needed to reboot. So I did, and everything went normal until I logged in and all I could see was an empty black screen. Eventually, after many forced reboots , I was back in windows. Opened up the logs and I have 229 detections of legitimate programs, with more coming in every minute or so. How do I fix this? Just exclude System32 from my scans? PS: Can't add image links for some reason

  • Administrators
Posted

Could you please provide logs collected with ESET Log Collector or at least a screenshot of what was detected and a full detection name? We don't have any "Roseta.ABC" detection.

Posted (edited)

Hello, I have the same problem. Its permanently showing notifications and the info that it got cleared. Restarts do not help. Its always saying the RAM is infected and clears the malware, but its coming back

The name is " ROZENA.ABC "- not Rozeta or Rosena...

 

Edited by Nico Honisch
  • Administrators
Posted

The threat is not detected on the disk because you have excluded the whole folder C:\Windows\System32 which is where malware typically resides in. Please remove both performance exclusions, run a disk scan and finally reboot the machine.

  • Administrators
Posted
1 minute ago, Nico Honisch said:

Hello, I have the same problem. Its permanently showing notifications and the info that it got cleared. Restarts do not help. Its always saying the RAM is infected and clears the malware, but its coming back

The name is " ROZENA.ABC "- not Rozeta or Rosena...

Please provide logs collected with ESET Log Collector.

Posted

I'm the same, for no apparent reason all of a sudden about half an hour ago two PC's at home started showing virus detection, endlessly showing a poster to restart the PC, you restart and the problem continues.

The only option to get the PC going is by uninstalling ESET, and Windows Defender doesn't detect anything, Malwarebytes doesn't find anything either.

 

Snag_108d964.png

Snag_10e8fa.png

log_eset.txt

Posted

I only removed the System32 folder as a way to try to fix the issue, not previously, but sure, I'll try

 

Posted (edited)

Its the device from my boss. Its close to finished. I send it asap

Edit: i added it here. 

 

ees_logs.zip

Edited by Nico Honisch
  • Administrators
  • Solution
Posted

Ok, it turned out to be a false positive which has been fixed in the mean time. The threat was detected in memory in running processes and no file should have been removed from the disk.

Posted

OK I thought so, because it didnt do any damage or slowing down until now. 

Thank you for the instant support!! 

So it will patched with signatures in a few minutes, or how does that work?

 

Posted

It still isn't fixed on my side

 

Posted
42 minutes ago, Marcos said:

Ok, it turned out to be a false positive which has been fixed in the mean time. The threat was detected in memory in running processes and no file should have been removed from the disk.

Hello, the problem is not solved.

For my part I have found where the error lies, I have been using the open source program Windhawk for a long time to make certain visual modifications to the system. If I disable the program at system startup the problems with Eset end.

I wish I could use Windhawk as it makes my productivity so much easier. Now Eset has decided to block these functionalities for me. I would like a solution to this problem, if not I will have to choose between Eset or Windhawk, and I think I will choose the second option.

  • Administrators
Posted

You can create a detection exclusion with the detection name excluded while an update addressing the FP is being prepared.

Posted
10 minutes ago, rogodra said:

Hello, the problem is not solved.

For my part I have found where the error lies, I have been using the open source program Windhawk for a long time to make certain visual modifications to the system. If I disable the program at system startup the problems with Eset end.

I wish I could use Windhawk as it makes my productivity so much easier. Now Eset has decided to block these functionalities for me. I would like a solution to this problem, if not I will have to choose between Eset or Windhawk, and I think I will choose the second option.

Windhawk all good here and no more warnings popping up

Posted

The latest update fixes the problem. Thanks for solving the problem so quickly.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...