ESET is flagging hundreds of legitimate system32 processes as malware and running my computer unusable

[FF04 0]

Today I was using my PC when, out of the blue, I get an ESET notification stating that a threat "Roseta.ABC" had been found in a file and I needed to reboot. So I did, and everything went normal until I logged in and all I could see was an empty black screen. Eventually, after many forced reboots , I was back in windows. Opened up the logs and I have 229 detections of legitimate programs, with more coming in every minute or so. How do I fix this? Just exclude System32 from my scans? PS: Can't add image links for some reason

[Marcos 5,157]

Could you please provide logs collected with ESET Log Collector or at least a screenshot of what was detected and a full detection name? We don't have any "Roseta.ABC" detection.

[FF04 0]

I tried adding screenshots to the original post but it didn't work for some reason. First of all, I misread, it's rosena.abc. Here's a screenshot of what the log files look like. The log is too big to add here, so here's the link: https://drive.google.com/file/d/1C4Y3GOEWERAUDjmMhpc0kuBitjik2hFp/view?usp=sharing

[Nico Honisch 0]

Hello, I have the same problem. Its permanently showing notifications and the info that it got cleared. Restarts do not help. Its always saying the RAM is infected and clears the malware, but its coming back

The name is " ROZENA.ABC "- not Rozeta or Rosena...

 

Edited June 19 by Nico Honisch

[Marcos 5,157]

The threat is not detected on the disk because you have excluded the whole folder C:\Windows\System32 which is where malware typically resides in. Please remove both performance exclusions, run a disk scan and finally reboot the machine.

[Marcos 5,157]

1 minute ago, Nico Honisch said:

Hello, I have the same problem. Its permanently showing notifications and the info that it got cleared. Restarts do not help. Its always saying the RAM is infected and clears the malware, but its coming back

The name is " ROZENA.ABC "- not Rozeta or Rosena...

Please provide logs collected with ESET Log Collector.

[rogodra 0]

I'm the same, for no apparent reason all of a sudden about half an hour ago two PC's at home started showing virus detection, endlessly showing a poster to restart the PC, you restart and the problem continues.

The only option to get the PC going is by uninstalling ESET, and Windows Defender doesn't detect anything, Malwarebytes doesn't find anything either.

 

log_eset.txt

[FF04 0]

I only removed the System32 folder as a way to try to fix the issue, not previously, but sure, I'll try

 

[Nico Honisch 0]

Its the device from my boss. Its close to finished. I send it asap

Edit: i added it here. 

 

ees_logs.zip

Edited June 19 by Nico Honisch

[Marcos 5,157]

Ok, it turned out to be a false positive which has been fixed in the mean time. The threat was detected in memory in running processes and no file should have been removed from the disk.

[Nico Honisch 0]

OK I thought so, because it didnt do any damage or slowing down until now. 

Thank you for the instant support!! 

So it will patched with signatures in a few minutes, or how does that work?

 

[FF04 0]

It still isn't fixed on my side

 

[rogodra 0]

42 minutes ago, Marcos said:

Ok, it turned out to be a false positive which has been fixed in the mean time. The threat was detected in memory in running processes and no file should have been removed from the disk.

Hello, the problem is not solved.

For my part I have found where the error lies, I have been using the open source program Windhawk for a long time to make certain visual modifications to the system. If I disable the program at system startup the problems with Eset end.

I wish I could use Windhawk as it makes my productivity so much easier. Now Eset has decided to block these functionalities for me. I would like a solution to this problem, if not I will have to choose between Eset or Windhawk, and I think I will choose the second option.

[Marcos 5,157]

You can create a detection exclusion with the detection name excluded while an update addressing the FP is being prepared.

[TimBozo 0]

10 minutes ago, rogodra said:

Hello, the problem is not solved.

For my part I have found where the error lies, I have been using the open source program Windhawk for a long time to make certain visual modifications to the system. If I disable the program at system startup the problems with Eset end.

I wish I could use Windhawk as it makes my productivity so much easier. Now Eset has decided to block these functionalities for me. I would like a solution to this problem, if not I will have to choose between Eset or Windhawk, and I think I will choose the second option.

Windhawk all good here and no more warnings popping up

[rogodra 0]

The latest update fixes the problem. Thanks for solving the problem so quickly.