FF04 0 Posted June 19 Posted June 19 Today I was using my PC when, out of the blue, I get an ESET notification stating that a threat "Roseta.ABC" had been found in a file and I needed to reboot. So I did, and everything went normal until I logged in and all I could see was an empty black screen. Eventually, after many forced reboots , I was back in windows. Opened up the logs and I have 229 detections of legitimate programs, with more coming in every minute or so. How do I fix this? Just exclude System32 from my scans? PS: Can't add image links for some reason
Administrators Marcos 5,450 Posted June 19 Administrators Posted June 19 Could you please provide logs collected with ESET Log Collector or at least a screenshot of what was detected and a full detection name? We don't have any "Roseta.ABC" detection.
FF04 0 Posted June 19 Author Posted June 19 I tried adding screenshots to the original post but it didn't work for some reason. First of all, I misread, it's rosena.abc. Here's a screenshot of what the log files look like. The log is too big to add here, so here's the link: https://drive.google.com/file/d/1C4Y3GOEWERAUDjmMhpc0kuBitjik2hFp/view?usp=sharing
Nico Honisch 0 Posted June 19 Posted June 19 (edited) Hello, I have the same problem. Its permanently showing notifications and the info that it got cleared. Restarts do not help. Its always saying the RAM is infected and clears the malware, but its coming back The name is " ROZENA.ABC "- not Rozeta or Rosena... Edited June 19 by Nico Honisch
Administrators Marcos 5,450 Posted June 19 Administrators Posted June 19 The threat is not detected on the disk because you have excluded the whole folder C:\Windows\System32 which is where malware typically resides in. Please remove both performance exclusions, run a disk scan and finally reboot the machine.
Administrators Marcos 5,450 Posted June 19 Administrators Posted June 19 1 minute ago, Nico Honisch said: Hello, I have the same problem. Its permanently showing notifications and the info that it got cleared. Restarts do not help. Its always saying the RAM is infected and clears the malware, but its coming back The name is " ROZENA.ABC "- not Rozeta or Rosena... Please provide logs collected with ESET Log Collector.
rogodra 0 Posted June 19 Posted June 19 I'm the same, for no apparent reason all of a sudden about half an hour ago two PC's at home started showing virus detection, endlessly showing a poster to restart the PC, you restart and the problem continues. The only option to get the PC going is by uninstalling ESET, and Windows Defender doesn't detect anything, Malwarebytes doesn't find anything either. log_eset.txt
FF04 0 Posted June 19 Author Posted June 19 I only removed the System32 folder as a way to try to fix the issue, not previously, but sure, I'll try
Nico Honisch 0 Posted June 19 Posted June 19 (edited) Its the device from my boss. Its close to finished. I send it asap Edit: i added it here. ees_logs.zip Edited June 19 by Nico Honisch
Administrators Solution Marcos 5,450 Posted June 19 Administrators Solution Posted June 19 Ok, it turned out to be a false positive which has been fixed in the mean time. The threat was detected in memory in running processes and no file should have been removed from the disk. Nico Honisch 1
Nico Honisch 0 Posted June 19 Posted June 19 OK I thought so, because it didnt do any damage or slowing down until now. Thank you for the instant support!! So it will patched with signatures in a few minutes, or how does that work?
rogodra 0 Posted June 19 Posted June 19 42 minutes ago, Marcos said: Ok, it turned out to be a false positive which has been fixed in the mean time. The threat was detected in memory in running processes and no file should have been removed from the disk. Hello, the problem is not solved. For my part I have found where the error lies, I have been using the open source program Windhawk for a long time to make certain visual modifications to the system. If I disable the program at system startup the problems with Eset end. I wish I could use Windhawk as it makes my productivity so much easier. Now Eset has decided to block these functionalities for me. I would like a solution to this problem, if not I will have to choose between Eset or Windhawk, and I think I will choose the second option.
Administrators Marcos 5,450 Posted June 19 Administrators Posted June 19 You can create a detection exclusion with the detection name excluded while an update addressing the FP is being prepared.
TimBozo 0 Posted June 19 Posted June 19 10 minutes ago, rogodra said: Hello, the problem is not solved. For my part I have found where the error lies, I have been using the open source program Windhawk for a long time to make certain visual modifications to the system. If I disable the program at system startup the problems with Eset end. I wish I could use Windhawk as it makes my productivity so much easier. Now Eset has decided to block these functionalities for me. I would like a solution to this problem, if not I will have to choose between Eset or Windhawk, and I think I will choose the second option. Windhawk all good here and no more warnings popping up
rogodra 0 Posted June 19 Posted June 19 The latest update fixes the problem. Thanks for solving the problem so quickly.
Recommended Posts