Avak 0 Posted July 20 Posted July 20 Hello, I think that I acidently downloaded some malware (google also sent me "critical safety warning" about my email). ESET was warning me that sth is wrong with some files I downloaded, but I maneged to ignore that. Now when I'm trying to open ESET it's only poping for literaly half a second on task bar and then disapear. Do you have any idea how to fix that?
Administrators Marcos 5,451 Posted July 20 Administrators Posted July 20 Please provide: logs collected with ESET Log Collector a Procmon log from time when you attempt to open ESET's gui.
Avak 0 Posted July 20 Author Posted July 20 Logfile.raressp_logs.zip I hope that this is what U meant
Administrators Marcos 5,451 Posted July 20 Administrators Posted July 20 ESET's service is configured not to start automatically and is registered twice it the system for an unknown reason. The machine is infected. I'd recommend to: 1, Run a scan with ESET Online Scanner and clean detected threats (Win64/Kryptik.EDF trojan) 2, Reboot the machine 3, Uninstall ESET. Also run the ESET Uninstall tool in safe mode to make sure ESET is completely removed. 4, Install the latest version of ESET Smart Security Premium 17.2 from scratch.
Avak 0 Posted July 20 Author Posted July 20 I think it's registerd once, I just started it normally and then i tried to run it as administrator
Avak 0 Posted July 20 Author Posted July 20 I rebooted it many times, I'm gonna try the other things that U meant
Administrators Marcos 5,451 Posted July 20 Administrators Posted July 20 I stand corrected, the ekrn service is registered once. It was the other service "ESET Firewall Helper" with that path. Still, ekrn.exe is not running so please re-install ESET. The startup type was changed from "automatic" to "manual" for the service.
Administrators Marcos 5,451 Posted July 20 Administrators Posted July 20 A malicious file is still on the machine but is not running. Theoretically it should be enough just to change the startup type for "ESET Service" to "automatic" and reboot the machine:
Avak 0 Posted July 20 Author Posted July 20 WOW , IT STARTED. It was in automatic mode, but service status said that its stopped, so I cliced start from that window and its working
Administrators Marcos 5,451 Posted July 20 Administrators Posted July 20 Please make sure that it works after a reboot. Also make sure that self-defense is enabled in the advanced setup -> HIPS as it should not be possible to tamper with ekrn service settings.
Avak 0 Posted July 20 Author Posted July 20 I rebooted it twice and it's working, in HIPS everything is working. Do you think its mean that my problem is solved? It says max protection in main menu
Recommended Posts