New Posts  All Forums:Forum Nav:

ESet Virus

post #1 of 9
Thread Starter 
How many other people have noticed something akin to the name I gave this thread going on in the last few days? My wife got this and now my future sister-in-law seems to have the same thing. Both are avid Facebook users who haven't the slighest idea what they are doing so look out for your family and friends having this problem as well. I'm also sure at least my wife was using IE so it may be only an IE problem.

What apparently happened is they get infected with something called "eset.exe" or similar since I didn't bother writing it down. Every browser application is wiped from the computer in the process. My wife uses Vista and lost Chrome (forget which version), Firefox 3.6, and IE 8. She had Avast installed but the problem wasn't caught until I ran a full system scan and IE 9 was added via Winows Update.

By the way, update only added IE9 64-bit, is there a way to get 32-bit as well? The installer seemed to throw a fit when I tried.
My giant
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 lapped Asus P5n32-E 680i GeForce 9800GT 512MB 2x1GB (unused ATM) & 2x2Gb Corsair XMS2 PC6400 
Hard DriveOSMonitorPower
WDJS SATA-II 160GB + WD80GB + WDAAKS Raid0 320GB Aperature FSII 19" LCD Apevia DarkSide 600W 
Case
NZXT Zero 
  hide details  
Reply
My giant
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 lapped Asus P5n32-E 680i GeForce 9800GT 512MB 2x1GB (unused ATM) & 2x2Gb Corsair XMS2 PC6400 
Hard DriveOSMonitorPower
WDJS SATA-II 160GB + WD80GB + WDAAKS Raid0 320GB Aperature FSII 19" LCD Apevia DarkSide 600W 
Case
NZXT Zero 
  hide details  
Reply
post #2 of 9
Eset is actually one of the best, if not best, Antiviruses on the market, look.

That's probably what it's trying to impersonate, I know nothing about the virus itself (if that's what it is), though.
    
CPUMotherboardGraphicsRAM
3570k GA-Z77MX-D3H Palit Jetstream 680 4GB 4 X 2GB G.Skill Ripjaws X (1600MHz/CAS8 @ 1.5v) 
Hard DriveCoolingOSMonitor
60GB Corsair Force + 2TB RAID0 + 500GB Antec Kühler 620 w/AP-14 Windows 7 Professional x64 Dell U2711 (2560 x 1440) 
KeyboardPowerCaseMouse
Filco Majestouch (MX Blues) Corsair HX650 Lian Li PC-U6B Razer Deathadder 3.5G 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
3570k GA-Z77MX-D3H Palit Jetstream 680 4GB 4 X 2GB G.Skill Ripjaws X (1600MHz/CAS8 @ 1.5v) 
Hard DriveCoolingOSMonitor
60GB Corsair Force + 2TB RAID0 + 500GB Antec Kühler 620 w/AP-14 Windows 7 Professional x64 Dell U2711 (2560 x 1440) 
KeyboardPowerCaseMouse
Filco Majestouch (MX Blues) Corsair HX650 Lian Li PC-U6B Razer Deathadder 3.5G 
  hide details  
Reply
post #3 of 9
Thread Starter 
Quote:
Originally Posted by SmokinWaffle View Post
Eset is actually one of the best, if not best, Antiviruses on the market, look.

That's probably what it's trying to impersonate, I know nothing about the virus itself (if that's what it is), though.
I know what the real Eset is. This is definently an impersonation as Avast found only 2 files. Just can't think of a better name for it.

Edit: By the way this shouldn't be a situation where they agreed to instal the product unless they did it by accident.
Edited by Kirmie - 4/28/11 at 10:25am
My giant
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 lapped Asus P5n32-E 680i GeForce 9800GT 512MB 2x1GB (unused ATM) & 2x2Gb Corsair XMS2 PC6400 
Hard DriveOSMonitorPower
WDJS SATA-II 160GB + WD80GB + WDAAKS Raid0 320GB Aperature FSII 19" LCD Apevia DarkSide 600W 
Case
NZXT Zero 
  hide details  
Reply
My giant
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 lapped Asus P5n32-E 680i GeForce 9800GT 512MB 2x1GB (unused ATM) & 2x2Gb Corsair XMS2 PC6400 
Hard DriveOSMonitorPower
WDJS SATA-II 160GB + WD80GB + WDAAKS Raid0 320GB Aperature FSII 19" LCD Apevia DarkSide 600W 
Case
NZXT Zero 
  hide details  
Reply
post #4 of 9
Quote:
Originally Posted by Kirmie View Post
How many other people have noticed something akin to the name I gave this thread going on in the last few days? My wife got this and now my future sister-in-law seems to have the same thing. Both are avid Facebook users who haven't the slighest idea what they are doing so look out for your family and friends having this problem as well. I'm also sure at least my wife was using IE so it may be only an IE problem.

What apparently happened is they get infected with something called "eset.exe" or similar since I didn't bother writing it down. Every browser application is wiped from the computer in the process. My wife uses Vista and lost Chrome (forget which version), Firefox 3.6, and IE 8. She had Avast installed but the problem wasn't caught until I ran a full system scan and IE 9 was added via Winows Update.

By the way, update only added IE9 64-bit, is there a way to get 32-bit as well? The installer seemed to throw a fit when I tried.
hi
A av is useless after a infection. Its a prevention and it can't do much after a infection.

please download the following and post the log here

http://www.trendmicro.com/ftp/produc...HijackThis.msi
post #5 of 9
Quote:
Originally Posted by Kirmie View Post
I know what the real Eset is. This is definently an impersonation as Avast found only 2 files. Just can't think of a better name for it.

Edit: By the way this shouldn't be a situation where they agreed to instal the product unless they did it by accident.
no. If your using a single user/admin account whatever you click on has got admin rights to your system and doesn't need anything to install. Most malware elevate themselves with UAC.
post #6 of 9
make sure ESET is not in their install programs before you start thinking its a virus. hahaha

use malwarebytes to clean your pc, its most definitely a trojan.http://www.malwarebytes.org/
Edited by damninhell - 4/28/11 at 11:49am
ORION
(13 items)
 
  
CPUMotherboardGraphicsRAM
phenom II 965 x4 ASUS Crosshair V Formula msi gtx 570 OC ED. Corsair vengeance 8GB 1600mhz 
Hard DriveOptical DriveOSMonitor
2xc300raid0 1tbf3 1tbx2black caviar 1tbgreen Samsung SH-S223L <3 windows 7 ultimate 64x LG IPS236 viewsonic 24" vs12324 1920x1080 
KeyboardPowerCaseMouse
Logitech Dinovo CoolerMaster silent Pro Gold 1000w Silverstone TJ05 Customized Logitech G500 
Mouse Pad
Family photos 
  hide details  
Reply
ORION
(13 items)
 
  
CPUMotherboardGraphicsRAM
phenom II 965 x4 ASUS Crosshair V Formula msi gtx 570 OC ED. Corsair vengeance 8GB 1600mhz 
Hard DriveOptical DriveOSMonitor
2xc300raid0 1tbf3 1tbx2black caviar 1tbgreen Samsung SH-S223L <3 windows 7 ultimate 64x LG IPS236 viewsonic 24" vs12324 1920x1080 
KeyboardPowerCaseMouse
Logitech Dinovo CoolerMaster silent Pro Gold 1000w Silverstone TJ05 Customized Logitech G500 
Mouse Pad
Family photos 
  hide details  
Reply
post #7 of 9
Thread Starter 
Quote:
Originally Posted by Spooony View Post
hi
A av is useless after a infection. Its a prevention and it can't do much after a infection.

please download the following and post the log here

http://www.trendmicro.com/ftp/produc...HijackThis.msi
Quote:
Originally Posted by damninhell View Post
make sure ESET is not in their install programs before you start thinking its a virus. hahaha

use malwarebytes to clean your pc, its most definitely a trojan.http://www.malwarebytes.org/
Way ahead of you two on this. I posted more as a look out for this stupid thing going on. There was a whole lot of nothing in HijackThis. I'm guessing the whole point was to make people freak out and think they have a virus and start using the exe that was inserted. I mean they way it went about everything was so lazy. It looks like it just deleted the exe for each browser individually.
My giant
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 lapped Asus P5n32-E 680i GeForce 9800GT 512MB 2x1GB (unused ATM) & 2x2Gb Corsair XMS2 PC6400 
Hard DriveOSMonitorPower
WDJS SATA-II 160GB + WD80GB + WDAAKS Raid0 320GB Aperature FSII 19" LCD Apevia DarkSide 600W 
Case
NZXT Zero 
  hide details  
Reply
My giant
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6600 lapped Asus P5n32-E 680i GeForce 9800GT 512MB 2x1GB (unused ATM) & 2x2Gb Corsair XMS2 PC6400 
Hard DriveOSMonitorPower
WDJS SATA-II 160GB + WD80GB + WDAAKS Raid0 320GB Aperature FSII 19" LCD Apevia DarkSide 600W 
Case
NZXT Zero 
  hide details  
Reply
post #8 of 9
A bit of advice for the future. The best way to avoid a low technical user getting infected in the future is using a tiered approach. There are many programs out there designed to run alongside an AV to help bolster defense, and are well worth it. most of them are hands off once they are set, but help a lot.

Keep avast! It's a wonderful AV. If you don't feel comfortable with it after it missed that one piece of malware, feel free to use Avira anti-virus.

Have them switch to Chrome

Install Prevx Safeonline Free alongside your AV

Install NortonDNS (block malware sites)

Install these two browser plugins:
WOT
AdBlock with a subscription to Malware Domains

Optionally pay for and install Hitman Pro 3 and tell it to scan on boot

If they do banking and shopping on their computer I would really recommend paying for software to help them avoid getting their information stolen by keyloggers. You can either pay for the full Prevx safeonline functionality, or pay for a lifetime liscense for KeyScrambler Premium, which will protect not just everything typed while online, but everything typed into all software.
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #9 of 9
Quote:
Originally Posted by Kirmie View Post
Way ahead of you two on this. I posted more as a look out for this stupid thing going on. There was a whole lot of nothing in HijackThis. I'm guessing the whole point was to make people freak out and think they have a virus and start using the exe that was inserted. I mean they way it went about everything was so lazy. It looks like it just deleted the exe for each browser individually.
yes but with hijacck this you won't see anything unless you really know how to analyze it. All is not showing on top. Do you know how to read and look at the log? That's why I asked you to post it so I can point out if there's any problems.

Also get out of the admin account or single user account. Your surfing the internet with admin rights. Beyond a link and new script malware there's nothing protecting your system and its settings. you can also add spyware blaster to lucido's applications to protect your system settings and your cookies.
Edited by Spooony - 4/28/11 at 8:59pm
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security