Do you know of any way I can report the incident to ESET?
That’s a good question. I guess e-mail or live chat support on their site would be how I would try. I don’t know of a specific reporting address.
Yeah I have an image so that's not an issue. I'm just hesitant to do it since I need to secure erase my SSD and the backup will write another 500GB to my SSD(they have limited write cycles). Let's see what our malware expert @TwinHeadedEagle has to say regarding my Farbar logs. I'll proceed according to his instructions.
I was thinking along the same lines. This leads ta a couple of questions then-
But the final analysis and explanation should be interesting, wherever it comes from.
Having remnants on appdata folder is something I've seen often specially in Google appdata folder since Chrome caches everything to that folder. But if those malwares make their way into the Windows folder then things start to get really serious. I don't know how those malwares ended up in the System32 folder. Heck I even have UAC to Notify Always.
Even Firefox warns for Winpatrol siteWinPatrol? outdated product, no updates since 2017
I'm even getting warning in my KTS2020 due to the outdated WebSite certificate (expired 14/02/2019):
Strange KIS didn't give me any warning for WinPatrol. Actually I just need a product that can monitor any changes in startup application and ask me if I want to allow or deny them. OSArmor does not seem to do that. Can you recommend me a product that can monitor startup? Can OSArmor or KIS be configured to monitor startup applications?WinPatrol? outdated product, no updates since 2017
I'm even getting warning in my KTS2020 due to the outdated WebSite certificate (expired 14/02/2019):
Now Brave and Chrome seem to block it. Yeah the product has not been updated since a looooong time.Even Firefox warns for Winpatrol site
)
www.novirusthanks.org
Will these rules ask when a startup application is added? Or will KIS just block the startup and notify me? BTW thanks a lot @harlan4096 for helping me to set up KIS. I'm using the 91 days trial right now and I'll buy the license when the trial expires.The warning I got was with FF67.0.1 x64...
I did not get the warning in main URL .com at 1st but I got it when I accesed to Products section...
About a program which monitors StartUp, KIS/KTS well tweaked can do that, also for Scheduled entries, for example I have this specific tweak in my KTS even for Trusted Application rules:
Here, You may change rules for different systems settings, and change them even for Trusted Applications, although You'll get warnings (I like them
An anti-executable will of course provide an additional layer but I doubt they will be able to stop these sophisticated malwares that drop payloads directly under Windows/System32 folders without even throwing up an UAC prompt. As far as I know, VoodooShield does not monitor any processes that are started from the Windows folder, so any malwares executing from that folder will easily bypass VS.Has anyone tried Smart Object Blocker by NoVirusThanks? Reading the description, it does sound like it requires a little work before it's up and running on one's system (rules creation). Anyone have a personal experience with it?
NoVirusThanks: Free Security Software & Cyber Security
Security software to protect your PC from malware. Security services for a safer Internet. Information Technology, Cyber Security and Security Solutions.
As to OSA, it seems there are multiple rules that could apply to the processes spawned by startup objects. Have you considered an anti-executable?
I truly agree with this. I uninstalled Winpatrol since I have no use of it now. KIS and OSArmor make a good combo I guess. I have OSArmor set up to Block schtasks and at.exe so that malware cannot schedule any tasks without my knowledge, although malware can still use the task scheduler I guess. I'll soon be buying and adding Sandboxie to run my browsers sandboxed always. The last infection really got me scared up.it looks like KIS is especially powerful, especially if one knows how to tweak it.
