Eset Smart Security blocking weird URLS

Discussion in 'ESET Smart Security' started by Tamar, Jun 25, 2010.

Thread Status:
Not open for further replies.
  1. Tamar

    Tamar Registered Member

    Joined:
    Jun 25, 2010
    Posts:
    2
    I seem to have the problem described in https://www.wilderssecurity.com/showthread.php?t=271623. That is, Smart Security is popping up a lot of messages that some very weird URLs are being blocked. (I think blocked is the good news here.) This just started last night.

    In addition, when I returned from lunch today, the CPU was running at or around 100%. (That's what started me searching for solutions.) Based on the message I linked above, I downloaded and ran Hitman Pro. It indicated it saw traces of a rootkit, but didn't remove it. It did find lots of cookies, which I let it delete, and indicated that CSRSS.EXE was malware, but a search and a check of the filesize seem to indicate that it was the right size. IAC, I didn't allow it to be deleted.

    I'm running Malwarebytes Anti-malware now, but wondering what else I should be doing.

    As a complication, I have a fairly new (10 days) Windows Mobile 6.5 phone which was synced with the machine in question since this began. I'm wondering whether I'll need to do something to clean it up as well.

    Any recommendations would be appreciated.

    Tamar
     
  2. Tamar

    Tamar Registered Member

    Joined:
    Jun 25, 2010
    Posts:
    2
    More info. MBAM didn't find anything.

    I restarted the machine (on general principles) and Hitman Pro ran again. This time, it identified rasacd.sys as a rootkit and I elected to let it remove the file. When I rebooted after that, Hitman Pro didn't find any problems.

    So the only open question I have at the moment is whether my Windows-based phone needs attention.

    Thanks,
    Tamar
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Detection of Rasacd.sys could be false positive as most likely it is a "Remote Access Auto Connection" driver. I'd suggest uploading it to Virus Total (www.virustotal.com) to see how many antivirus vendors detect it. I'd suggest contacting customer care and providing them a log from SysInspector for perusal. You could also create a rescue cd and run a full scan of your disks.
     
Thread Status:
Not open for further replies.