Friday, February 26, 03:46
Home security The Eset AV Removal Tool is infected by ransomware

The Eset AV Removal Tool is infected by ransomware


The ransomware are a scourge of our time. They work by encrypting the files of the attacking system, so their victims do not have access to them. Then hackers ask for a ransom to give the key that decrypts the files. Many times they also give time to their victims, which, if passed, can lead to the deletion of the data. Some ransomware attacks can also infect devices on your LAN. However, hackers are not only targeting home networks and devices, but also companies, hospitals and other services.

Ransomware is evolving more and more over time. In 2016 a ransomware called "Dharma" appeared. In fact, thanks to the upgrades and additions that were made, it is still a big risk. THE Trend Micro recently discovered a new variant of ransomware that has attacked the Slovenian security company Eset and the Eset AV remover tool.

The attack took place via email, which appears to have come from Microsoft, and the message states that the victim's computer is in danger. The email then states that in order for the user to remain safe, a protection tool must be downloaded. The auto-export file is protected with the password "", which is mentioned in the email.

After downloading this security tool, an Eset AV remover user interface appears. However, along with the Eset tool, a sub-file with ransomware code is also run. The user is trying to install this tool, but in the background, ransomware encrypts the victim's files. A file extension * .ETH is added to the affected files.

Finally, there is a ransomware message that informs the victim that his files are encrypted and has to pay to decipher them, with instructions on how the user can contact the attackers to pay the ransom they were asked for .

As for the AV Eset remover, it does not matter if this tool starts or installs successfully, it's just a trick to conceal the ransomware activity. The encryption process is independent of the installation status of this tool.

Eset AV remover is a tool for quick and easy uninstallation of antivirus software on a computer. In this case, the "Dharma" and the Eset tool run simultaneously. The installer of the tool is waiting for the user interaction, but "Dharma" is already encrypting files, so there is no way to uninstall the security software first and then start encrypting the files.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Wear OS: The phrase "OK Google" has not worked for months

The Wear OS smartwatch suddenly stopped responding to the "OK Google" command, do not worry you are not the only one experiencing this ...

Telegram: Automatically deletes messages with a timer

Telegram releases a new update for the iOS and Android application that brings features such as automatic deletion of messages, chat widget ...

Google is funding two developers to focus on Linux security

Linux is more secure than most operating systems, but that does not mean that its security can be taken for granted ....

AI can write a university paper in 20 minutes

AI can do many things extremely well. Something that can do relatively well is to write a university ...

Kali Linux 2021.1 has been released with new features!

Kali Linux closed last year with the release of v2020.4. The manufacturer Offensive Security has now announced a new ...

NASA's Perseverance sends new image from landing on Mars

One of the most important achievements in space exploration in recent years is the landing of the Perseverance rover on its surface ...

Google: Switch to the new Pay app to access it

Last year, the Google Pay application released a new updated interface, however many users did not choose it and remained in the old one, since they had ...

US Federal Reserve: Where does the shutdown come from?

On February 24, the US Federal Reserve (FED) suffered extensive interruptions in many of its payment services, including a system in which ...

USA: SolarWinds hackers "hit" NASA and FAA!

NASA and the US Federal Aviation Administration (FAA) have been cyber-attacked by hackers who "hit" SolarWinds, according to a report ...

Australia: Facebook and Google will pay for the news

We have recently witnessed a dispute between Facebook and Australia over news content on the platform. And...