stackz
-
Posts
404 -
Joined
-
Last visited
-
Days Won
19
Kudos
-
stackz received kudos from Nightowl in PowerShell/TrojanDownloader.Agent.ETC on virustotal link
I can reproduce this. When you go to the VT page you are actually landing on the behavior page and ESET is picking up on some of the displayed Powershell script parts. See example pics below. So essentially there's no live malware to get infected from.
At VT:
In cache:
-
stackz received kudos from peteyt in PowerShell/TrojanDownloader.Agent.ETC on virustotal link
I can reproduce this. When you go to the VT page you are actually landing on the behavior page and ESET is picking up on some of the displayed Powershell script parts. See example pics below. So essentially there's no live malware to get infected from.
At VT:
In cache:
-
stackz received kudos from itman in PowerShell/TrojanDownloader.Agent.ETC on virustotal link
I can reproduce this. When you go to the VT page you are actually landing on the behavior page and ESET is picking up on some of the displayed Powershell script parts. See example pics below. So essentially there's no live malware to get infected from.
At VT:
In cache:
-
-
stackz received kudos from New_Style_xd in Comodo Webiste Compromised??
By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).
-
stackz received kudos from el el amiril in Comodo Webiste Compromised??
By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).
-
stackz received kudos from el el amiril in Suspicious startup app
That entry is a leftover from a removed app that was located in one of the Program Files folders, Download Autoruns.
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
Extract Autoruns64.exe and right click run as administrator. Accept the EULA. When it finishes scanning, select the Logon tab, the entry will be highlighted in yellow. Right click on the entry and delete it.
-
stackz received kudos from secured2k in Strange behavior after updating Microsoft Edge to Version 110
It's "Enable protected website redirection" that causes it.
-
stackz received kudos from peteyt in Strange behavior after updating Microsoft Edge to Version 110
It's "Enable protected website redirection" that causes it.
-
stackz received kudos from Tonyset in Strange behavior after updating Microsoft Edge to Version 110
It's "Enable protected website redirection" that causes it.
-
stackz received kudos from micasayyo in Event ID=1108
It's definitely not ESET. The ID 1108 entries persist with ESET removed.
-
stackz received kudos from Aryeh Goretsky in html/Refresh.BC trojan alert when typing 192.168.1.254
It's just Chrome preloading links from the search results. I get the same thing happen when Google searching the same address with MS Edge.
-
stackz received kudos from itman in Eset and Task manager conflict or bug?
Rebuild the performance counters:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/manually-rebuild-performance-counters
Create a new data collector set by running performance monitor. The process is similar to the following guide, just select all the GPU related performance counters.
https://help.tableau.com/current/server/en-us/perf_collect_perfmon.htm
I don't believe this problem has anything to do with ESET, as the problem is affecting a far wider audience. Doing the above procedure worked for me.
-
stackz received kudos from jkk in Eset and Task manager conflict or bug?
Rebuild the performance counters:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/manually-rebuild-performance-counters
Create a new data collector set by running performance monitor. The process is similar to the following guide, just select all the GPU related performance counters.
https://help.tableau.com/current/server/en-us/perf_collect_perfmon.htm
I don't believe this problem has anything to do with ESET, as the problem is affecting a far wider audience. Doing the above procedure worked for me.
-
stackz received kudos from Vivdik in Eset and Task manager conflict or bug?
Rebuild the performance counters:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/manually-rebuild-performance-counters
Create a new data collector set by running performance monitor. The process is similar to the following guide, just select all the GPU related performance counters.
https://help.tableau.com/current/server/en-us/perf_collect_perfmon.htm
I don't believe this problem has anything to do with ESET, as the problem is affecting a far wider audience. Doing the above procedure worked for me.
-
stackz received kudos from Mr_Frog in HIPS Serious Problem!!!
It just seems rather ridiculous, that if I have for example, C:\1\2\3\protected_file.txt
If I make a rule to prevent modification of any file in 3, I also need to make a similar rule for 1 and 2 in case either 1 or 2 get renamed.
-
stackz received kudos from howardagoldberg in Question about detection engine
I know that here in Australia, I hadn't had an update from 23048 to 23049 for around six hours when I turned my PC off for the night.
At that stage, 23049 had been listed at Virus Radar for quite some time. So I definitely think this was more wide spread than ESET realized.
-
stackz received kudos from migs_k in can I ask where to locate these windows "updates"
Win 10 version upgrade logs.
Every Win 10 installation has the same unknown user.
-
stackz received kudos from Nightowl in can I ask where to locate these windows "updates"
Yes, every user session the services will be created with a different hex number suffix.
-
stackz received kudos from migs_k in can I ask where to locate these windows "updates"
All those services are fine, they are just Windows 10 Per-user services:
Per-user services in Windows 10 and Windows Server - Windows Application Management | Microsoft Docs
-
stackz received kudos from migs_k in can I ask where to locate these windows "updates"
Yes, every user session the services will be created with a different hex number suffix.
-
stackz received kudos from pecelot in Automatic updates/scans and a weak laptop
Open the GUI and press Setup -> Computer protection -> Gamer mode
-
stackz received kudos from BALTAGY in HIPS problem
It should work if you change your specific files path to C:\Users\BALTAGY\Desktop\*.*
-
stackz gave kudos to tommy456 in B&PP not working Firefox 70
Working ok for me here win 7 x64 ,same browsers /version and module
-
stackz gave kudos to itman in B&PP not working Firefox 70
Works fine for me with BPP module 1166 and FF 70.0.1 on Win 10: