Jump to content

stackz

ESET Insiders
  • Posts

    404
  • Joined

  • Last visited

  • Days Won

    19

Kudos

  1. Upvote
    stackz received kudos from Nightowl in PowerShell/TrojanDownloader.Agent.ETC on virustotal link   
    I can reproduce this. When you go to the VT page you are actually landing on the behavior page and ESET is picking up on some of the displayed Powershell script parts. See example pics below. So essentially there's no live malware to get infected from.
    At VT:

     
    In cache:

  2. Upvote
    stackz received kudos from peteyt in PowerShell/TrojanDownloader.Agent.ETC on virustotal link   
    I can reproduce this. When you go to the VT page you are actually landing on the behavior page and ESET is picking up on some of the displayed Powershell script parts. See example pics below. So essentially there's no live malware to get infected from.
    At VT:

     
    In cache:

  3. Upvote
    stackz received kudos from itman in PowerShell/TrojanDownloader.Agent.ETC on virustotal link   
    I can reproduce this. When you go to the VT page you are actually landing on the behavior page and ESET is picking up on some of the displayed Powershell script parts. See example pics below. So essentially there's no live malware to get infected from.
    At VT:

     
    In cache:

  4. Upvote
    stackz received kudos from peteyt in Eset's Password Manager issues   
  5. Upvote
    stackz received kudos from New_Style_xd in Comodo Webiste Compromised??   
    By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).
  6. Upvote
    stackz received kudos from el el amiril in Comodo Webiste Compromised??   
    By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).
  7. Upvote
    stackz received kudos from el el amiril in Suspicious startup app   
    That entry is a leftover from a removed app that was located in one of the Program Files folders, Download Autoruns.
    https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
    Extract Autoruns64.exe and right click run as administrator. Accept the EULA. When it finishes scanning, select the Logon tab, the entry will be highlighted in yellow. Right click on the entry and delete it.
  8. Upvote
    stackz received kudos from secured2k in Strange behavior after updating Microsoft Edge to Version 110   
    It's "Enable protected website redirection" that causes it.
  9. Upvote
    stackz received kudos from peteyt in Strange behavior after updating Microsoft Edge to Version 110   
    It's "Enable protected website redirection" that causes it.
  10. Upvote
    stackz received kudos from Tonyset in Strange behavior after updating Microsoft Edge to Version 110   
    It's "Enable protected website redirection" that causes it.
  11. Upvote
    stackz received kudos from micasayyo in Event ID=1108   
    It's definitely not ESET. The ID 1108 entries persist with ESET removed.
  12. Upvote
    stackz received kudos from Aryeh Goretsky in html/Refresh.BC trojan alert when typing 192.168.1.254   
    It's just Chrome preloading links from the search results. I get the same thing happen when Google searching the same address with MS Edge.
  13. Upvote
    stackz received kudos from itman in Eset and Task manager conflict or bug?   
    Rebuild the performance counters: 
    https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/manually-rebuild-performance-counters
    Create a new data collector set by running performance monitor. The process is similar to the following guide, just select all the GPU related performance counters.
    https://help.tableau.com/current/server/en-us/perf_collect_perfmon.htm
    I don't believe this problem has anything to do with ESET, as the problem is affecting a far wider audience. Doing the above procedure worked for me.
  14. Upvote
    stackz received kudos from jkk in Eset and Task manager conflict or bug?   
    Rebuild the performance counters: 
    https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/manually-rebuild-performance-counters
    Create a new data collector set by running performance monitor. The process is similar to the following guide, just select all the GPU related performance counters.
    https://help.tableau.com/current/server/en-us/perf_collect_perfmon.htm
    I don't believe this problem has anything to do with ESET, as the problem is affecting a far wider audience. Doing the above procedure worked for me.
  15. Upvote
    stackz received kudos from Vivdik in Eset and Task manager conflict or bug?   
    Rebuild the performance counters: 
    https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/manually-rebuild-performance-counters
    Create a new data collector set by running performance monitor. The process is similar to the following guide, just select all the GPU related performance counters.
    https://help.tableau.com/current/server/en-us/perf_collect_perfmon.htm
    I don't believe this problem has anything to do with ESET, as the problem is affecting a far wider audience. Doing the above procedure worked for me.
  16. Upvote
    stackz received kudos from Mr_Frog in HIPS Serious Problem!!!   
    It just seems rather ridiculous, that if I have for example, C:\1\2\3\protected_file.txt
    If I make a rule to prevent modification of any file in 3, I also need to make a similar rule for 1 and 2 in case either 1 or 2 get renamed.
  17. Upvote
    stackz received kudos from howardagoldberg in Question about detection engine   
    I know that here in Australia, I hadn't had an update from 23048 to 23049 for around six hours when I turned my PC off for the night.
    At that stage, 23049 had been listed at Virus Radar for quite some time. So I definitely think this was more wide spread than ESET realized.
  18. Upvote
    stackz received kudos from migs_k in can I ask where to locate these windows "updates"   
    Win 10 version upgrade logs.
     
    Every Win 10 installation has the same unknown user.
  19. Upvote
    stackz received kudos from Nightowl in can I ask where to locate these windows "updates"   
    Yes, every user session the services will be created with a different hex number suffix.
  20. Upvote
    stackz received kudos from migs_k in can I ask where to locate these windows "updates"   
    All those services are fine, they are just Windows 10 Per-user services:
    Per-user services in Windows 10 and Windows Server - Windows Application Management | Microsoft Docs
  21. Upvote
    stackz received kudos from migs_k in can I ask where to locate these windows "updates"   
    Yes, every user session the services will be created with a different hex number suffix.
  22. Upvote
    stackz received kudos from pecelot in Automatic updates/scans and a weak laptop   
    Open the GUI and press Setup -> Computer protection -> Gamer mode
  23. Upvote
    stackz received kudos from BALTAGY in HIPS problem   
    It should work if you change your specific files path to C:\Users\BALTAGY\Desktop\*.*
  24. Upvote
    stackz gave kudos to tommy456 in B&PP not working Firefox 70   
    Working ok for me here win 7 x64 ,same browsers /version and module
  25. Upvote
    stackz gave kudos to itman in B&PP not working Firefox 70   
    Works fine for me with BPP module 1166 and FF 70.0.1 on Win 10:

×
×
  • Create New...