snlehton

I agree. Even if the malware isn't malicious (read files, keylogger, ransomware etc), I'd really really appreciate virus software telling me that there is something in your system that you probably didn't intend to have there in the first place. I have paid for ESET to have a peace of mind when it comes to viruses and other malicious attacks, and having something like this _not_ detected by ESET simply is quite disappointing and leaves me thinking what else it is missing.

netutils2016.sys and netutils2016.dll were still present after the system restore, I removed them in safemode. Problem seems to have disappeared. I have no idea where that driver came from. I haven't installed anything on the machine except software from reliable sources. Will keep close eye on it for now.

1. & 2. Yes. The file was C:\Windows\System32\winlogon.exe, and I verified it with Process Explorer 3. The winlogon.exe had no parents, but two childs fontdrvhost.exe and dwm.exe Incidentally I needed to restore to an older system restore point because I messed ESET HIPS settings and whole computer became unusable slow. After the system restore the problem had disappeared. At least for now...

Where do I send them? It's pretty big. EDIT: Also it contains tons of identifiable information like the whole Windows registry. Definitely not going to post it publicly on the net... is there are some secure way to go forward with ESET staff about this?

I'm getting these kind of events in Filtered websites list (I've masked out the identifiable data): hxxp://config.laxmbgaqm.com/config?uid=[XXX]&version=1.1.0.0&source=zl.sild&prod=netutils&rts=[XXX]&cts=[XXX] hxxp://config.laxmbgaqm.com/update?uid=[XXX]&version=1.1.0.0&source=zl.sild&prod=netutils hxxp://log.laxmbgaqm.com/log?evt=visit&uid=[XXX]&version=1.1.0.0&source=zl.sild&prod=netutils&ts=[XXX]&checksum=[XXX]&browserlist=iexplore.exe;chrome.exe;chrome.exe;firefox.exe;&seclist=NoneWindows Defender;ESET Internet Security;&defaultbrowser=firefox.exe&uuid2=[XXX]&mjv=10&mnv=0&buidn=[XXX]&arc=x64&rts=[XXX]&chassis=[XXX] These entries are appearing every minute or so. Any idea what is causing this? Obviously it looks bad, as it's listing the security apps installed on the device. ESET did not scan anything fishy in the system otherwise.

I have problem with Banking and Payment protection not working on Chrome 64-bit. It does work when used via Edge or if launched standalone (goes into Chrome), but not directly under Chrome. It used to work, but I don't know what has broken since. Chrome Version 52.0.2743.116 m (64-bit) Banking and Payment Protection module 1078 Windows 10 Home 1607 Build 14393.51 What could be the issue? Cheers, Sampsa