Guided

Have you tried complete uninstall/reinstall Eset (with uninstall tool)? Sometimes that helps. I am using another vpn & that works most of the time, so I thought maybe Eset is not the problem. The only thing that was suspicious to me, was the three blockings (first post) immediately after hotspotshield run. Also check that you have tap-windows adapter v9 in your device manager, since many VPNs use it to connect.

I would like to add here that after uninstalling Eset, I still have this vpn problem. So Eset "may not" be the cause of this problem. Thanks

Thanks alot itman, I went through step 9 & also afew steps more, but it seems a long story, since when executing "netsh int ip reset logfile.txt" got "failed to reset" message & have to go through that too. Meanwhile I want you to know that this problem goes & comes, maybe for 1-2 weeks I have this vpn problem & it solves itself & again. Regarding Upnp, I noticed that "Enable UPnP protocol" is unchecked in my router settings, & I remember that ISP suggested to disable it to increase security(?). Thanks again Since you say its risky, & also abit confusing for me, I decided not to go for it.

HotspotShield

Yes, it's there.

I went to "Known Networks" and there was no entry for the vpn, neither eset asks me about it when I turn the vpn on. What is wrong here do you think?

Hi Marcos, I dont want to disable the firewall because I blocked 1-2 programs in the firewall, and dont want them to access the internet. Are these blockings normally set by default in Eset, or they are uncommon?

Hi itman, so why they appeared immediatley after turning vpn on?

Hi, after a long time having problems with my vpn connection, today I found out that Eset was blocking it all the time. I turned the vpn on then I went to troubleshooting wizard & saw 3 entries showed up there: Nt Kernel & System (Block incoming NetBios request) SSDP Discovery (svchost.exe) (Block incoming SSDP(UPNP) requests for svchost.exe) DNS client (svchost.exe) (Block incoming multicast DNS requests) Are these blockings set by default? I want to unblock them to allow my vpn, but not losing security. What should I do? Thanks

There is no uninstall for it, It should be done with virus scan (if it detects it). Thanks

Thank you.

Is there a way to remove the local proxy server myself if it didn't remove it, or to check if it exists?

Thanks itman, Many years ago I purchased the brand new pc with windows 7 pre-installed, then upgraded to windows 10 (for free), so windows is original. The only thing I doubt is that l borrowed it to my friend for a week, & he might have installed something like Office on it, & must have been uninstalled after, because now there is no office on it. I will scan it as you suggested, meanwhile I can disallow any suspicious request like kms connection broker in the firewall. Isn't it effective? or it's possible it can do its activity without my notice? Please let me know what is suspicious settings. Thanks

I went to the adlice site and installed its RogueKiller scanner, it found afew things, including Hotspot Shield (really a virus?), babylon and a Autokms folder containing 2 ini and log files. What should I do now? I think Eset itslef didn't detect these because I disabled "potentially unwanted applications".

No its not in that range. I don't understand your 2 last lines completely, but maybe I can find it out by going to router's settings? A few weeks ago I assigned a static ip address to one of my devices on my router network to control its bandwidth using. All other devices I think are dynamic ip.

None of the items in the list I got mentions ipv4, except last one which is my wifi ip address. The only address I see are physical addresses. What i did wrong?

When I get this outbound request my vpn is off. It tells the reputation is ok & discovered 2 weeks ago. But does that mean it confirms 10.3.0.20 (remote computer) is ok too?

Thanks itman, I don't think so, my windows 10 is original. Does existence of this process point out to crack software on system, or its request to connect to internet?

Hi, Kms connection broker (which appears to be safe file) wants to connect with ip 10.3.0.20 (which is a private ip). Generally I want to know if a legitimate program wants to connect to internet, should we check the site or ip it wants to connect to? Or since its legitimate program, we can trust it freely? Thanks

If all else on the pc is clean, so there should be no outside malicious component I assume? No it wasn't an attachment. But I think you are correct and it was detected for some text in its file name or something similar, I don't know.

This was also my question, anyway I ordered to remove it. My question is: If a antivirus can not see & detect inside a password protected file, if a virus exists in its content, is there any way that the virus can be initiated from the archive and do any harm? As long as it exists but has no way to come out and be effective, we can let it be there.

Sometimes I turn on Microsoft Defender for an on-demand scan, today it marked a password protected archive as infected with trojan. How it could see and scan its content? Thanks for the link to command line scan.

It seems that Internet Security can't scan password protected files (archives) when you do a on-demand scan. So what is the best way if you want to scan its content: 1) Extracting it to a folder on your hard disk. This is could be dangerous because if its content is infected, the virus can execute immediately. (Correct me if I am wrong) 2) Open it with Winrar and scan with a command there. For Eset, what command you should enter in Winrar? Thanks

Its been 2 days that error hasn't happened. I'm eager to know, is Eset able to send specific update to a specific pc, or all Eset users receive all updates without any exception?

Here is the file: (fortunately error happened just minutes after enabling logging)eis_logs.zip