RandomName96
-
Posts
4 -
Joined
-
Last visited
Posts posted by RandomName96
-
-
I wouldn't recommend leaving logging of all operations blocked by HIPS enabled; it serves for troubleshooting purposes when HIPS causes an issue with certain software.
Well , I only change core settings (rules , scanner settings , ThreatSense's Core settings etc.) , anyway , so should I set it to warnings , crtical or errors?
-
Prototype and LaunchGTAIV are pirated (However , that does not mean I will never by those games ), and WiseGameBooster is a legitimate program. However thanks for suggesting about rundll.exe. I thought ESET might allow anti-exploit so I didn't make a rule manually , anyway. Sorry for the amount of piracy , but I'm not in finacial state , even my own forum's software is MyBB and not something like XenForo or IPB.
Anyway , the results of rundll32.exe were clean I'm not aware of internat.exe , ESET's full scan is also clean.C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe
needs to be added to exclusions
C:\Users\Linux\Desktop\Prototype\prototypef.exe
needs to be added to exclusions or deleted, depending on threat level. Scan it at virustotal, and right click send to ESET for analysis
C:\Program Files\Wise\Wise Game Booster\WiseGameBooster.exe
Enable detection of PUPS and PUAS in ESET. I would remove and/or delete this Wisegamebooster
C:\Users\Linux\Desktop\GTA IV\Grand Theft Auto IV\GTAIV.exe
Add to exclusions if the game is not hooked by malware or pirated copy
C:\Windows\System32\rundll32.exe
Scan at Virustotal and or decypher the hash and make sure this rundll is legitimate and not a trojan.
C:\Users\Linux\AppData\Local\Temp\~nsu.tmp\Au_.exe Modify startup settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\NoExplorer allowed Learning mode
This is suspicious, clean your temp folders by deletion.
C:\Users\Linux\AppData\Roaming\uTorrent\uTorrent.exe Modify startup settings HKEY_USERS\S-1-5-21-3012067017-2217459130-425731381-1000\Software\Microsoft\Windows\CurrentVersion\Run\uTorrent allowed Learning mode
uTorrent is not a very good application to have installed on the system. This is only my opinion though, take it with a grain of salt.
C:\Windows\System32\taskhost.exe Modify startup settings HKEY_USERS\S-1-5-21-3012067017-2217459130-425731381-1000\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe allowed Learning mode
Suspicious, what is internat.exe ?
All the rest appears normal.
I suggest a full scan with ESET if you have not done so.
-
Hello all , this is my first thread. So far the community looks nice and promissing.
Anyway , so let's start at our problem. I just noticed at the HIPS logs , there were unusual things such as blocking access to registry by a windows program. I found it very suspicious cause I'm a security enthusiast. Even csrss.exe tried to modify ESET...I think I'm infected. Here's the whole log (attached)
Is it normal
in Malware Finding and Cleaning
Posted · Edited by RandomName96
I do not know anything about the "additional information" page..