PassingBy

I installed it separately years ago because my background screens wouldn't change It was signaled as PUA on several occasions on and off during these years. But this time ESET wouldn't let me work on my files to eventually i had to act on it.

Yes, but your notification kept blocking me from dragging files in File Explorer and i began to wonder what could BING have to do with an internal, offline process while trying to connect to the outside. So i cleaned it up eventually. I still do not understand why all these generally "online" processes intrude into the internal offline tasks on the machine. There is no need whatsoever for Bing to know what i move around into my laptop. Maybe i am wrong Thanks for the reference. E.

So, i was putting some order in my "Downloads" folder, and all of a sudden, each time i tried to drag and drop files into different folders, the process crashed and ESET showed the MSIL BING_C Pua notice. I ignored it but it became impossbile to use file explorer and drag file...mid-drag the notification would pop, the drag process would freeze and i had to click "Ignore" again. It all went into a loop until i clicked "Clean". I don't mind the cleanup, even if each time that happens, the active themes in my display and access window stop changing and everything becomes very boring. Are these MSIL BING_[LETTER] really a threat? Was Bing monitoring my operations in File Explorer when ESET triggered the notice? Why does that happen? What does BING have to do with my folder operations? Thanks for any insight. E

Sorry Marcos, i was late in seeing this. Connectivity seems more or less fine, except for moments of real slowdown and overheating. I suspect part of the initial slowness was due to the post-Quake issues in Taiwan. We had som 4g/5g issues for a few days after the quake. No disruptions, but slowdowns. I will keep monitoring and if further issues arise i'll post here again. Best. E.

My Internet remains slow with HTTTP/3 on or off. It's just not as it used to be. Works well with EIS disabled.

Thanks Marcos. Useful insights as usual. I retried this morning with both HTTP3 on and off and i see no signs of changes. On the positive side, the connection speed seems to be better. If it can help, we had a major quake here a few days ago and connectivity was never disrupted but speed did suffer at some points. I am mulling whether that is the issue rather than the update. I'll keep an eye on it and be back on this same thread if there is any news. Many thanks.

Many thanks. I will have a check. There are many suspicious files from Lenovo Vantage. They show with Wireshark and similar apps. I am not quite sure what to make of it all. I am just unhappy with the intruding tendencies of Lenovo apps.

So i am using mostly my mobile 4g for a while as i prepare to move to a different location. I had reasonable speeds so i didn't really worry about it. But as soon as i installed the latest EIS version my browsing experience on both mobile and laptop became incredibly slow. I also notice quite an increase in heat on the laptop. If i disable EIS, everything goes back to normal. Any clue on how to fix this? Thanks E.

Hi Nightowl, Thanks for the insights. Actually, Vantage was just updated and now the Energy/Battery section offers a lot more of data. The configuration on this Yoga does in such a way that Windows power management doesn't offer the same functions so i need to keep Vantage. I guess my next machine won't be a Lenovo.

As per headline. I ran a scan, which is still ongoing and instantly these two files popped up. C:\Drivers\OneKey Optimizer\setup.exe » INSTALLSHIELD » OneKey Optimizer.msi » MSI » ISSetupFile.SetupFile42 » INNO » {app}\bin\reaper_u.dll - a variant of Win32/Lenovo.G potentially unsafe application - action selection postponed until scan completion C:\Drivers\OneKey Optimizer\setup.exe » INSTALLSHIELD » OneKey Optimizer.msi » MSI » ISSetupFile.SetupFile42 » INNO » {app}\bin\reaper.dll - a variant of Win32/Lenovo.G potentially unsafe application - action selection postponed until scan completion Sole difference between the two seems the name "dll" and "u.dll" I think they're part of Lenovo Vantage, which i only use for power management but has lots of exe tasks ongoing on my machine, including some i never liked too much but keep going. Any advice? Thanks E.

Thanks Itman. I had read about it. Once i realized something was wrong i checked to see whether there were security notices about it and found out it was around since at least 2019. Both my laptops and mobile are working fine but this morning i noticed some email services on my mobile aren't synching. Access to most emails seems fine but i didn't check all accounts. I did change the password for the account i used to experiment with the Evite invitation minutes after testing it. Rechanged it once more one day later. But my email client on Android isn't synching (i had tried to open also through Android relying on the idea that the phishing threat was designed for Windows). Not clear whether there are issues caused by that specific action or whether a recent mail client update is causing the issue. The client update (third party app) occurred almost simultaneously.

I just did. Bit late but i got busy. Other people in a group received the same email, too. So the account was definitely hacked.

Hi everyone, First, i am aware this should be in another section but i put it here just as an appetizer of potential further investigation, which i hope is unnecessary. The story in short is this: 1) I received a fake Evite invitation from a well known contact. 2) Since i found it strange i sent him an email using the same account he used for the invitation (i have no other account) asking whether he had actually sent it (imagining a Man in the Middle thing). No reply. 3) Despite the suspicious activity, including the links etc., i gave it a shot with a secondary account i use. The result was a denied access in both cases, on both Edge (Outlook 365 automatic redirection, asking me to connect to Adobe cloud with one of my email accounts) and Firefox showing a 403 error. 4) I changed the password on my email account used to run the attempt. No other malicious behavior noticed. 5) Contacted Evite which confirmed the email is not from them and confirms the malicious nature of the email, advising me to clean up the data/cookies from all my browsers (all those used to executed activities on the email). Question: Any chance I am infected with something and ESET missed it? I can submit a copy of the email if necessary, but i'd prefer not to if possible. Thanks in advance for any insight. Rick

I can't quite get the changes. For a start i need 3 licenses, not 5. I may need a VPN but i don't surely need a password manager and the rest of the features. The prices are completely off. Why can't they just offer standard Internet Security + VPN for the number of licenses we need? I have 2 laptops and 1 mobile device. Why do i have to pay 2 extra licenses? Who is doing the marketing over there? Mickey Mouse?

The IP is reportedly my provider. It is Taiwan. That is one of the reasons why i have been posting more frequently of late. Geographic position and other factors, add up to the strange behaviors of machines and networks. If you recall i posted a while ago on strange IP behaviors. I still have those. I waste considerable amounts of time monitoring those. Last but not least, i have someone who tries daily to find the password of one of my email accounts through repeated attempts to login. He managed to open a Venmo account without being able to access my email and despite me deleting the confirmation emails i got from Venmo. He probably did through social engineering. Bottom line, i am having a quite stormy period with threats and when the AV behaves like that i like to know what is going on. I will skip the ticket. It's just too troublesome. But thanks for the feedback. E.

As to the ticket: 1) The log is too big to be uploaded. 2) As i was completing the process the below occurred. I guess i won't try a second time as it's too lenghty. Thanks in advance for any help you may provide based on the log.

There it is. Will re-try the ticket, too. Thanks eis_logs.zip

Thanks Marcos, Opening a ticket from the support gets me through the Knowledge Base and the usual drill and there seems to be no easy way to open a ticket with a human operator. I understand why it's done but it proves impossible to get to open a ticket fast. I wish it was just as easy as "Open a ticket" straight from the UI of ESET. I'd prefer not to upload in public here, if at all possible.

Done. Do you collect automatically?

Dear all, This just happened. Any clues? Also, earlier today i found two unknown users in the "Security" tab of the C drive. After checking the two SIDs i removed them. One didn't reappear, the other reappeared. ESET kept working also after a reboot and the issue below occurred randomly about 10 hours later, while watching videos. No other events detected. Thanks a lot for your help. Brief edit: This seems to be fixed, all alone. I'd still like to know whether the issue was on the ESET side. E.

Dear Itman, thanks for the kind explanation and for the time you devoted to this. Understood. Thanks a million. R.

I am not worried about ESET connections. I am investigating the IPv6 addresses in the screenshot below (often it is just one associated). Since they are set as private and no information is provided i think it's normal to express a degree of doubt on what they are doing in my machine. The second doubt is why EIS is not blocking them as instructed.

The question is: Why despite me setting rules for IPs and domains i want to block they still show among my connections? Is the firewall blocking or those rules are inefficient? Am i doing something wrong? If so what? Bottom line. How can i actually block IPs and Domains from EIS?

Hi Marcos Apparently the log is too big and won't let me upload it. Can you kindly clarify what part do you need? Thanks

Here is a screenshot of what i see. On the right (redacted IPs) you have the normal IPs...they're mostly fine and link directly to my router's IP On the left you see the others. That's today's. I have others for other days. I will try to drop a log later on but i think the screenshot is eloquent enough.