PassingBy

Will try to do it today if i have the time...I might have some screenshots somewhere...

I never said they were IPv4. I said i had, on a tree of connections departing from my router, a SEPARATE connection with an initial HEX IP which converted was something like 245.8.X.X towards 1 or in one case 2 shorter HEX addresses, which converted gave the same sort of result. So, once verified EIS doesn't take HEX addresses, i created a rule with the decimal version and blocked everything. They showed up again. Same happened when i went to block a domain (www.blablablablah.xx). It was still there a few weeks later. In the case of the web domain, i also made sure to investigate their IP range and make an ad hoc rule in the firewall for the whole IP range. They're still there showing on a sniffer similar to Wireshark i use.

Long story made short, Over the last months i have spotted several IP numbers that should not be there while all apps are closed on laptop and desktop machines. I also use the web blocking functions to block an entire domain and an IP range. However, today i ran another packet traffic check and i saw those IPs are back and alive. Firewall setup is simple - Deny - In-out all blocked - Local and Remote. - Warning They're still there What worries me is what seems a parallel connection separated from the tree of connections i see departing from my router and connecting between two hex IP numbers which i have converted and blocked. They disappeared for a while and they're back. Am i doing something wrong?

I wouldn't know what to say. The below is what i see now. The three atop were previously identified as "norman-mobi" and "reza.mobi. Previous occurrences were in January as you can see. Some are false positives. But norman.mobi and reza.mobi kicked in without me using the browser at all, they didn't look normal at all. ESET's notifications are ambiguous, too. They tell you something like "Click here to remove the notification" but they won't tell you if the threat has been blocked. You remove the notification and you don't know which webpage it was on a Firefox Mobile that has like 90 tabs sitting there...So you A) do not what what kicked it; B) Do not know which tab was exactly as you were not using mobile and browser at all. It just popped up. C) The UI does not clarify whether the threat is blocked or not. It just tells you to click and close the notification. The block only shows in the report as below. Also, a packed inspection in these last days didn't show anything abnormal on the mobile. If you close all apps and run a packed scan what you see is the usual stuff that never goes away. Google services, socials, email push, etc. etc.

Thanks Marcos. I don't know what the website is. The notifications pop up when i am not using the mobile. In both cases i couldn't establish which webpage they are connected to. That's what i was asking among other things. I get the notification about the threat, ESET tells me to click on button to clear the notification and no other info on it. When i check the reports on threats you only see those two names but no connection to webpages. Thanks, Rick

Hi everyone, In recent times i have been witnessing an increase in notifications from Eset mobile, some of which bizarre because they pop up while the phone is in standby as i work at the PC. The notification informs me of a threat in a site i am trying to open. But i am not interacting with the mobile at all. The last one was today with a threat called norman.mobi The previous ones in january with one called reza.mobi. Once i remove the notification there is nothing i can do to see which webpage or else was originating the issue. Does any of you have any clue? Thanks in advance.

I didn't open anything as you can imagine. I just saw a very fast pop up stating something like "you're now subscribed to..." and then it all disappeared and the mail was sent to the spam folder and classified as a virus. Thanks for the feedback.

So, today i got this thing in my spam box. It's normally a routine errand. The reason why i post today is because the behavior of the mail this time was bizarre. As i previewed it (did not open by clicking on it, just selected it from the list on the left side of Outlook), it showed briefly in the spam folder, what seemed to be a quick "subscription confirmation to a service" i couldn't see appeared, and then, probably the virus was detected and mail was sent to the trashcan. So, there was no opening but something anomalous seems to have happened compared to the normal behavior i see when these malicious mails are detected. Now, while i run a full scan, i ask the forum whether something could have been injected in my system that is not detectable from the AV? Any suggestions? Thanks in advance.

Thanks. Mine simply vanished.

Gentlemen, good morning. Today i woke up on this. During the last few days my Wi-Fi hotspot seems to have been causing issues with sudden network drops on both my machines but at the moment it's working (I am waiting for a visit from a technician today). There seems to be no good reason for this issue at the moment as internet is working. I can't try on my mobile tethering to see if it goes as i am afraid the connection on the regular network will fail again. Any idea would be welcome. PC is Acer V17 Nitro, about 6 years old running on Win 11. Thanks in advance for any advice or suggestion.

Setting are all on max. Virus issues are real here. We live close to critical areas.

I agree. However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem. But to me this program is a borderline threat. So the question is whether ESET can technically detect it and if it finds it appropriate to do it. (I sent a similar answer a while ago and i don't know where it went)

Thanks. lots of reference online.

Hi Marcos, No i am referring to the thing described here and in many other places It showed 4 processes called RAV in task manager (low usage but battery drained fast, very fast) and two major folders. One in C:\programs and the other in User/Appdata/Roaming, as well as a number of registry entries as usual (I removed them all) The two last software i installed were Qbit and uBit Torrent. Both from their original website

I know this app is legit and ESET in principle should not flag it. But A) It installed silently coming from nowhere. B) Uninstalling it proved quite problematic. C) Upon restart Windows asked me to insert the bitlocker recovery key. D) While RAV was working without me knowing it had been installed the battery was drained so fast it couldn't even work out of home for 3 hours (6.5 hours on average on my Yoga). Would it be a good idea to at least allow ESET to detect this as a Potentially Malicious App? It's crazy what it does. Thanks

Hi Marcos, Will try to make time for that. Thanks

Hi Itman, Auto. If i move to interactive it drives me mad repeating the same notification hundreds of times even if i tell the app to keep the settings. This happened after the last but one update. It was all fine. I also blocked two specific IPs Wireshark and an IP check marked as unsafe, with a lot of interesting reactions. However, the issue shows also when i disable them.

As per subject, ESET firewall has started to block a number of legit apps. I unblock them and the next day it's blocked again. Is this normal? I am attaching a screenshot of it on a good day. On a bad day things are worse. It also blocks firefox and several other apps which seem to work anyways but not the MS Store. Thanks,

Nope. What might have happened is that i installed ESET mobile to test it, including parental control, and then removed it. In that period i was removing the old AV and experimenting. In the process i might have used different emails. At the moment, the sole one is the one i posted you with, to the best of my knowledge. But what you say makes sense. I should be safe. Things are a bit "hectic" in terms of threats here. From phone scammers, to phishing and else. So i wondered why i got that email exactly minutes after i had opened that trekking route on a Gmap link which then self-imported on my mobile and persisted. I removed it but Google never told me checking those would create a semi-permanent overlay on my personal GMAP with someone else's POIs. Thanks a lot. Rick

Hi Marcos, I sent you a message. Best Rick

So, i got an email from noreply@orders.eset.com telling me "I am now using Freemium" on Eset Mobile Security. Point is, my license appears in good order and expiring in 2022 as usual. What worries me is whether someone else is installing a freemium version on a cloned account. I didn't receive any such notification and i changed my password on the account connected to the mobile. The reason why i am doing this is that i imported a trekking map from a trekking article in Taiwan and all those location points from a third user now show on my GMAPs on the mobile so i am thinking, far fetched, that some exploit might be connected to it. I repeat, i had no signs of any violation whatsoever apart from ESET email telling me i am on a Freemium licence when all of my licenses expire in 2022. Any clues? Thanks in advance Rick

Memory dump can't be created. What i mean by this is that the process completes but there is not a MEMORY.DMP file once it's done. Any ideas?

So, as per title. The PC was doing well, i was working on another machine, i switched it off, restarted it, ESET notified me that Antiphishing was disabled and each time i tried to re-enable it i got the message "Do you want to disable it permanentlly". Then then machine slowed to a crawl for a while and all what i have on eset is Eset command line interface Eset service 15 minutes later, Eset seems to be working ok but the machine is still slow. Any clues?

Correct

Hi Marcos, thanks for the insight. It looks all good and fine there and very few apps excluded from the list too. I never exclude key programs from the detection. This means AV software comes first in line, then productivity suites (Office 365 comes to mind), then connectivity (browsers and connections) and the rest, including multimedia etc. It just popped up and it was the first time. It did not help that the pop up message was showing something similar to EQUI.EXE rather than EGUI.EXE due to the fact that the text box did not show the final part of the letter "g".