Moneesh
-
Posts
15 -
Joined
-
Last visited
Posts posted by Moneesh
-
-
Thanx @itman, although it seems i can't view logs in trial version :(.
-
@Marcos i just want to reiterate that the frequent notification about a particular website being blocked from eset has already stopped even before i created the firewall rules. I just wanted to make sure that the thing that was causing the frequent notification isn't running its business in the background or is my PC still infected etc.
As of now, as per your suggestion i have installed trial version of Eset Internet Security 12.0.31.0 (still 25 days left ) also scanned the whole system with it but no harmful content were discovered. I have also installed MS17-010.
-
8 hours ago, itman said:
Modify the firewall rule you created to block inbound and outbound activity for C:\Windows\SysWOW64\dllhost.exe instead of the previous IP address.
thanx @itman. I've created a new rule in Win firewall to block all in/out for application dllhost.exe. Also i have not stopped the previous rule created for IP address.
-
-
3 hours ago, Marcos said:
I can download the tool from the links above.
@Marcos even i can download the file but when i open the file, it does nothing. A cmd window opens for half a second and nothing else happens.
-
@Marcos link is broken. Upon clicking the link, a .exe file was downloaded but the file does not run while trying to open it.
But i searched for Eset Vulnerability Checker and ran the application and i got this,
-
On 1/24/2019 at 8:25 PM, itman said:
Did that stop the Eset alerts you were receiving?
@itman Notifications from eset halted even before i created the firewall rules. maybe eset took care of the virus. About the registry, i cud not find anything of that sort of entry. Here's the screenshot.
-
@Marcos Link to the tool you mentioned, it does not work. And btw, i have created a firewall rule to block anything inbound/outbound related to the IP address 51.15.90.178.
-
@itman i don't from where did u get all that but i'm certainly going to block that ip address just incase. Those were some scary lines i just read. Thank you for the concern. Now i just i have figure out how to block "all TCP/UDP traffic inbound/outbound for IP address 51.15.90.178".
-
@Marcos here is the file again.
-
14 hours ago, Marcos said:
Please create another Procmon log but from a boot. The instructions are available at https://support.eset.com/kb6308 - section Gather boot log files.
@Marcos, here is the boot log file. But eset is not showing notifications today. I have done nothing to stop this. Will it start again in future ?
-
14 hours ago, itman said:
If you expand the "Application" column in the log, it will show you the full path name for the source app Eset is detecting.
Eset also shows the source app in the desktop alert generated if you click on the "Details" section in the alert.
The application column shows the following:
C:\Windows\SysWOW64\dllhost.exe
Now, what action do you suggest i follow ? should i delete the file ? i don't have any experience regarding system files.
-
Hey @Marcos, thanx for the reponse. I was not sure as to logs of which kind of activities should i be posting, so i ticked all the boxes.
-
Frequently receiving notification of blocked website
in Malware Finding and Cleaning
Posted
Found the logs.