Namoh
-
Posts
28 -
Joined
-
Last visited
Posts posted by Namoh
-
-
Ok, so I found it, but what's the best setting?
All on Aggressive for as well Reporting as Security...?
All these settings are there for a reason I assume, but you still can be infected if some of these settings are incorrect, while you think you're safe.
I'll keep them on Agressive (changed this few days ago because of this threads) for Reporting, but not for Security.
-
21 minutes ago, Nightowl said:
Crack/hacktools/keygens and etc are all detected as HACKTOOL by ESET , as if UNSAFE apps detection isn't enabled then ESET won't touch them , or warn about them , because they are not malicious to the user.
Maybe a stupid question, but where's this UNSAFE apps detection option located?
Would like to check if I have it enabled or disabled. -
5 hours ago, Marcos said:
Got it from VT. In fact, it's not detected because of the extension but with a correct extension it would be detected:
updatewins.js - JS/Kryptik.BPU trojan. The detection was created between Feb 17-20. We'll adjust it so that such files can be normally detected.I can confirm that ESET now detects this!
Just scanned my pc and it came up with: Agent.JK trojan horse and with JK/Kryptik.BPU trojan horse.So if I would install this (cracked) software again, ESET would now block the installation!?
Good job.
-
10 hours ago, itman said:
@Namoh, I advise you to read this General Discussion posting I made last February: https://forum.eset.com/topic/22398-pirated-software-is-all-fun-and-games-until-your-data’s-stolen/
Ofcourse, I understand the risks of cracks etc, and it's not that I just use cracked software, but I do install cracked software to see if the software is good and usefull for me before I purchase it.
The adobe package has a 7 day free trial option. This is for me not enough to see if it's worth the money, because I work full time.
The full package costs €60,49 per month!!
I'm not going to pay that much money without knowing if I like the software.
And maybe a stupid thought but I assumed that my visusscanner would tackle any suspicious behaviour, what else is the reason that I purchased it...? Of course I didn't disable ESET during install but it never gave any sign or pop-ups.
-
16 hours ago, itman said:
Refer to the below screen shot.
Using Windows Explorer, do the following. Mouse click on the file using the right button. Select "Send to" -> "Compressed (zipped) folder. Attached this newly created zipped folder to your forum reply.
Hereby the zip-file with the hyperlink, don't think it will help but you never know
-
On 6/4/2020 at 4:29 PM, Marcos said:
I'd like to get the file for a check. If you still have a copy of the file, please provide it.
I have a copy of the file, but it's a hyperlink (snelkoppeling) of 1kb.
Still interested or no need to sent it?
Mmmmm, although the file name is: CC-Library-mul683-x64.zip it won't allow me to attach it.
Probably because it's a hyperlink and not a real zip-file.
All this started after installing a version of Adobe Master Collection via this nzb file (no comments
).
You can download it yourself and see if you get the same issue.
Would advise to make a copy of your drive upfront (which I forgot).
Adobe-Master-Collection-CC-2020-19-05-2020-Multilanguage.rar
-
Yes, I'm using IE11 (11.836.18362.0, update versions: 11.0.190) mostly, but in some cases also Microsoft Edge (?? couldn't quickly find a version number) and Google Chrome (83.0.4103.97).
Deleted the file and will restart now.
-
Just now, itman said:
Yes, everything appears correct now.
One of the problems is your Eset version is the Dutch language version and this is an English language forum.
Isn't there somewhere a setting to change it into English, I'm fine with that
-
Small steps but we're getting there.
This was located in above folder, and it says: C:\WINDOWS\system32\wscript.exe /E:jscript "C:\Users\sande\AppData\Roaming\CC-Library-mul683-x64.zip" wscript.exe/e:key:BVfnB5qsixmIFscLj6DoRCZF
-
Not quiet sure I understand you correctly.
I think I did the first, but you're correct I didn't do the second.
See below, or am I on the wrong screen(s).
Brontoepassing = Source Application, right? It says/said "Alle toepassing" / "All applications". So that is/was already correct.
Toepassingsbewerkingen = Application operation screen, right? I've now enabled the "Nieuwe toepassing starten" setting.
Correct me, if I messed up again.
-
Should I run ProcMon after rebooting, or once the pop-ups start?
Currently no pop-ups, so no use of activating ProcMon, right?
-
The weird part is, yesterday it went crazy again with all the pop-ups.
Today………………….so far nothing!!
I've changed to Boot Logging, will restart pc, and see if anything happens.
-
Hope I did the right thing.
-
I've done all of the above, see below screenshots.
Hope I've added the rule correctly.
Just to give all info, I've deleted a file from the folder: C:\Users\sande\AppData\Roaming
Everytime I'm starting up my pc it now gives an Windows Script Host message.
I've attached this as well.
These messages started after I installed a program related to this file, that's why I deleted it (finger was quicker than my brain).
Don't know if it's related to this issue but thought it was worth mentioning.
-
I've scanned svchost.exe separately, still nothing (didn't expect anything but just to be sure).
What to do?
-
I did all of the above, the messages keep popping up, but I don't see any hits when I scan my pc with Administrator rights.
I don't see anything in the HIPS log, but I do see a lot of hits in the Network security log (Netwerkbeveiliging).
-
11 hours ago, itman said:
Open Eset GUI. Select Setup -> Computer protection -> Click on the gear symbol for HIPS. Scroll down to the "Rules" setting and mouse click on "Edit."
Create a new HIPS rule as follows:
1. Click on the Add tab.
2. On the first screen display, enter the following;
Rule name - User rule: block wscript.exe startup
Action - Block
Operations affecting: Applications - enable the setting
Logging severity - Warning
Click on the Next tab
3. On the Source Applications screen, select "All Applications" from the drop down box. Click on the Next tab.
4. On the Application operation screen, enable the "Start new application"setting. Click on the Next tab.
5. On the Applications screen, click on the Add tab. Enter each of the following clicking on the OK tab after each entry;
C:\Windows\System32\wscript.exe
C:\Windows\SysWOW64\wscript.exe
Note: the above assumes you installed Windows on the C drive.
6. Click on the Finish tab to create the HIPS rule.
7. Click on any subsequently displayed OK tab to save your settings.
From this point on, monitor your Eset HIPS log for entries related to the above rule. What is needed is to determine what Application is attempting to start wscript.exe.
Did all above, hopefully correct.
About your other posts………..way above my IT knowledge.
-
-
27 minutes ago, itman said:
No. But maybe Eset finally contacted Cloudflare about the issue and they shut down the source on their servers.
The problem is you still have this JavaScript malware on your device. Run a full Eset scan as Administrator per the below screen shot:
Already did this and it came up with no hits / results 😕
-
Looks like the pop-ups has been stopped……...
Is this because of you..??
-
and found this via your path.
-
Found it!! I think.
There's 3 that have a huge amount of blocked numbers behind them.
svchost.exe 572x
unknown device 192...…. 282x
unknown device fe80...… 280x
-
Well, I don't have an eset icon on my desktop.
And when I right mouse click on eset in the start menu or the toolbar there's no "Log Files" option.
I've attached screenshots to show what I get. Probably doing something wrong.
I'm on a paid license btw.
-
Probably a very stupid question...………..but where do I find the Eset Filtered Website Log?
How to enable it?
I'm running ESET Smart Security Premium 13.1.21.0
Btw, thanks for your help
ESET I.S. Agressively blocking URL, can't find app
in Malware Finding and Cleaning
Posted
I assume you mean Aggressive for Reporting not for Security