Jump to content

Namoh

Members
  • Content Count

    28
  • Joined

  • Last visited

Posts posted by Namoh

  1. 5 hours ago, Marcos said:

    Got it from VT. In fact, it's not detected because of the extension but with a correct extension it would be detected:
    updatewins.js - JS/Kryptik.BPU trojan. The detection was created between Feb 17-20. We'll adjust it so that such files can be normally detected.

    I can confirm that ESET now detects this!
    Just scanned my pc and it came up with: Agent.JK trojan horse and with JK/Kryptik.BPU trojan horse.

    So if I would install this (cracked) software again, ESET would now block the installation!?

    Good job.

  2. 10 hours ago, itman said:

    @Namoh, I advise you to read this General Discussion posting I made last February: https://forum.eset.com/topic/22398-pirated-software-is-all-fun-and-games-until-your-data’s-stolen/

    Ofcourse, I understand the risks of cracks etc, and it's not that I just use cracked software, but I do install cracked software to see if the software is good and usefull for me before I purchase it.

    The adobe package has a 7 day free trial option. This is for me not enough to see if it's worth the money, because I work full time.

    The full package costs €60,49 per month!!

    I'm not going to pay that much money without knowing if I like the software.

    And maybe a stupid thought but I assumed that my visusscanner would tackle any suspicious behaviour, what else is the reason that I purchased it...? Of course I didn't disable ESET during install but it never gave any sign or pop-ups.

  3. On ‎6‎/‎4‎/‎2020 at 4:29 PM, Marcos said:

    I'd like to get the file for a check. If you still have a copy of the file, please provide it.

     

    I have a copy of the file, but it's a hyperlink (snelkoppeling) of 1kb.

    Still interested or no need to sent it?

    Mmmmm, although the file name is: CC-Library-mul683-x64.zip it won't allow me to attach it.

    Probably because it's a hyperlink and not a real zip-file.

    All this started after installing a version of Adobe Master Collection via this nzb file (no comments :) ).

    You can download it yourself and see if you get the same issue.

    Would advise to make a copy of your drive upfront (which I forgot).

    Adobe-Master-Collection-CC-2020-19-05-2020-Multilanguage.rar

  4. Not quiet sure I understand you correctly.

    I think I did the first, but you're correct I didn't do the second.

    See below, or am I on the wrong screen(s).

    Brontoepassing = Source Application, right? It says/said "Alle toepassing" / "All applications". So that is/was already correct.

    Toepassingsbewerkingen = Application operation screen, right? I've now enabled the "Nieuwe toepassing starten" setting.

    Correct me, if I messed up again.

    api.backend-app_17.png

    api.backend-app_18.png

  5. I've done all of the above, see below screenshots.

    Hope I've added the rule correctly.

    Just to give all info, I've deleted a file from the folder: C:\Users\sande\AppData\Roaming

    Everytime I'm starting up my pc it now gives an Windows Script Host message.

    I've attached this as well.

    These messages started after I installed a program related to this file, that's why I deleted it (finger was quicker than my brain).

    Don't know if it's related to this issue but thought it was worth mentioning.

     

     

     

     

     

    api.backend-app_13.png

    api.backend-app_14.png

    api.backend-app_15.png

    api.backend-app_16.png

    api.backend-app_12.png

  6. 11 hours ago, itman said:

    Open Eset GUI. Select Setup -> Computer protection -> Click on the gear symbol for HIPS. Scroll down to the "Rules" setting and mouse click on "Edit."

    Create a new HIPS rule as follows:

    1.  Click on the Add tab.

    2. On the first screen display, enter the following;

    Rule name - User rule: block wscript.exe startup

    Action - Block

    Operations affecting: Applications - enable the setting

    Logging severity - Warning

    Click on the Next tab

    3. On the Source Applications screen, select "All Applications" from the drop down box. Click on the Next tab.

    4. On the Application operation screen, enable the "Start new application"setting. Click on the Next tab.

    5. On the Applications screen, click on the Add tab. Enter each of the following clicking on the OK tab after each entry;

    C:\Windows\System32\wscript.exe

    C:\Windows\SysWOW64\wscript.exe

    Note: the above assumes you installed Windows on the C drive.

    6. Click on the Finish tab to create the HIPS rule.

    7. Click on any subsequently displayed OK tab to save your settings.

    From this point on, monitor your Eset HIPS log for entries related to the above rule.  What is needed is to determine what Application is attempting to start wscript.exe.

    Did all above, hopefully correct.

     

    About your other posts………..way above my IT knowledge.

×
×
  • Create New...