Another posting about this bugger on Reddit;
https://www.reddit.com/r/techsupport/comments/zaqigb/is_this_a_maleware/
The interesting part is most of its binaries are Microsoft signed. It also appears the payload is embedded within conhost.exe. Based on what was recently posted in this thread, it appears cmd.exe was started or conhost.exe standalone; most likely in suspended mode, then process hollowing and/or command line modification was done on conhost.exe, and conhost.exe was started.
Perhaps its time Eset start setting deep behavior inspection hooks into conhost.exe as it does for cmd.exe.
Please provide the content of the C:\Program Files\WindowsMalwareProtection folder. Move the folder to c:\esetvir for instance and reboot the machine.
You can then select the 2 scheduled tasks and delete them.
murko gave kudos to itman in Address has been blocked
