ProblemNeedsSolution
Members-
Posts
23 -
Joined
-
Last visited
About ProblemNeedsSolution
-
Rank
Newbie
Profile Information
-
Location
Slovakia
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
ProblemNeedsSolution reacted to a post in a topic: Adresa bola zablokovaná - Eset Internet Security 14.0.22.0
-
Dobrý deň, dnes ráno z ničoho nič sa mi EIS začalo hlásiť: Adresa bola zablokovaná a kým som nevypol zobrazenie hlášky to bolo cca 35x. Je tam nejaká adresa ktorú som nenavštívil z rôznych krajín (HU/SK a najviac z PL). Spravil som scan systému s EIS a žiadnu hrozbu nenašiel, potom som skúšal aj MB Antirootkit ale tiež nič nenašiel. Mal som otvorený iba Chrome a v chrome som mal otvorené záložky a dve stránky z roboty. Mohli by ste mi s tým pomôcť, ďakujem.
-
In my case I believe the thing was present in the backup itself so that is why it kept coming back. Just to be sure I disabled google sync on my machine and deleted all the extensions and cookies. I keep doing checks with the anti rootkit tool from MB and I also keep an eye on the WIndows/system32 folders and so far everything seems to be clean.
-
So after finding this: It is clear how it works. So I deleted all tasks which involved Maintenance.vbs using Autoruns and deleted the ServiceInstaller.msi too. I hope I am over it but let us surprise. I checked msconfig too because the counter in updatesettings was on 10 but I it still did not switch it to Safe boot. I hope this will help you out to figure out something for detecting this PoS thing I do not want to say it too early but I think this time I got this mofo for good.
-
Actually I already did this, I only did find StartupCheck.vbs and Maintenance.vbs, but just to be sure I searched all the Windows folder for scripts and deleted anything after September. After reboot the machine was giving me an error because of the Maintenance.vbs but I modified it to just this: Wscript.Quit Problem solved. I did change the extension of the two upper mentioned script to txt (attached below). PLS DO NOT CHANGE THE EXTENSION TO SCRIPT AND RUN THESE!!! Maintenance.txt StartupCheck.txt