Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by Vuyek

  1. Ok. I finally figurę it out. Had to wipe my entire disc. It was a bug or malware in my usb WiFi adapter drivers. I had them on my Hard disc. When I was trying to install drivers my bugged exe file was named athurx and appaerently it was doing something with my DNS server, because each time I was downloading newer/other version I was downloading exact same athurx file in zip archive. 


    This time when i wiped entire disc I went to my neighbour to download WiFi drivers, and I dont know how, but he downloaded  another zip archive, but with completely different files inside. Same TP link website, same drivers, but inside zip archive were completely different files with setup. Exe So i guess it had to do something with DNS. 



  2. Yes, I set that, so the possible reason for my issue is lack of security in my local network?


    Still sometimes I get firewall notifications about 'system' or other service is trying to connect to ipv6 device (or address?) it starts with 'fe:". Correct me if I'm wrong but is ipv6 used in local networks? Should I block that? And if yes, how can i restrict access from every device in my local network? Is remote desktop access a thing here? Or some kind of web view bitstreaming like rtp or rstp?

    Through all those hours I spent educating myself about internet protocols and windows services I think I might got lost a bit ;)

    Thanks for helping me out itman :)


  3. On 3/6/2021 at 1:01 AM, itman said:

    As far as NDIS Virtual Network Adapter Enumerator, it would be installed when Hyper-V was installed:


    I really don't see anything wrong with what is shown in your device manager screen shot.

    Are you connect to a public wi-fi network or to a wi-fi connection on your router?

    I share my flat and internet with my neighbours so I guess it's half public half private. I don't know if they have their end of wifi protected.


    I managed to record some odd stuff happening.


    There is record of my wifi suddenly deciding to disable and enable few times. When I click on tcpip4 properties sometimes I have my gateway set as and sometimes it's blank.

    Another record shows that I had Cloudflare WARP app to keep my IP private. Yesterday I had notification that an update is available, I clicked to install and my cloudflare app disappeared. Uninstalled. So I decided to download new installer manually but installation process cant go through.

    Also today I found out my desktop changed. It's now half in C;/users/public and half C:/users/Z and because of security restrictions I couldn't save my game (gothic 3 :P ) so something definitely changed without me knowing it. Also in security tab there was unknown account with special permissions to C:/users/public but I deleted it.


    Answering to questions in linked topic:


    It coudn't be account that I created and deleted in the past. Since this windows installation I had only one account, didnt create, edit or delete any.


    No I dont. I was using cloudflare app if that one counts but virtual network adapter was before I got that installed.


    I didnt install any of hyper-v features, dont know what it is to be honest. It keeps reinstalling with every new win installation.

  4. They were named "unknown account S-1" + a number of random digits.

    Most concerning devices like WAN miniports, Microsoft kernel debug network adapter and Microsoft virtual hosted network adapter I already deleted. But before I deleted them I made this screenshot:




  5. 30 minutes ago, itman said:

    To begin, you didn't state you have an Eset security product installed? Remember this is a forum to support Eset software issues.

    Interesting in the TechNet posting linked, no one in a Microsoft capacity denied this type of activity occuring.

    All I will state is persistent external intrusions into a local network is a clear sign that perimeter devices; router, gateway, etc.. have been compromised. This can happen for a number of reasons with mis- configuration being at the top of the list. Another reason is one network device was infected with a worm which allowed the rest of the network to be infected.

    Yes, I have ESET installed. I'm using external wifi network adapter, so maybe that's the reason, but what can I do to deny access and regain control?

    25 minutes ago, shocked said:

    can you upload a couple of pictures with those weird accounts you see in C drive and those devices?

    if it's not malware then it;s normal functionality of the operating system. in the linked MS forum post, the user that reports those unknown devices, those exist to my pc as well.

    Not anymore. Yesterday I did another reinstall because each time I unplugged my Wifi adapter I kept getting bluescreens and when I tried to reinstall drivers I got message 'access denied'. 

    I will try to capture some screenshots with those messages about restarting my PC when they happen or to record my screen with adapter reenabling. Also I already deleted microsoft network adapter and microsoft kernel network adapter, but here's the screenshot of devices installed at this moment:




  6. As I was writing this down I got security alert from windows. 

    It turns out that my reputation-based protection was turned off. 

    Never did this of course. 

    There's a lot more small things happening for no reason, like my network adapter disabling and enabling multiple times within a minute - sometimes it happens right in front of me So I Can observe it. 

  7. Hello


    I've been struggling lately with my PC changing IP addresses, installing new devices and updates by itself.

    Nothing helped. I was reinstalling different windows 10 and 7 versions and every single time after a while I could notice that in C drive win files unknown accounts were granted control privileges in security tab, I couldn't change some settings like airplane mode or night light. I was getting messages that changes were made to my system and I have to restart PC. To be honest I got really paranoid about this, but everyone was telling me that It's probably Microsoft implementing updates and so on. Today I found another new device installed "NDIS Virtual Network Adapter Enumerator". Yesterday there was no trace of it so I decided to google name and check what this device does and I found this topic:


    This topic pretty much sums up my issue, I have same devices reinstalling in my windows. Everything looks similar. Is this really an issue or are we all wrong about this?


    Also in my clipboard history I had this:


    I NEVER copied this from any source, I didnt write that down, nothing, my PC was turned ON entire night when I was sleeping. I'm in dead end, don't know what to do...

  8. 15 hours ago, Marcos said:

    I would say it's ok; on my VM in idle state I've received about 280 mil. packets in 24 hours.

    As for the communication from which was blocked, make sure that the network is trusted. You can add it to the trusted zone manually if you are unsure. Also the firewall troubleshooting wizard should provide more information about the blocked communication.

    Well, the firewall troubleshooting wizard deletes reports after 1 hour so I cannot find any more informations.

    About the trusted zone - I live in house shared between multiple people, which I dont know that well, so there is a lot of people sharing internet connection so the last thing I wanna do is to add my network into trusted zone.

    Sometimes I sew that I had established connection through 1900 upnp port, but I managed to block it through simplewall. 


    Of course I get into consideration that I might just be a little paranoid about this, but I guess it's better safe than sorry.

  9. I couldnt find the 'reply' button in the topic.

    Yes, that unknown account was phantom account created by ESET certainly.

    But aside of that, isn't it suspicious that my network adapter received over 1,5 billion packets already within 44 hours? Since I created my topic I received 600 million packets while not even using my PC. It was just turned on.

    Also ESET blocked one of my apps in "Network protection troubleshooting" indicating that there were 46 attempted connections from IP. So does it mean that other PC in my LAN got a security threat issue or is trying to connect to my PC without my knowledge?


    Link to topic: https://forum.eset.com/topic/27403-found-unknown-local-user-account-after-eset-installation/?tab=comments#comment-129217

  • Create New...