migs_k
Members-
Posts
21 -
Joined
-
Last visited
About migs_k
-
Rank
Newbie
Profile Information
-
Location
Philippines
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
is it normal for services.exe to stop Microsoft Defender Antivirus Network Inspection Service from time to time?
-
migs_k reacted to a post in a topic: is this legit? NgcFirst\ConsecutiveSwitchCount
-
migs_k reacted to a post in a topic: is this legit? NgcFirst\ConsecutiveSwitchCount
-
after logging in using PIN after a restart and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-229674073-691441657-888200982-1001\NgcFirst\ConsecutiveSwitchCount this came up on ESET HIPS, never seen this popping up before. after doing some internet search, this came up https://forum.eset.com/topic/23588-hips-alert-for-host-process/?_fromLogin=1
-
migs_k reacted to a post in a topic: is this eset site legit?
-
is this a legit eset website? https://www.eset.com.ph/ my aunt purchased eset license and registered using that website, but when trying to login to the hxxp://my.eset.com/ using the same credentials, it wont work. https://www.scamvoid.net/check/eset.com.ph/
-
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
Yeah, i guess im gonna need that consultation A lot has happened since my last reply -
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
these record happened when I was already logged on and during that time I was on a google meet session also, I don't access my PC through PIN, I use Microsoft pass -
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
also to me this is an unresolved issue 2/19/2021 5:05:06 PM;C:\Windows\System32\LogonUI.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\DestructiveResetInProgress;allowed;Automatic mode; after doing google search D6886603-9D2F-4EB2-B667-1971041FA96B = PIN so im going to assume someone logged in via my PC's PIN did a "DestructiveResetInProgress" and "TpmClearRecoveryInProgress" whatever this means -
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
ive also sent some sort of .exe s to eset they are CR_xxxxx/setup.exe the x are random number / chars these things keep popping up from HIPS from time to time targeting my browsers I couldnt obtain all of them, as soon as it gets reported by eset's HIPS I try to go the location of that .exe and its not there anyway, do you how to disable safe boot without logging into windows and without a windows 10 physical disc? -
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
not sure about that, after blocking 0x1f4b0.com and restarting its now replaced by 0123movies.com -
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
-
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
ive added the 127.0.0.1 0x1f4b0.com to hosts and it returned back to 0.0.0.0, but still this shows in eset what are suppose to be the default connections / ports of these things should I block ports 15xx? is my system services hijacked? -
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
-
migs_k reacted to a post in a topic: can I ask where to locate these windows "updates"
-
can I ask where to locate these windows "updates"
migs_k replied to migs_k's topic in ESET NOD32 Antivirus
theres also an unknown user S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisDrv and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisSvc im the only user on this device WdNisDrv also stops running from time to time