Jump to content

migs_k

Members
  • Content Count

    21
  • Joined

  • Last visited

Profile Information

  • Location
    Philippines

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. is it normal for services.exe to stop Microsoft Defender Antivirus Network Inspection Service from time to time?
  2. after logging in using PIN after a restart and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-229674073-691441657-888200982-1001\NgcFirst\ConsecutiveSwitchCount this came up on ESET HIPS, never seen this popping up before. after doing some internet search, this came up https://forum.eset.com/topic/23588-hips-alert-for-host-process/?_fromLogin=1
  3. is this a legit eset website? https://www.eset.com.ph/ my aunt purchased eset license and registered using that website, but when trying to login to the hxxp://my.eset.com/ using the same credentials, it wont work. https://www.scamvoid.net/check/eset.com.ph/
  4. looks like I'm the very first ones to upload these. is it even possible to detect pieces of code that's placed everywhere?
  5. theres more inside the rar which is not base64 is ESET capable of cleaning or detecting that sort of thing thats on the youtube video?
  6. one of them looks like base64 just my flying suspicious because I saw this YouTube video https://www.youtube.com/watch?v=mhOWdH2zwMk where the malware source code is placed in whatever places EDIT: ok yeah, decoded it and its something may be part of a source code for something
  7. Yeah, i guess im gonna need that consultation A lot has happened since my last reply
  8. these record happened when I was already logged on and during that time I was on a google meet session also, I don't access my PC through PIN, I use Microsoft pass
  9. also to me this is an unresolved issue 2/19/2021 5:05:06 PM;C:\Windows\System32\LogonUI.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\DestructiveResetInProgress;allowed;Automatic mode; after doing google search D6886603-9D2F-4EB2-B667-1971041FA96B = PIN so im going to assume someone logged in via my PC's PIN did a "DestructiveResetInProgress" and "TpmClearRecoveryInProgress" whatever this
  10. ive also sent some sort of .exe s to eset they are CR_xxxxx/setup.exe the x are random number / chars these things keep popping up from HIPS from time to time targeting my browsers I couldnt obtain all of them, as soon as it gets reported by eset's HIPS I try to go the location of that .exe and its not there anyway, do you how to disable safe boot without logging into windows and without a windows 10 physical disc?
  11. not sure about that, after blocking 0x1f4b0.com and restarting its now replaced by 0123movies.com
  12. these are some of those "Can not obtain ownership information"
  13. ive added the 127.0.0.1 0x1f4b0.com to hosts and it returned back to 0.0.0.0, but still this shows in eset what are suppose to be the default connections / ports of these things should I block ports 15xx? is my system services hijacked?
  14. theres also an unknown user S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisDrv and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisSvc im the only user on this device WdNisDrv also stops running from time to time
×
×
  • Create New...