Jump to content

migs_k

Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by migs_k

  1. is it normal for services.exe to stop Microsoft Defender Antivirus Network Inspection Service from time to time?
  2. after logging in using PIN after a restart and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-229674073-691441657-888200982-1001\NgcFirst\ConsecutiveSwitchCount this came up on ESET HIPS, never seen this popping up before. after doing some internet search, this came up https://forum.eset.com/topic/23588-hips-alert-for-host-process/?_fromLogin=1
  3. is this a legit eset website? https://www.eset.com.ph/ my aunt purchased eset license and registered using that website, but when trying to login to the hxxp://my.eset.com/ using the same credentials, it wont work. https://www.scamvoid.net/check/eset.com.ph/
  4. looks like I'm the very first ones to upload these. is it even possible to detect pieces of code that's placed everywhere?
  5. theres more inside the rar which is not base64 is ESET capable of cleaning or detecting that sort of thing thats on the youtube video?
  6. one of them looks like base64 just my flying suspicious because I saw this YouTube video https://www.youtube.com/watch?v=mhOWdH2zwMk where the malware source code is placed in whatever places EDIT: ok yeah, decoded it and its something may be part of a source code for something
  7. Yeah, i guess im gonna need that consultation A lot has happened since my last reply
  8. these record happened when I was already logged on and during that time I was on a google meet session also, I don't access my PC through PIN, I use Microsoft pass
  9. also to me this is an unresolved issue 2/19/2021 5:05:06 PM;C:\Windows\System32\LogonUI.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\DestructiveResetInProgress;allowed;Automatic mode; after doing google search D6886603-9D2F-4EB2-B667-1971041FA96B = PIN so im going to assume someone logged in via my PC's PIN did a "DestructiveResetInProgress" and "TpmClearRecoveryInProgress" whatever this means
  10. ive also sent some sort of .exe s to eset they are CR_xxxxx/setup.exe the x are random number / chars these things keep popping up from HIPS from time to time targeting my browsers I couldnt obtain all of them, as soon as it gets reported by eset's HIPS I try to go the location of that .exe and its not there anyway, do you how to disable safe boot without logging into windows and without a windows 10 physical disc?
  11. not sure about that, after blocking 0x1f4b0.com and restarting its now replaced by 0123movies.com
  12. these are some of those "Can not obtain ownership information"
  13. ive added the 127.0.0.1 0x1f4b0.com to hosts and it returned back to 0.0.0.0, but still this shows in eset what are suppose to be the default connections / ports of these things should I block ports 15xx? is my system services hijacked?
  14. theres also an unknown user S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisDrv and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisSvc im the only user on this device WdNisDrv also stops running from time to time
  15. dunno, something definitely suspicious is going on I just discovered in my documents 2 exported bookmark htmls that the contents contain selectively private stuff and not just talking about porn (although it was included) also today, I found in my recycle bin files ive deleted long ago, these files all of them deleted at the same time of 5:08, and their original location deleted is on microsoft/windows/recent
  16. what about these services? no results on googling i cant disable it, all it says parameter incorrect
  17. where can I locate these "updates", because I want to send it for inspection, get to see what's inside of it. ty
×
×
  • Create New...