Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. I am wondering if the issue here is the same Microsoft account is being used for both devices. MyEset might be using that somehow internally to ID devices. You might have just figured out a way to bypass Eset's license validation processing.🤭
  2. You might want to refer to this article: Also of note: https://www.sophos.com/en-us/press-office/press-releases/2021/01/sophos-identifies-source-of-mrbminer-attacks-targeting-database-servers.aspx -EDIT- In regards to the above "similar techniques" referenced is all employed some form of brute force attack element against the server and/or exploiting of system vulnerabilities. Since it appears sqlserver.exe in your situation is directly initiating the Trojan download attempt, I assume some type of code injection is being performed against it. Again, this assumes that
  3. Based on the posted my Eset screen shot, it appears you purchased one Eset NOD32 license for two PCs; not two 1 PC Eset licenses. If you bought two 1 PC Eset licenses, the key for each license would be different.
  4. What about sqlbase.exe since this is the malicious parent process? Does that show in SysInspector? BTW - I believe a malicious sqlbase engine was installed. Also it appears you found the malicious versions sqlbase.exe and sqlconn.exe since they are sitting on your desktop. Is the issue these keep reappearing on the infected devices? Also submit sqlservr.exe on one of these devices with issues to VirusTotal for a scan.
  5. For registry subordinate keys under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\", you need to code the following, "HKEY_LOCAL_MACHINE\SYSTEM\*\". For example: HKEY_LOCAL_MACHINE\SYSTEM\*\Services\USBSTOR\Start
  6. For starters on an infected device check if the following exists: %WINDIR%\\FONTS\\SQLCONN.EXE
  7. Make sure the settings highlighted in the below screen shot are enabled:
  8. I assume the device names with Eset installed are Suzanne, Angel, and Shuriken-PC? If so, delete all other devices shown other than these three.
  9. Avast paid products include a sandbox feature. Eset consumer products do not.
  10. You can set up the Comodo firewall so that everything runs in an isolated environment: https://www.youtube.com/watch?v=vktNQCwB2UY . You then just set up exclusions for your trusted apps. Video author states on the various security forums that no 0-day malware has been able to bypass her custom Comodo setup.
  11. As far as desktop notifications go, refer to the following per Eset on-line help: I have mine set to "Diagnostic" and have no issue with Eset HIPS rule desktop notifications appearing.
  12. Eset's System Cleaner feature primary function is to reset Windows settings back to default values. The "Cleaner" reference in my opinion is misleading. Also as the Help for this feature states, it should not be run w/o Eset tech support instruction to do so. System Cleaner's primary purpose is to remove system modifications made by malware. However, many also perform custom modifications to Windows system settings and those will be removed when System Cleaner is run.
  13. Eset Push Notifications option uses process ekrn.exe, TCP protocol, and remote port 8883. Verify that outbound network traffic for this is not being blocked by whatever firewall you are using.
  14. There is no sandboxing used since Eset doesn't have one in contrast to its major competitors. At least, a stand alone sandbox employing virtualization. Eset employs an internal sandbox in regards to the hueristic scanning done by its real-time protection.
  15. I believe the red "X" symbol is just a visualization of what is stated in the shown text. That is the Network drive is in a disconnected state. A disconnected Network drive is not in an online status and therefore cannot be mapped.
  16. OK. Eset really doesn't have a publication on Web Access processing. So I will post the following. Eset scans all incoming Internet traffic for malicious status that is HTTP/HTTPS based; not just browser based network traffic. It does this using the existing Windows Filtering Platform that allows for network packet analysis. In regards to encrypted HTTPS traffic, Eset decrypts it using its installed Win root CA certficate for inspection purposes. Additional Web Access protections include: 1. A scanner to scan browser based JavaScript's. 2. Anti-Phishing protection. 3.
  17. Everything you want to know about Eset is contained in this whitepaper: https://www.eset.com/fileadmin/ESET/US/docs/about/ESET-Technology-Whitepaper.pdf
  18. Eset has a command line based scanner: https://support.eset.com/en/kb3417-eset-command-line-scanner-parameters-eclsexe-5x-and-later . The scan code can be created in a script and the script scheduled to run via Win Task Manager. However, I am not sure this will scan network drives. Possibly by setting the scheduled task to run with highest privledges; i.e. System.
  19. Did you check Eset's HIPS log for entries that might shed some light on what issues the HIPS was having with Chrome?
  20. I assume these are Ethernet Powerline adapters? Make sure they are powered up and have completed self-syncing prior to booting any PC connected to them. I believe all the issues you described are a result of not having a fully functional Internet connection when Windows started up. FYI - my Ethernet powerline adapters are on 7/24. Additionally, properly syncing these devices is a "real bear." I was having all kinds of network connection issues until I found a posting on the manufacture's web site on how to force sync these devices. It involved plugging both adapters into a power strip and
  21. This is also noted in regards to uninstalling Eset. It has a settings Export feature that will save all current Eset settings. As such, Eset can be uninstalled then painlessly re-installed with all previous customization's restored via Eset settings Import feature.
  22. If the objective is to eliminate a specific Eset threat detection alert, the proper way to do so is via real-time protection threat exclusion.
  23. No. The software utilities describes are network traffic analysis monitors specifically designed with the functionality mentioned. There are also network traffic analysis monitors such as SysInternals TCPView, Nirsoft's LiveTcpUdpWatch, etc.. that are also designed for this purpose. These lack the "cute" desktop toolbar icon display.
  24. The established procedure that pertains to running two security solutions with a real-time scanning component is at a minimum, only one real-time component be allowed to run. The other security solution real-time component must be disabled. This stated, there is no guaranty that running both solutions concurrently will not cause system conflicts. As far as Eset is concerned, permanently disabling its real-time protection will cause Win 10 to immediately enable Microsoft Defender as the active real-time protection. As such, you will have to contend with that issue. Finally, there is n
  • Create New...