Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. https://www.bleepingcomputer.com/news/microsoft/this-new-microsoft-tool-checks-exchange-servers-for-proxylogon-hacks/
  2. I just accessed the web site again. Eset is still showing the same threat detection. Using the URL from the Eset detection log entry, I submitted it to VT for a scan. Since Quttera is detecting it, I would say the web site is hacked. You might want to inform the web site owner of this status:
  3. Also of note: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
  4. Refer to this: https://answers.microsoft.com/en-us/windows/forum/windows_vista-security/account-unknowns-1-5-21/097fa4e9-8705-46d4-bf90-fc119da680a7 . The existence of this account is not necessarily malware related.
  5. As far as NDIS Virtual Network Adapter Enumerator, it would be installed when Hyper-V was installed: https://forums.tomshardware.com/threads/ndis-virtual-network-adapter-enumerator.1527447/ I really don't see anything wrong with what is shown in your device manager screen shot. Are you connect to a public wi-fi network or to a wi-fi connection on your router?
  6. I duplicated the Eset detection when I selected the same lens you did. Appears to be malicious re-direct activity: -EDIT- Of note is no one at VT is detecting the hash, DDD0318AB432F659AFB556A62B98BF950A3E7512, Eset shows in the Detection log entry.
  7. To begin, you didn't state you have an Eset security product installed? Remember this is a forum to support Eset software issues. Interesting in the TechNet posting linked, no one in a Microsoft capacity denied this type of activity occuring. All I will state is persistent external intrusions into a local network is a clear sign that perimeter devices; router, gateway, etc.. have been compromised. This can happen for a number of reasons with mis- configuration being at the top of the list. Another reason is one network device was infected with a worm which allowed the rest of the net
  8. Additionally forensic analysis recommendations plus mitigations given in this article: https://us-cert.cisa.gov/ncas/alerts/aa21-062a
  9. Was this Internet Explorer or Edge? If it was Edge, open Internet Explorer and try to access the whatsapp web site.
  10. Appears Eset is currently experiencing some issue with its licensing servers. The LiveGrid alert noted will display when there are issues with Eset license installed on the source device.
  11. You need to post what your Eset Public license ID as I previously requested. It is formatted as XXX-XXX-XXX . Refer to the below screen shot on where to obtain the public license id:
  12. Eset is well aware of this situation as noted by their blog posting on it: https://www.welivesecurity.com/2021/03/04/microsoft-fixes-four-exchange-server-zero-day-vulnerabilities/ . The problem here is the Hafnium APT group whose exploiting is detailed in the Microsoft article you linked is only one of multiple ATP actors exploiting this vulnerability. You need to patch your Exchange servers ASAP. Ref.: https://www.bleepingcomputer.com/news/security/dhs-orders-agencies-to-urgently-patch-or-disconnect-exchange-servers/ -EDIT- Also of note is: The Volexity article has a nu
  13. I forgot to mention this. Referring to the anyrun.com detailed analysis of Remcos RAT sample, the first process spawned from winword.exe is eqnedt32.exe. This would indicate the attacker is exploiting a known vulnerability detailed here: https://www.bleepingcomputer.com/news/security/office-equation-editor-security-bug-runs-malicious-code-without-user-interaction/ . Again your primary security mechanism against crud like this is to ensure your OS and application software has all available security patches applied.
  14. Follow instructions given here to disable and then re-enable SSL/TLS protocol scanning: https://support.eset.com/en/kb3126-disable-ssl-filtering-in-eset-windows-products Important: Make sure FireFox is closed prior to performing the above.
  15. The two Win 7 updates that need to be installed for Eset to continue to function w/o issue are KB4474419 and KB4490628. It appears you have already installed these updates based on your screen shot. As such, nothing more is needed on your part. Is this the Eset LiveGrid alert you are receiving? If not, post a screen shot of the Eset alert message you are receiving in regards to LiveGrid. Also post your Eset license Public ID to allow @Marcos to check its status.
  16. Does the "b" reference mean you're running a beta version of Win 10?
  17. No problem here using Win 10 20H2, EIS 14.0.22, and latest Firefox version:
  18. Since the linked youtube video is about the Remcos RAT, anyrun.com has an excellent animated analysis of one sample of it here: https://any.run/malware-trends/remcos Remcos is usually associated with a phishing e-mail; for example, one containing a MS Word attachment. The easiest way to stop crud like this is to block process startup from any MS Office executable's. In this case, any process startup from winword.exe. Or better yet, permanently disable macro use in winword.exe:
  19. I have two e-mail providers setup up in Thunderbird. One is AOL and the other is my ISP provided e-mail. AOL e-mail which is IMAPS port 993 never has Eset generated message appended. ISP e-mail which is POPS port 995 does have Eset generated message appended. Now the AOL e-mail uses OAuth2, so maybe that's a factor. Or, there is an issue with this feature for IMAPS e-mail. It does make one wonder if Eset is actually scanning IMAPS e-mail.
  20. Refer to this recent posting: https://forum.eset.com/topic/27610-windows-7-date-protection-term/#elShareItem_1501698252_menu in regards to what is required for Eset to continue to work properly on Win 7.
  21. You also need to employ a bit of "deductive logic" in situations like this. You are using cracked high valued software normally used in commercial environments. Malware development these days is monetary based. Therefore, malware developers will target software sources used by commercial environments where the possibility of monetary gain is greatest. Bottom line - cracked commercially used software fulfills this objective.
  22. Also read this: https://www.bleepingcomputer.com/news/security/pirated-software-is-all-fun-and-games-until-your-data-s-stolen/
  23. It's impossible to determine that. For example, the cracked download can contain a unknown backdoor. The backdoor can lie dormant for days, weeks, and months and then activated by an attacker. They have been backdoors that have been discovered that have laid dormant on devices for years. When Eset detects cracker software as a PUA it is warning you there is a chance that something else malicious may exist in the download although it presently has not detected anything. Also, refer to my posting here: https://forum.eset.com/topic/24825-if-you-use-licensing-cracking-software-you-need-t
  24. You keep asking the same question over and over again. The answer again and again is that Eset is detecting the crack software being used in SolidWorks download; i.e. .iso file as a PUA; i.e. potentially unwanted application. If you don't want Eset to detect as such, you will have to manually create a PUA exclusion for whatever Eset is detecting. As to if Eset sometime in the future might decide that this detection is no longer a PUA but actually malware, that obviously is unknown.
  25. Since Eset is detecting a hack tool associated with license cracking, it can be assumed that this Solidworks Premium version is a cracked version. Additionally unless your family is wealthy, it can be assumed this version is a cracked one. I came across a web posting that noted in 2016, a SolidWorks Premium one year license in the U.S. costs $8,000 with a one year maintenance cost of $2,000 for that license. I will also note that in the U.S. software theft in this value range would be considered a felony punishable by a sizable fine and possible jail time. My understanding is SolidWo
  • Create New...