Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. If problems persist after running ESET Online scanner, you could also try performing a Win system restore using a restore point prior to when you installed the app/malware. This won't remove all of the malware and/or app but should reset system settings to what existed prior to the app install. This will hopefully also restore Eset functionality to the point you could run a full scan with it. Note: the malware may have disabled system restore functionality.
  2. No offense taken. My advice is submit the installer to Hybrid-Analysis: https://www.hybrid-analysis.com/ , for a full sandbox analysis and see what it determines.
  3. Further analysis of VT sandbox findings confirms my early suspicions. To understand what is going on, two epi.exe, aka bootstrapper.exe, processes are running. One as the parent process and one as a child processes. Note that the epi.exe processes are not the same. The malicious process being detected at VT is the unsigned parent epi.exe process. The child epi.exe process spawned is legit and validly signed. Ref.: https://www.virustotal.com/gui/file/a7af6d852fadd2bf4b9ef36b3f96e322e08254b20682fe174b0c38738e5f3864/detection Of note is most of the VT detection's for the pare
  4. VT is slowing conflicting info. per the below screen shot. Again, its flagging bootstrapper.exe as the problem. This file is signed. Also, VT lists epi.exe. But, when I scanned the hash for the extracted file, there were no detections. It's as if VT is perhaps detecting the downloaded ver. of epi.exe which I assume is a latest ver. update of the file?
  5. Perhaps the prudent thing to do here is that Eset provide the file hash for epi.exe. Then compare that hash value to the epi.exe file hash value downloaded. -EDIT- Also the VT detection is for bootstrapper.exe which appears to create the following: C:\Users\<USER>\AppData\Local\Temp\eset\bts.session\{02D83BBE-EB93-B7D9-1A5E-10CDAD2E32F1}\epi.exe C:\Users\<USER>\AppData\Local\Temp\eset\bts.session\{02D83BBE-EB93-B7D9-1A5E-10CDAD2E32F1}\sciter-x.dll C:\Users\<USER>\AppData\Local\Temp\eset\bts.session\{02D83BBE-EB93-B7D9-1A5E-10CDAD2E32F1}\eguiActivation.d
  6. For what it is worth, I checked out payment policies at a major e-retailer, newegg.com. They don't accept either MasterCard or Visa payments in any fashion from Canada. Ref.: https://kb.newegg.com/knowledge-base/international-payment-methods/
  7. I never stated or implied that. I was just stating a justification for any merchant not wanting to accept a debit card.
  8. A couple more discussion points on this issue. If you have a Visa or MasterCard logo debit card and the merchant accepts either in credit card form, they must also accept a debit card for payment by either. If they don't, they are in violation with their existing payment processing agreement with Visa or MasterCard. Something for you to check out. If this is the case, you can file a formal complaint with Visa or MasterCard. The only other reason I can think of is why a merchant wouldn't accept a debit card deals with payment issues. A debit card transaction is for all practical purp
  9. Did you set up the proxy server data per the below screen shot?
  10. Additionally, Eset license status is shown in the Eset GUI Help and support section per below screen shot. The posted example shows an Eset license with one seat; i.e. 1 device, purchased:
  11. You're referring to "seats." For example, a 3 PC license has only one license key but 3 seats allocated to it. When this license is installed on a PC, a seat is allocated to it. To reallocate a previous used seat to another device, you uninstall Eset on the device where it is installed. This should automatically remove this seat allocation in Eset License Manager. You can now install Eset on another device and a seat will be allocated to this device in Eset License Manager. However, sometimes things get screwed up for a variety of reasons and the seat allocation in Eset License Manag
  12. Of note is if you run in permanent private browser mode in Firefox as I do, all your history is auto deleted at browser close time.
  13. In regards to why Eset won't accept Paypal payments, Eset licenses have geographic restrictions; both for purchase and use. Paypal payments in regards to purchaser identity are anonymous as to origin of the purchaser. https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security
  14. Appears it depends on whether your debit card is restricted to use only within Canada: https://travel.stackexchange.com/questions/112712/can-i-use-us-bank-issued-credit-debit-cards-in-canada#comment274511_112714 I believe most Visa/Mastercard sponsored bank issued debit cards can be used internationally but some countries have problems. You need to contact your bank about use of your debit card outside of Canada. Your complaint should be why Eset N.A. does not have a relationship with financial concerns outside of the U.S. in countries that th
  15. You can use/add Firefox extensions in B&PP mode if you enable "Secure all browsers" setting per the below screen shot. As noted, this will allow use of popular extensions. Whether this https://addons.mozilla.org/en-US/firefox/addon/history-cleaner/ is in this category, I have no idea. You would have to experiment with adding it. Note: enabling "Secure all browsers" setting will result in Firefox always opening in Eset secure browser mode. Be aware of that and it could cause other issues when using Firefox for normal browsing activities.
  16. Use can use tracert command to diagnose connection issues: https://www.lifewire.com/tracert-command-2618101
  17. Yes, that was also my assumption. As far as use of my.eset.com, it is only applicable if the license was purchased directly from Eset. Otherwise, you have to create an account at my.eset.com and manually add your license to it.
  18. Ethminer is indeed a legit coin miner. However, there are malicious versions of it but it appears this is not the case here. One possibility is you unwittingly installed it as part as other software you installed. Legit ethminer runs via command line interface. In other words, there is a batch script; i.e. xxxx.bat, starting it; most likely at boot time and possibly as a scheduled task. Another possibility is its running from this registry key; C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup at system startup time. Some refs. below: https://github.co
  19. You should have a VGA port on the laptop that allows you to connect an external monitor. However, this will only work if the graphics chip on the laptop motherboard is not damaged which very well may be the issue. Disconnect the monitor from your tower and connect it to the VGA port on the laptop. Power up the laptop and enter BIOS settings and set graphics to use external VGA monitor. Note that I don't know if the BIOS change is actually needed. Some laptops sense an external monitor is connected and auto switch to it. Also and obviously, this will allow you to download your files f
  20. Disabling Eset real-time protection would have no effect in regards to this issue. In Eset GUI Internet protection section, disable E-mail client protection and see if you can now receive e-mails in Thunderbird.
  21. There is also another alternative to "block-at-first-sight" that I have mentioned previously in the forum. This is a usable whitelisting capability via Eset HIPS. The current problem with the HIPS existing learning mode is that it records every activity a process performs. This in effect makes the existing HIPS rule set unusable due to both the sheer number of rules created plus the fact there is no present way to sort/order rules. My previous and current suggestion is Eset provide a HIPS option that only creates allow rules for processes run while in learning mode. This could be fur
  22. I scanned the file at VirusTotal and it was immediately detected as a trusted Microsoft file; i.e. by hash value. The file on my device hasn't been updated since 12/2019. As such, its purpose is not for white or blacklisting. As the Malwarebytes forum reference notes, there is zip info on the web on what this file is used for. My best guess is this has something to do with a Live domain tracking project Microsoft experimented with a while back and has since abandoned. They just left the existing file in place; probably forgot about its existence.
  23. As far as I am concerned, "the bug" lies in the secure all browsers option. It appears the intent was to correct the issue where one assigned for example, Firefox as their Win 10 default browser. However they use for example, Chrome as their everyday browser. With Chrome in use, they entered a B&PP protected bank site URL. Eset in previous versions would open the Win assigned default browser; i.e. Firefox, in B&PP protected mode versus a protected mode Chrome window. Currently if the secure all browsers option is enabled and an Eset supported browser is used, the browser is a
  24. I just tested with the secure all browsers option enabled using Firefox since I don't use Chrome or have it installed. Aside from a very slight delay in home page rendering at browser startup time, there were no further browser slow down issues. Also, there was no separate opening of another B&PP secure browser window when accessing my bank's web site. Of note is Eset B&PP creates a separate Firefox profile for B&PP use when secure all browsers option is disabled. I suspect the issue here is with Chrome which has been most problematic historically with Eset use.
  • Create New...