Jump to content

itman

Most Valued Members
  • Content Count

    6,245
  • Joined

  • Last visited

  • Days Won

    173

Everything posted by itman

  1. Read this above posting: https://forum.eset.com/topic/22995-latest-update-bsod/?do=findComment&comment=111480 The last update to 2004 borked things. Also as I posted previously but apparently you did not read, Eset doesn't officially support Win 10 Preview builds.
  2. If you're using a Win 10 Preview build, the solution is to uninstall it and use the the latest released version of Win 10 which is 1909.
  3. As far as candidconcepts.com goes, the IP addresses associated with it are 88.208.222.179 and 88.208.222.180. As far as domain name blocking goes, have you tried *.candidconcepts.com/* and *.candidconcepts.net/*? I assume Eset mail server supports that wildcard notation. Block that IP address then. Doing so might end up blocking a lot of legit e-mail though. It appears a lot of Internet traffic routes through those relay backbone servers.
  4. CHINANET Anhui PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032 It's a backbone server, CHINANET-BACKBONE No.31,Jin-rong Street. As such, it wouldn't be the origin of the e-mail but just an intermediary delivering it.
  5. This has been fixed in the latest WD engine update to be pushed via Win Updates: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-defender-scan-bug-with-new-update/
  6. My suggestion again is to go to the malware removal sites I posted previously for assistance. Or, contact your in-country Eset support representative for assistance as long as you are using a paid licensed version of Eset. -EDIT- As far as malwaretips.com and also possibly bleepingcomputer.com, note the following restriction: https://malwaretips.com/threads/piracy.38446/
  7. Are you stating you are getting the same alert in Edge and that you have no extensions installed in it?
  8. Another FYI observation in regards to the above posted script code. Of note is the amptylogick.com domain reference. Both Eset and Fortinet detect this domain as malicious on Virus Total; the only two listed solutions to do so. So I assume Eset's detection in this regard is by blacklist.
  9. As far as JS/Adware.Revizer malware is concerned, this FireFox posting might be informative: https://support.mozilla.org/en-US/questions/1228037 . It is definitely extension related. Also appears MalwareBytes might be able to get rid of it; at least in FireFox.
  10. I don't use Chrome, But I suspect it works similar to FireFox in regards to the user's profile. That is it is not deleted and when Chrome is reinstalled existing settings, extensions, and the like are retained and reestablished. It might come down to you having to manually delete this profile along with all traces of Chrome on your device. Then if the malware alerts cease upon reinstall, one by one reinstall your prior extensions. If Eset starts alerting after an extension installation, that is your culprit. An alternative to the above is to go to the malware support sections of either malwaretips.com or bleepingcomputer.com and have one of their malware remediation experts assist. They will instruct you to download and run a number of specialized tools for malware diagnostics along with other tools that specialize in removing browser based malware.
  11. Agreed. I was referring to past forum postings where the issue was traced back to a recent signature update.
  12. This issue has already been reported in the forum. There is a hash problem with eamsi.dll. It does not affect its functionality in any way and the .dll is being loaded into applicable processes.
  13. JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.
  14. FYI in regards to anyone using Win 10 Insider builds: https://www.onmsft.com/news/kaspersky-declines-support-windows-insider-builds-windows-10 To the above, I add that just because Eset runs w/o issue on a Win 10 Insider build does not imply it is working properly. In other words, it is "user beware" in this regard.
  15. It helps very much. Eset doesn't officially support Win 10 Insider builds.
  16. Now this is a strange one. I enabled Driver Verifier to scan all drivers loaded at boot time. PC slowed to a crawl at boot time but there was zip issues with any of Eset's drivers. Now none of Eset's stub .dll drivers showed as loaded. But I beleive ekrn.exe loads those into kernel space subsequent to boot time. So I am leaning toward an issue with recent Win Updates which are causing blue screens on a limited number of select Win 10 devices regardless of AV installed. Appears whatever those updates did is not "playing well" with select Eset drivers loading at boot time.
  17. I assume you mean you're using Windows Defender. As such, you want to keep "Launch of anti malware protection" enabled so the WD ELAM driver loads. With Eset uninstalled, there will be no launching of its ELAM driver at boot time.
  18. For those whom have received this boot screen due to eamonm.sys, someone opened another thread that they were getting, Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION, from it: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x3b--system-service-exception . Is this what is being displayed on your blue screen?
  19. FYI: https://www.techinpost.com/blue-screen-driver-corrupted-expool-windows-bsod-pc-error-issue/ . However:
  20. You are correct. This is how a standard user account works by default unless overridden by Group Policy.
  21. You can disable admin approval mode for the built-in default admin account via Group Policy: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account . Note: doing this puts you at considerable risk since no UAC alerts will be displayed. If a APT attacker drops malware abusing a Win trusted system utility that can perform hidden admin elevation, you won't be aware this has taken place. This is why security experts recommend UAC be set to its highest level versus its default level. I assume the above will also eliminate the UAC alerts being generated by Eset.
  22. Actually, you run as a limited admin and Windows prompts via UAC when full admin privileges are required. Also in Win 10, you can't log on as full admin since Microsoft removed the account on the Home versions. You can create a standard user account and log on under that. You won't get any UAC alerts since anything requiring admin privileges will be automatically blocked. This includes Eset GUI modifications.
  23. I also believe that this issue has nothing to do with eamonm.sys. It is highly unlikely that Eset's ELAM processing would refuse to load its own driver. Even if it did, eamonm.sys is not a critical OS driver. A boot-time blue screen would not occur from not loading it. Now if eamonm.sys was corrupted in some way, that could cause a boot-time blue screen. But a subsequent uninstall/reinstall of Eset should have corrected this. However if Eset uninstaller tool run in Safe mode was not deployed, it is possible the corrupted eamonm.sys driver remained in the Win driver directory. And a reinstall did not replace it since it already existed?
  24. No. Eamsi.dll is still being loaded into select Win processes Eset monitors by this. Also, this would not cause a BSOD at boot time since the .dll injection is done subsequent to that.
  25. In regards to the original posting reference to disabling early launch anti-malware driver via boot startup option, a quick review on what it does: https://www.top-password.com/blog/disable-early-launch-anti-malware-protection-in-windows/ Since the majority of Eset ver. 13.1.16 upgraded devices have no issues in this regard, it would appear that on a few select Eset installations its ELAM driver is detecting an existing driver as malicious. The key to resolution is to find out which driver is being detected as malicious. One way to do this is to enable Win 10 boot logging as follows: https://www.windowscentral.com/how-enable-boot-log-windows-10. Reboot. Then using Notepad, print the ntbtlog.txt file located in C:\Windows. Now install Eset ver. 13.1.16. Reboot. PC should blue screen at boot time. At this time, you can either boot into Win 10 recovery environment and disable ELAM, or boot into safe boot. Then again uninstall Eset. When you do get Win 10 successfully rebooted, again print out ntbtlog.txt. Now compare the two printouts. From the bottom of the printout, work upward till you find the boot log section with entries associated with the blue screen. The last driver shown in that section will be the last driver successfully loaded. Now find that driver on the earlier ntbtlog.txt printout. The next driver listed on the earlier printout should be the driver Eset ELAM processing refused to load and aborted the Win 10 boot.
×
×
  • Create New...