Jump to content

itman

Most Valued Members
  • Posts

    12,102
  • Joined

  • Last visited

  • Days Won

    319

Everything posted by itman

  1. If it was related to an Eset module, one would expect the same erratic Custom scan In-depth profile behavior to manifest when using the In-depth profile for a default scan which is not the case. Some other undisclosed scan behavior is occurring when a Custom scan is being used which needs to be fully disclosed. For example, the registry option should not be selected when performing a Custom scan.
  2. On-Demand scan option is the default when you select "Scan my computer" via Eset GUI. If you wish to change it from the default Smart profile scan, you would first have to enter Advanced setup mode in the GUI. Then select Malware Scans option. At this point, the On-demand scan options are presented. Change Selected profile option to In-Depth and save your changes. Exit Advanced setup mode and now select Computer scan -> Scan my computer. Once the scan is completed, you can repeat the above and change profile option back to Smart mode if you so desire.
  3. Below are the scan log entries from two test scans I ran today. Both scans ran for approximately the same time till I terminated then. Custom scan using In-depth profile - Eset still scanning registry entries at time of scan termination; Time;Scanned folders;Scanned;Detected;Cleaned;Status 10/24/2023 10:28:43 AM;Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\;E:\Boot sectors/UEFI;E:\;G:\Boot sectors/UEFI;G:\;H:\Boot sectors/UEFI;H:\;3990;0;0;Interrupted by user On-demand scan using In-depth profile - Registry scanning completed and Eset scanning WMI entries at time of scan termination; Time;Scanned folders;Scanned;Detected;Cleaned;Status 10/24/2023 2:27:42 PM;Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;E:\Boot sectors/UEFI;C:\;D:\;E:\;WMI database;System registry;16036;0;0;Interrupted by user Note the difference is scan parameters generated by Eset.
  4. Re-read what I just posted. There is no issue with In-depth profile registry scanning when done from the On-demand scan option. Therefore the issue is not with the In-depth scan profile since the same profile is supposed to be used in a Custom scan.
  5. As far as I am concerned, I know what the issue is. First, a review of Smart and In-depth profile ThreatSense parameters as shown in the On-Demand scan option. The difference between the two profile options is; Smart scan - Archives are not scanned. Smart Optimization is enabled. In-depth scan - Archives are scanned. Smart Optimization is disabled. The registry scan time for both profile options is the same; approx. 2 min.. Now for the Custom scan option. The Smart scan profile results in regards to registry scan time is the same as that for On-Demand Smart scan - approx. 2 mins. The In-depth registry scan time is well, in hours. What Eset is doing in the registry scan is beyond me and I don't really care at this point. If you wish to perform an In-depth scan, do so from the On-demand scan option selecting the In-depth scan profile.
  6. As I posted previously, ping.exe (22 KB) was being scanned when I attempted to cancel the scan in non-Admin mode. No problem at all cancelling the scan in Admin mode.
  7. FYI to others. The setting exists under ThreatSense -> Other settings for On Demand In-Depth scan profile,
  8. I advise you cancel the running In-depth scan. Then start a new In-depth scan with Smart Optimization profile selected.
  9. I was able to resolve one issue. If you perform the In-depth scan as Admin, you can terminate the scan via Eset GUI option. This however did not resolve Eset hanging on select files during the Registry scan phase.
  10. Web site is blacklisted by Eset. VirusTotal shows Eset only vendor to detect malware on the web site.
  11. The web site developer is the only one who can remove the malware. If he can't, it's his responsibility to engage a third party source that can do so.
  12. I already posted how you stop the scan. First, terminate the scan via Eset GUI option. Note this won't stop the scan. Then restart your PC. After restart, the scan won't be running anymore.
  13. If its believed this is a false positive detection, you can submit it to Eset per instructions given under the first topic given in the forum FAQ section. I will say that Eset web site detection's are "right on spot" when it comes to detecting JavaScript based malware. Also if the are using WordPress Plugin YOP Poll 6.3.2, it is vulnerable to cross-site scripting attack: https://www.acunetix.com/vulnerabilities/web/yop-poll-cross-site-scripting-6-3-2/ .
  14. Actually, selecting any item in any of the service sections shown on your home web page will trigger the Eset detection;
  15. Here's my test results. Registry scan using Smart scan profile scanned 191 objects took 123 secs. Registry scan using In-depth scan profile ran 37 mins at which time I terminated it. As previously noted, I couldn't terminate the scan from Eset GUI; it just grayed out the pause and "X" buttons and kept on running. A system restart did stop the scanning. During this time, Eset scanning did spend extended scan time (> 5 mins.) on System32 directory files that didn't make any sense. One file was bi.dll - Background Broker Infrastructure Windows Client Library; a 30 KB file. Another file was ping.exe. One possible explanation for the extended scan times was files were being submitted to Eset cloud servers, but I saw no evidence of that.
  16. This doesn't affect Win power settings if the laptop is plugged in as I posted; https://www.lifewire.com/turn-off-power-saving-mode-4706502
  17. The Github link I posted was to the original WP plug-in. My above posted screen shots show that this plug-in was modified by someone named Mr. 7Mind. This same individual also has numerous other scripts posted at Github including reverse shell backdoors. So it appears this hack was very much "an off-the-shelf" one. The question is where was the modified WP plug-in acquired from?
  18. For starters, I recommended you reset your router. They might be an issue with the router.
  19. I get the same detection's using Firefox; minus the WDF.exe detection's. Don't know if this is Chrome related or not. Also, the venom.network detection is a PUA one. This means it's the user option if they wish to proceed to the web site at their own risk.
  20. Other recent postings in the forum have noted similar manual scan behavior in ver. 16.2.15. That is the scan stopping early in the scan. It appears to only affect some Eset installations and the cause has yet to be identified. In any case, the above is the reason for your laptop entering sleep mode. The Eset scan appears to be entering idle mode. Windows sees no active tasks are running and then initiates normal sleep mode per existing configured power saving settings. Also power saving battery mode only applies to when the laptop is not connected to an electrical outlet. You might try resetting Windows power & sleep settings to default Balanced values and see if this stops the behavior you are observing.
  21. Believe I found the original code at Github: https://gist.github.com/kosinix/52c13666c5632dae559910dbfe180df2
  22. Eset now finally blocking the domain; Also of interest is this domain won't scan at Sucuri. It displays the web site doesn't contain any data - go figure.
  23. My FF 118.0.2 showed code in plain text format. Note the modification author even stated who he is. Since this person has multiple scripts posted at Github, I assume this is where it originated from.
  24. Access ndot.us/za in a browser on Windows and see what happens. https://www.virustotal.com/gui/url/df38f83fac1af3dcc1a8c5380d99083d6ffa43ec6470c3bd433ed12541d1dc59/detection Interestingly, Eset didn't block the code from being displayed.
  25. Since you traced the issue back to Eset HTTP/HTTPS scanning, I would try adding Jellyfin and Plex apps to Eset SSL/TLS scanning exclusions setting the Scan action to "Ignore" per below screen shot;
×
×
  • Create New...