-
Posts
12,244 -
Joined
-
Last visited
-
Days Won
322
Posts posted by itman
-
-
@Marcos, "playing" with the scheduled scan time setting did the trick. Log maintenance scan ran at its scheduled time:
-
1 hour ago, Tatiana said:
The Lenovo machines with which I am testing have the module turned on and some are detected by ESET and others are not
Appears it boils down to what is Eset detecting when it pertains to LoJax: https://www.eset.com/us/about/newsroom/corporate-blog/what-you-need-to-know-about-lojax-the-new-stealthy-malware-from-fancy-bear/.
In the Lenovo forum link I previously posted, Absolute, the software vendor, discusses how Computrace functions. Without its monitoring service:
QuoteThe Computrace service is purchased as a separate option and the monitoring Server will enable its agent security module through an interface provided by the BIOS. The Computrace tracking agent can only be used in the US, UK, Canada, and Australia. Computrace(R) and Absolute(R) are registered trademarks of Absolute Software Corporation.
it appears the code implemented in the UEFI firmware does nothing. Assumed is the code in the firmware will only connect to Absolute's monitoring servers.
Note that the legit version of Computrace's firmware code is named LoJack. The malicious version is named LoJax. Here's an Eset technical write up on LoJax: https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf . Bottom line - just because there are settings in a device's UEFI indicating Computrace is installed does not mean that you are infected with the LoJax malware.
-
31 minutes ago, mmatthe8667 said:
www.tivatuddpnoheni.com goes to 95.211.184.67
Appear the IPs are associated with a domain server - per Robtex:
QuoteThe IP number is in Netherlands. It is hosted by LEASEWEB.
That server appears to have one or more malicious domains associated with the domains it is hosting:
QuoteWe investigated 100 host names that point to 95.211.184.67 . Example: cdneu.dadafarada.com, img.conicono.com, img.yepabonocemm.com and cdneu.appchucklegift.com. We estimate that it is used as ip number by 161 host names.
QuoteTHREATMINER
Threat information such as virus etcURI
Last Seen URL 2016-05-20 02:06:45 http://cdneu.dolphinmemory.com/products/PDF-Reader-v2.cis 2016-05-07 06:04:22 http://cdneu.tokoholapisa.com/ofr/Solululadul/asgnd.cis 2016-02-07 10:47:46 http://img.mydivcdn.com/img/CH_logo_new.png 2016-01-22 07:47:47 http://img.sourceforgecdn.com/img/Rerarapepe/Rerarapepe_b.png -
15 minutes ago, mmatthe8667 said:
hxxp://www.tivatuddpnoheni.com/ofr/Solululadul/osutils.cis;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY
hxxp://www.tivatuddpnoheni.com;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY
hxxp://www.tivatuddpnoheni.com/ofr/Solululadul/icc_v5_8.cis;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY
You also need to post the IP addresses associated with these alerts. It's possible a redirect is going on.
-
8 minutes ago, mmatthe8667 said:
the site it shows is different ones of this: hxxp://www.tivatuddpnoheni.com
Checked this on URLVoid and site is 100% clean.
-
My question is why is this type of software attempting to connect to the Internet with the activity you posted? It is basically just software to create a .iso file for the most part. At most, the only outbound connection it would need is to the vendor's server for software updates.
-
Are your Eset firewall settings set to default values?
-
You might want to export your existing settings. Then download the offline installer for 12.1.31. Uninstall Eset. Reinstall 12.1.31 and see if that resolves your existing scan missing log issue.
-
1 minute ago, TomFace said:
I've had no issue with the icon animation,
It only occurred with the "unscheduled" scan as a result of time change. The legit scheduled scan showed the animation.
-
No problem with my Eset installation with scheduled scan logging as the below screen shot shows. Also I was wrong about my prior statement about scan starting immediately after a time change. It did start running and worse, it does not now show the scan is running via Eset desktop toolbar icon animation!
-
3 minutes ago, TomFace said:
Nevermind it's OK. Please disregard.
Are you stating your log file issue has been resolved?
-
16 minutes ago, TomFace said:
No log entry for my scheduled scan. The only log entry is from a manually requested scan via...
OK. I just modified my scheduled scan to run today at 11:25 AM. Will report back after scan runs if it created a log entry with details provided.
A short time ago, I received a modules update. What I now observe when modifying an existing scan run time is it doesn't start running the scan immediately when saving my changes. So it appears Eset fixed that issue.
-
15 minutes ago, TomFace said:
Here's the latest: I deleted the existing scheduled task and built a new one. Still got the same result-no log entry under scans.
I am trying "to get a grip" on what you are describing. Are you stating that you are not receiving any detail log information in ver. 12.1.31 as my below screen shot shows for my EIS installation?
-
13 hours ago, marintaxpro said:
Every machine purchased in past 10 years has had issue & I've spent fortune on live, remote and program attempts to fix.
What your narrative describes is akin to something out of a malware sci-fi horror movie. Are you stating that every device you have connented to your network in the last 10 years has been affected by what you posted?
-
15 hours ago, Marcos said:
A task was run when it was due:
Again, not on my Eset installation. Perhaps Eset not in sync with U.S. DST?
-EDIT- Just occurred to me the problem might only manifest with scans that existed prior to the 12.1.31 upgrade. You created a new scan to test. I will edit the Log maintenance scan and see it that eliminates the problem.
-
Well, daylight savings time is now in effect. Wanted to see if this resolved the default log maintenance scan running an hour ahead of schedule as noted in the above linked posting. It did not. That scan ran an hour ahead of schedule today. Definitely appears their is some type of time issue between Eset scheduler and system clock.
-
-
-
6 hours ago, Rohit said:
but for this particular task that I am creating, I don't want to scan all files. Only executables to be scanned.
Not possible as far as I am aware of. Lowest scan level in GUI select field is folder/directory level. However, see the below screen shot. There is an area where you can enter a specific path. You can "play" with that to determine if any wildcard capability exists; e.g. C:\SomeDirectory\*.exe.
6 hours ago, Rohit said:Also, for the scheduler scan, I want to specify the folders which I want to scan. I did not find an option to do this.
-
I received a log entry for my scheduled weekly scan that ran a few hours after I upgraded to 12.1.31.
I suspect the scan didn't run as scheduled. Hence no log entry. Did you see the scan running by visual confirmation of Eset desktop toolbar icon spinning?
There have been issues with the scheduler in 12.1.31. You might try deleting your existing scan and recreating it. Then see if it runs as scheduled and a log entry is created.
-
-
1 hour ago, Hijin25 said:
Excuse the insistence. Is that I'm a little paranoid with the security of my PC, and when something strange happens I get restless.
You will have to be patient and let @Marcos get back to you with whatever issue Eset is detecting with the web site. If you immediately have to download AdwCleaner for some reason, you can do so via the bleepingcomputer.com link I posted previously.
-
I just scanned toolslib.net using QUALS SSL Server check and they gave the site an A+ rating: https://www.ssllabs.com/ssltest/analyze.html?d=toolslib.net&s=51.15.229.92&latest . All certs. look OK except they are using a self-signed Let's Encrypt cert.. Only thing QUALS noted was:
OCSP STAPLING ERROR: OCSP response expired on Tue Mar 05 18:00:00 UTC 2019
-
1 hour ago, StevenCheong said:
Because it didn't work when I'm running some of the malware.
What malware was not being detected I guess is the major question.
Installed poweriso and eset is blocking websites
in Malware Finding and Cleaning
Posted
One benign reason is the software is trying to update itself. It should have an option to change/disable auto updating. Disable auto update and if the outbound connections cease, you have resolved the issue.
If the outbound connections persist, it could be indicative of malicious or other undesirable activity.