Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. Also of note is there have been multiple security vulnerabilities disclosed in regards to ASUS routers: https://www.cvedetails.com/vulnerability-list.php?vendor_id=3447&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opg If that router's firmware hasn't been updated in a while, I recommended doing so with the latest release available for it.
  2. Here's one that that hasn't been tried yet. Eset ver. 12.2.15 introduced registry and WMI scanning. A limited scope scan of both are being performed at boot time. There were problems with this that were supposed to be fixed when Eset pushed a recent Cleaner module update. Do this as a test. Prior to performing a system restart, temporarily disable Eset's scheduled startup scan by uncheck marking it. Now restart the system. If system doesn't hang, this is the culprit. Make sure you recheck mark the scheduled startup scan since it is a vital security mechanism.
  3. Post a screen shot of what you are referring to.
  4. Is he using the same router connection as you. That is, are you both using a Wi-FI connection to your PCs? Also to address @SlashRose comment, are both PCs using the latest Eset version; i.e. 12.2.15?
  5. I have no idea really why your router suddenly would be identified as such. As far as mini UPnP refer to this: http://miniupnp.free.fr/ . What bothers me is this; WanConnection Device. WAN's are a network of geographically distributed networks. Obviously this doesn't apply to you and might be indicative of your router being part of a botnet.
  6. Another thought just occurred to me. Are those not having Eset issues after system shutdown time using Win 10 fast startup option? It would make sense that the XBox virtual drive is not being deallocated since fast startup is very similar in functionality to sleep mode. Scratch this since OP stated Fast Start Up enabled.
  7. I will say this. If one wants to test a security product's ransomware detection capability, go to Github and download one of the "educational" ransomware there. These actually encrypt your My documents, etc. folders and provide a decyption key to unencrypt your files. Obviously, do so at your own peril and ensure all your folders are backed up prior to testing. Ref.: https://github.com/Sh1n0g1/ShinoLocker Details here: https://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/ For the truly adventuous, "go for the full monte" and use actual ransomware: https://github.com/FozzieHi/Ransomware
  8. Yikes! This is still coming up after three years. I wrote about this here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ and methods employed by Ransim and why Eset ignores their tests.
  9. Interesting posting here: https://www.tenforums.com/virtualization/125684-virtual-drive-hard-disk-disappears-after-rebooting.html that confirms that virtual drives are de-allocated at system shutdown time: To get around this behavior: I suspect XBox might be doing above similar behavior and might be inconsistent in how it is doing so at cold boot vs. system restart time.
  10. I recommend creating an Eset technical support request on this to make Eset aware of the issue. Obviously, this is an issue that can't be resolved in the forum.
  11. For Gmail, follow this guide: https://support.google.com/mail/answer/8158?hl=en to change your e-mail sender name and see if that solves the problem.
  12. If you suspect that your router has hacked, the easiest way to resolve it is to perform a "hard" reset of the router. If the router has not been assigned a strong password: https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/ assign a strong password to it. Many routers use the default "Admin" password or no password,
  13. One possible workaround to this Eset restart issue is to terminate manually anything Xbox-wise that is running prior to a system restart. Might be that XBox Game Bar app? Not familiar with using XBox on a Win PC. After terminating XBox and prior to system restart, open Disk Management via Control Panel -> System and Security -> Administrative Tools -> Computer Management and verify that the virtual drive no longer exists. If so, then restart the device and see if this resolves the Eset hang up issue. It also appears that the Microsoft.GamingServices app installs 2 drivers; xvdd.sys = XVD Disk Driver (Microsoft Gaming Filesystem Driver) and gameflt.sys = Gaming Filter (Microsoft Gaming Install Filter Driver). Assume it also creates a service for xvdd.sys. The key here is how the service for xvdd.sys is starting. If it is Automatic, the virtual drive is being created at each system restart. If it's Manual-triggered, then the virtual drive is being created whenever an existing Xbox service starts up I would imagine.
  14. I would like to state that the problem is with the virtual drive being allocated to XBox Game Pass. But it appears that's only part of the issue. A while back, I had mounted a .iso and subsequently later realized the virtual drive was still allocated. That is, the drive was permanently allocated and persisted after a system restart. No problems with Eset whatsoever. What I believe might be going on in regards to XBox is the virtual drive it is using is not permanently allocated but is de-allocated at system shutdown time. When XBox starts up after a cold boot, the virtual drive is reallocated. Eset has no conflicts with this activity. Makes sense since it appears the xvdd.sys driver is what creates the virtual drive. However in the case of a system restart, I suspect the virtual drive is not de-allocated but entering some type of unknown suspended state. When the virtual drive resumes it's normal state, this new status is what is causing Eset to hang and in turn, the entire system to hang. I would check in the XBox forum for anyone have like issues with their AV product and what mitigations resolved it.
  15. If you are referring to web site ads, Eset will detect malicious ones. It doesn't detect all ads. You need a browser based add-on/extension such as uBlockOrigin to prevent ads from showing on a webpage.
  16. I tired to duplicate this by selecting keyboard arrow keys and could not duplicate this behavior in EIS 12.2.15 B&PP using module 1192 on Win 10 2004. I typed 123356 then pressed all arrow keys in sequence; up, down, left, and right - no repeating 6 number generated. Do you have any key scrambling software installed such as KeyScramber: https://www.qfxsoftware.com/
  17. Post Eset Log Collector file as an attachment to your forum reply. Eset allows attachments up to 50 MB. Only Eset moderators can read forum attachments not directly inserted into the reply.
  18. For starters, check this directory, C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, for any entries related to these two files. Better yet, post a screen shot of what is shown in that directory.
  19. Doubt that will work for this type of serious system malfunction alert.
  20. Those files are definitely malicious. Many AV vendor detection's for them at VirusTotal. They also are not valid Win OS files. I can find no reference to them on my Win 10 2004 build in my System32 directory. Appears there are still remnants of the malware on your device that is causing the popup at system shutdown startup time. Most likely a scheduled task or registry entry. -EDIT- Also could be a Win startup directory entry. Also it appears your device might be compromised as far as Win permissions go. Malware should not be able to gain access to System32 directory unless it also was successful in elevating to full Admin or System privileges.
  21. I don't see that alert notification listed in Eset Application Statuses that can be disabled. Therefore, it appears this alert cannot be disabled.
  22. Yes. Copy the complete hash for each entry and post it a your next reply. To do do, open notepad.exe . Copy each Eset log entry by left mouse clicking on the entry and select "Copy." Then Paste the entry into notepad. Finally, copy the hash value from the notepad based log entry into your next reply.
  23. According to the Eset website, their are no authorized Eset partners in Iran:
  24. Check the Eset Detection log for entries associated with this quarantine activity. Post the file hashes from the Eset Detection log entries associated with those two files.
  25. It should also be noted that the above referenced VT link that Eset and Rising detect as a PUA is in reference to the unhackme.zip download. That .zip file contains the UnHackMe installer, unhackme_setup.exe, that is detected by Avast, AVG, Eset, Rising, and Sangfor at VT: https://www.virustotal.com/gui/file/bf51b737b14bc72fb819f2e79f5a8da870848cbb9add1c95f6d26d62cf2551fd/detection . Sangfor detects it as malware. -EDIT- Also the Tencent detailed behavior analysis at VT shows a screen scraper being installed and never uninstalled.
  • Create New...