Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. The whole purpose of the Rescue disk is to scan your existing internal disk drives for malware. It can't do so because the disks are in effect non-functional since they haven't been formatted. The end result is the Rescue disk "hangs" when trying to scan those drives.
  2. I also suspect that perhaps "someone" has become fed up enough with the crackers activities that they might be purposely hosting malware on the backend api servers used by the crackers. In effect, using the AV's to block connections to those servers resulting in the shutdown of the cracked software use.
  3. Here's my strong suspicion of what is going on. I swore to myself I wasn't going to post this because I believe anyone using cracked software deserves to be infected. It appears the crackers are using a backend api server. They are also using port 8880. Eset appears to be detecting any connection to a backend api server via port 8880 as botnet activity. Or more specifically, the IP address used by this type of network connection is being detected by Eset as malicious. There also appears to be a malicious JavaScript variant performing this same type of backend api connection via port 8880. How to differentiate between the above activities is where; wscript.exe/e:key:przSlksUf6ucMA is specified as part or the Win Startup directory entry. The "key:" use is for passing the crack key to the backend api server used by the cracker.
  4. What's currently going on can apply to any cracked software where the crack author is using a backend api server.
  5. Have you downloaded and installed any cracked software? The presence of this indicates you are ; wscript.exe/e:key:przSlksUf6ucMA.
  6. The only thing I see in my Win10 WMI-Activity Event log related to anti-virus is shown in the below screen. These entries in multiple successive sequence have appeared as long as I have been on Win 10. Also not sure these are related to Eset or instead possibly, the Windows Defender to Eset AV use hand off at system start up time. Never seen any Win 10 Action Center alerts either. Check your Win 10 WMI-Activity Event log for entries related to these Action Center notifications you have been receiving. These might provide further details on what is going on.
  7. Refer to this TechNet article: https://answers.microsoft.com/en-us/windows/forum/windows_10-update/windows-10-clean-install-on-a-formatted-blank-hard/82017ca0-fae3-4239-96fe-5d3bf6479ad0 Note the comment that the boot-able media needs to be created using Win 10 Media Creation Tool: Also since you stated you performed a low-level drive. I assume that the installation drive is presently in an uninitialized state; i.e. no partitions formatted etc.. The Win 10 setup program runs a very long time in this situation and it appears nothing is going on and perhaps the installation is hung. It is not. The installer is instead creating its required partition and formatting it. On a 1TB drive, that is going to take a very long time. Also my understanding in regards to SSD drives are they should never be low level formatted. You may have damaged that drive. You need to download Cosair's drive diagnostic software and verify the drive has no issues. If you are trying to reinstall Win 10 on this drive, the aforementioned might be the problem. As far as your Win 7 reinstall, search the web. I would forget it since it's not supported anymore.
  8. Something weird is going on. You show 21449P update today at 12:41 PM EST. I received that update last night at 6:47 PM EST. Again, Eset hasn't pushed a signature update since last evening.
  9. Same here. It's not a network issue but something with the update servers.
  10. Well, it's 1:18 pm EST and still haven't received a sig. update since 6:48 PM yesterday ....................
  11. Adobe was offering a free 2 month trial back in March: https://www.techradar.com/news/want-free-adobe-creative-cloud-for-two-months-heres-how-to-get-the-hidden-offer. Don't know if its still in effect but something to check out.
  12. A few additional comments of use of cracked software. What the cracker developer is doing is illegal. Anyone who is using his cracked creation is legally considered aiding and abetting his criminal activity. The above noted if the cracked software involves use of an installer, use some "common security sense" and pass on the software. Win installers run with System privileges. This is the highest WIn privilege available. As such, the installer can modify anything it wishes on your Win installation. Additionally, security solutions are likewise restricted in their monitoring activities of the installer due to it privilege status.
  13. Eset's PUA protection will alert on hack tools that are known to have malicious or suspect behaviors. So the first thing you need to check is that you have enabled Potentially unwanted and unsafe application settings in Eset's GUI real-time file system protection settings. Also note that there are thousands of software crack downloads on the web. As such, Eset would need to have examined one to be able to determine if it is deemed PUA status. Eset protects against botnet activity as evidenced by the blocked connection alerts you were receiving.
  14. Same here in the U.S.. No signature update at boot time. Also forcing the update still did not result in an update. Might be an issue with Eset update servers.
  15. @Namoh, I advise you to read this General Discussion posting I made last February: https://forum.eset.com/topic/22398-pirated-software-is-all-fun-and-games-until-your-data’s-stolen/
  16. An interesting write-up from this crack web site: https://crackzsoft.me/adobe-master-collection-cc-win/ Assume that "old good installer" is the source of the malware. -EDIT- Interesting comment from the crack author: 😭
  17. I did research this initially. Abode Creative Cloud component stores its files in a directory that begins with CCLibrary. Note this malicious JavaScript name begins with CC-Library ............. The legit download for Abode Creative Cloud is here: https://www.adobe.com/creativecloud.html . I did notice that there are multiple cracked versions of Adobe Master Collection posted on the web. If you downloaded one of those, that is how you most likely got infected. Ditto for file sharing web sites. Versions available there can't be 100% trusted.
  18. Refer to the below screen shot. Using Windows Explorer, do the following. Mouse click on the file using the right button. Select "Send to" -> "Compressed (zipped) folder. Attached this newly created zipped folder to your forum reply.
  19. Port 320 is used by the PTP protocol: https://wiki.wireshark.org/Protocols/ptp . As noted in the article, PTP is used for time synchronization between clients and servers on the internal LAN. As such, this port should not be open on the WAN side of the network perimeter appliance/router. I would check your network perimeter appliance/router for a possible breach/misconfiguartion.
  20. I don't have Chrome installed. However once you have added C:\Windows\System32\svchost.exe as the Application, search for the two referenced services, gpupdate and gpupdatem, per the below screen shot. The previous assumes your have installed Windows in the C:\ directory. Again two firewall rules are needed; one for each service. Also verify you haven't previously created firewall rules to allow these services and/or related .exes from running. Remember Eset firewall rules are run in top-to-bottom fashion. Your newly created block service rules would be added at the bottom of the existing rule set. Any prior existing firewall rules to allow Chrome updating would override these newly added block rules.
  21. You have to create two firewall rules referencing Application as svchost.exe. The first rule will specify the gpupdate service and the second rule the gpupdatem service. For both rules specify the protocol as TCP & UDP. Action is Deny. Direction is Out. Name each rule appropriately. If you presently have existing Eset firewall rules, ensure they conform to the above. As far as how the Eset firewall blocks this activity, it is rather obvious. Chrome when it attempts to update will initiate an outbound connection to do so. The Eset firewall rules will prevent that activity.
  • Create New...