-
Posts
12,172 -
Joined
-
Last visited
-
Days Won
319
Kudos
-
itman gave kudos to matte in Win64/NVFlashA suddenly found in nearly decade old GPU BIOS update files?
I wouldn't worry about those being modified by malware. The drivers themselves aren't malicious, but ESET must have (recently?) been aware of a way to use these drivers in a malicious way (as in they are possibly vulnerable), and is blocking them to play it safe. Also, it only seems to care about the NVFlash utility's drivers themselves, and nothing with the BIOS files of your old GPU.
As for why this happened out of nowhere, Windows usually does file indexing for Windows Search randomly in the background.
-
itman received kudos from Nightowl in Suspected botnet detected in Endpoint
Here's an article on RPC port 135 attacks: https://cqr.company/web-vulnerabilities/unsecured-remote-procedure-calls-rpc/ .
-
itman received kudos from LesRMed in NOD32 17.1.9 cuts ping out from my PC
I enabled HTTP/3 scanning on my ESSP Win 10 x(64) Pro 22H2 installation and can ping w/o issue.
Then there is the question of what does HTTP/3 scanning have to do with ICMP processing?
-
itman received kudos from micasayyo in EIS 17.1.9.0 and HTTP/3 Scanning
Had to disable it since it was trashing my IPv6 connection.
-
itman received kudos from Y0Y0 in Black list removal, cant login
All the following URL's show PUA in Firefox;
https://prod-master.il2sturmovik.net
https://alpha.il2sturmovik.net/
https://alpha2.il2sturmovik.net/
-
itman received kudos from micasayyo in ESET web protection not working properly
Your posted screen shot shows you have DNS over HTTPS enabled.
Edge refers to DNS over HTTPS as "secure DNS." You also have "Use current service provider" enabled. You stated that you are using Cloudflare as your Windows DNS servers; i.e. current service provider. Therefore, you are using Cloudflare as your DNS over HTTPS provider.
Disable the "Use secure DNS" setting; close and reopen Edge; and retest. Eset should alert and block access to this malicious web site every time
-
itman received kudos from Trooper in JS/Agent.RJR Trojan?
I can access the web site w/o any Eset alert.
-
itman gave kudos to safety in I got ransomware attacked in 2016, I have the files, how to decrypt them?
I think the decryption of your mp3 files was correct using esetteslacryptdecryptor.exe, but there is also a second layer of encryption, and this, unfortunately, is Cryptowall 3. Judging by the first 16 bytes at the beginning of each file after decryption. (The first 16 bytes are the same for all files)
723800F3740E5CF011BDB7F6EE44EC63
-
itman received kudos from chris00002 in Long Time User but some questions please.
If your concern is that file names are fully displayed, enable the two File Explorer options shown in the below screen shot;
-
itman received kudos from jeifabdi in Canary file
https://help.eset.com/glossary/en-US/canary_file.html
Assumed here is these are "bait" files which are commonly used in anti-ransomware apps to detect ransomware encryption activities.
-
itman gave kudos to Nightowl in Question about a Virus
I guess @Purpleroses is confused between HTTPS scanning and secure browser protection
Browser protection helps incase something bad passed and was able to intercept your keystrokes or something like that , the secure browser will be scrambling your keystrokes , so whatever eavesdropping or logging you keys , will have it encrypted.
HTTPS scanning is different , ESET will add it's own certificate into the machine then it will be able to scan the HTTPS traffic , and if a malware was sent through that HTTPS traffic , ESET will be able to pick it up , without the certificate that ESET adds , it will not be able to scan the HTTPS traffic
I could be mistaken of what I described , correct me if I am wrong please.
-
itman received kudos from angeldust in powershell/Agent.AXL trojan
There's an older thread in the forum on a similar PowerShell malware. In this case, a rogue sub-directory was created in C:\Windows\System32: https://forum.eset.com/topic/32653-annoying-powershellagentaew-on-each-start-need-assitence/#elControls_152733_menu .
In any case, diagnosis will be a bit involved.
-
itman received kudos from ESSPUSR in Licensing FAQ
Yes as long as you purchase a license for at least two devices.
Ref.: https://support.eset.com/en/home
-
itman received kudos from BLM in MSIL/Injector.WGJ
The problem here is by your previously posted admission, you have been infected for months with this malware. The longer the malware remains resident, the more system damage that can be done; e.g. downloading of additional malware, etc..
I recommend you ask for malware removal assistance at one of the like sites previously posted. These sites specialize in removing entrenched multiple malware.
-
-
itman received kudos from BLM in MSIL/Injector.WGJ
Older posting for like malware variant here: https://forum.eset.com/topic/28522-dotnet-msil-injectorvgr/ .
In this case, malware was resident in;
https://forum.eset.com/topic/28522-dotnet-msil-injectorvgr/?do=findComment&comment=134240
-
itman gave kudos to Marcos in Windows Security Center Service unable to load instances of AntiVirusProduct from datastore.
You can install v17 and then:
Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} Grant full control to you Delete the key Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} Grant full control to you Delete the key Please modify the registry with care since deleting incorrect keys or values may render the machine unbootable or cause other issues. Create a restore point first.
-
itman received kudos from cofer123 in Windows Security Center Service unable to load instances of AntiVirusProduct from datastore.
The worst type of vulnerability is one in an AV product due to the elevated privileges it runs under. Now that this vulnerability has been publicly released, expect attackers to start actively exploiting it.
Again, you have been advised. It's your decision if you chose to ignore it.
-
itman received kudos from kvgr in Website JS/Agent.rjr
Strange. I am not getting any alert, but Eset Web Filtering is detecting and blocking it;
Time;URL;Status;Detection;Application;User;IP address;Hash
2/5/2024 9:22:22 AM;https://near.flyspecialline.com;Blocked;Internal blacklist;C:\Program Files\Mozilla Firefox\firefox.exe;xxxxxxxx;2606:4700:3033::6815:4c11;ACC1CEC6D99C83F3D99BC4D0FEFC058D349CA731
-
itman received kudos from kvgr in Website JS/Agent.rjr
The problem is I could fully access the web site w/o issue. No alert and no blocked access.
Correct. Alert now shown and web site access blocked.
-
itman received kudos from hazzy in A driver cannot load on this device
Same issue reported here: https://forum.eset.com/topic/38541-ehdrvsys-failed-to-load/ . Appears issue was never resolved.
-
itman received kudos from autobotranger in Question regarding Eset Firewall and Windows
It is normal EIS behavior to keep Windows Defender firewall service running. If you refer to your above Windows Defender firewall settings screen shot, you will observe the wording that Eset "manages" its usage.
-
itman received kudos from d3adfish in Detection of possible ransomware, no option to clean
A fairly recent detection of MSIL\AVBDiscsoft.A at Hybrid-Analysis: https://www.hybrid-analysis.com/file-collection/651d7f7ee010e723a20317b5 with detailed analysis here: https://www.hybrid-analysis.com/sample/474e3d0c28f53b96ccd885f3b13a35868e1ff572294b89dd2bfa919722081ac0 shows the malware present in DotNetCommon64.dll.
Since this is a file infector, I would say you should at least run sfc /scannow from admin command prompt window to verify no OS files have been tampered with.
-
itman received kudos from d3adfish in Detection of possible ransomware, no option to clean
It's not ransomware;
https://www.fortiguard.com/encyclopedia/virus/10141333
https://www.trendmicro.com/vinfo/us/security/definition/file-infecting-viruses
-
itman received kudos from d3adfish in Detection of possible ransomware, no option to clean
As far as DaemonTools goes : https://www.bleepingcomputer.com/forums/t/572079/2-mals-included-with-daemon-tools-install-file-from-disc-soft-website/ .