Jump to content

Archived

This topic is now archived and is closed to further replies.

Moneesh

Frequently receiving notification of blocked website

Recommended Posts

1 minute ago, Moneesh said:

A cmd window opens for half a second and nothing else happens.

Again ….….. Right click on the downloaded file and run it as administrator.

Share this post


Link to post
Share on other sites
12 hours ago, Moneesh said:

Notifications from eset halted even before i created the firewall rules. maybe eset took care of the virus.

Possible but doubtful. I suspect the attacker switched to a URL not currently blacklisted by Eset.

Modify the firewall rule you created to block inbound and outbound activity for C:\Windows\SysWOW64\dllhost.exe instead of the previous IP address. As far as I am aware of, this process should never perform any Internet activity. Assuming you are using the Win firewall, check its firewall log for blocked dllhost.exe connections.

Share this post


Link to post
Share on other sites
8 hours ago, itman said:

Modify the firewall rule you created to block inbound and outbound activity for C:\Windows\SysWOW64\dllhost.exe instead of the previous IP address. 

thanx @itman. I've created a new rule in Win firewall to block all in/out for application dllhost.exe. Also i have not stopped the previous rule created for IP address. 

Share this post


Link to post
Share on other sites

Does installing the following updates followed by a reboot make a difference?

- MS17-010  (https://technet.microsoft.com/en-us/library/security/MS17-010)
- MS16-032  (https://technet.microsoft.com/en-us/library/security/MS16-032)

You have only ESET NOD32 Antivirus installed, ie. it doesn't protect your computer from exploits in network protocols. Network attack protection is included only in ESET Internet Security and ESET Smart Security Premium.

Share this post


Link to post
Share on other sites

@Marcos i just want to reiterate that the frequent notification about a particular website being blocked from eset has already stopped even before i created the firewall rules. I just wanted to make sure that the thing that was causing the frequent notification isn't running its business in the background or is my PC still infected etc. 

As of now, as per your suggestion i have installed trial version of Eset Internet Security 12.0.31.0 (still 25 days left :) ) also scanned the whole system with it but no harmful content were discovered. I have also installed MS17-010. 

Share this post


Link to post
Share on other sites
9 hours ago, Moneesh said:

As of now, as per your suggestion i have installed trial version of Eset Internet Security 12.0.31.0 (still 25 days left :)

Make sure you create an Eset firewall to block outbound C:\Windows\SysWOW64\dllhost.exe traffic as you did for the Win firewall. Set the logging level to warning. Then periodically monitor the Eset Networking log for any entries related to dllhost.exe. If no log entries appear after a few days, then we can safely assume the TinukeBot trojan has been removed.

You need to create the Eset firewall rule since Eset disables the Win firewall.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...