Jump to content

Apparent Hacking despite Eset


Recommended Posts

I have Eset Smart Security Premium installed on my Windows 10 pc. Have been accessing the internet via a Mobile Broadband Dongle. Eset normally virus-checks the dongle on insertion and reports it is OK. However, a few days ago it reported suddenly that it could not open several files on the dongle. The dongle was unusable and I couldnt get online. Looking in my Event Logs to see if I could work out what had happened, I found a report that a particular Eset file "eamsi.dll" could be corrupt due to "unauthorised modification". (Have submitted this to Eset today.). I also found all my fairly tight privacy settings in Windows had been reversed, and there are multiple records in my eventLog of Remote Desktop Access sessions even though I have always disallowed Remote Desktop and have NEVER used that facility. I have managed to restpre my privacy settings by tinkering with various settings, following which the Dongle was passed as OK again by Eset Smart Security, and am now back online. But I still get records of Remote Desktop Sessions, and when I try to access Windows' facility called "Ransomware Protection", I am prevented from seeing it, and get a message telling me I need to contact my "IT helpdesk", even though I am not on a network or workplace pc. This occurs even if I try and access it via my Admin user account. 

Can anyone make sense of this? A complete scan of my pc came up clean during the time that I was knocked offline and had my privacy settings reversed. Many thanks for any help.

Link to comment
Share on other sites

  • Administrators

As for eamsi.dll, I assume that you are getting the message "Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll" in the Event log. This should be ignore. Even with this error logged, AMSI works alright and files are scanned.

As for the Ransomware protection in Windows, you can't enable Controlled Folder Access (CFA) unless Defender real-time protection is activated. The same effect as CFA can be achieved using HIPS rules.

Link to comment
Share on other sites

30 minutes ago, Simone2020 said:

there are multiple records in my eventLog of Remote Desktop Access sessions even though I have always disallowed Remote Desktop and have NEVER used that facility.

If you are using a Win 10 Home version, full RDP support is permanently disabled. All that is installed is the ability to connect manually to another remote device. However, a remote device cannot connect to your device even if it knew your credentials.

 

Edited by itman
Link to comment
Share on other sites

4 hours ago, Simone2020 said:

Have been accessing the internet via a Mobile Broadband Dongle.

These devices as a category are inherently insecure. Below are a few among numerous articles on them:

https://www.theregister.com/2015/12/03/3g4g_data_dongles_vulnerable/

https://www.blackhat.com/docs/us-14/materials/us-14-Lindh-Attacking-Mobile-Broadband-Modems-Like-A-Criminal-Would-WP.pdf

And it doesn't end there. USB Wi-Fi dongles such as those used by Logitech devices have security vulnerabilities:

https://www.zdnet.com/article/logitech-wireless-usb-dongles-vulnerable-to-new-hijacking-flaws/

Since it appears you have no need for RDP in any fashion, simply disable all services associated with it via Control Panel-> System and Security -> Administrative Tools -> Services.

 

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...