Advanced Plus Security Wraith's Gaming PC Config for 2019

Last updated
Sep 2, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
ESET Internet Security + Simple Software Restriction Policy (SRP)
Firewall security
About custom security
Custom HIPS & Firewall Rules
Periodic malware scanners
Malwarebytes
Malware sample testing
Browser(s) and extensions
Brave with all the shields
Maintenance tools
CCleaner Portable
File and Photo backup
External HDD
System recovery
Windows Backup & Restore
Risk factors
    • Gaming
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
i5 7600K
ASRock Z270 Taichi
16GB Ram
Galax GTX 1070 Ti
1TB SSD

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Rollback messed up my SSD.TRIM wouldn't function and somehow the MBR got corrupted as the OS wouldn't boot. So I secure erased my SSD, reinstalled Windows and started from scratch. Most of the softwares are same. Just swapped EEK for Malwarebytes and AppGuard for OSArmor. Also added Shadow Defender and KeyScrambler.

Ha! I just had a similar issue with an image restore. Fresh Windows for all, I suppose. Never hurts to keep things running smoothly.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
UPDATE:

Changed from ESET Internet Security to Kaspersky Internet Security.

I don't know but I somehow got infected yesterday just by simply browsing and without even downloading anything. PC restarted itself automatically in SAFE MODE and then again restarted itself in NORMAL MODE, after which I found out that ESET had been AUTOMATICALLY uninstalled from the PC. Upon scanning with EEK, MBAM and ESET Online Scanner, found a bitcoiner and two backdoors(StartupCheckLibrary.dll and winscomrssrv.dll).
 

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
Yikes, and I thought ESET had great self-protection. Would be great if you can found out the source of this malware. Scary stuff.
 
Last edited:

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
UPDATE:

Changed from ESET Internet Security to Kaspersky Internet Security.

I don't know but I somehow got infected yesterday just by simply browsing and without even downloading anything. PC restarted itself automatically in SAFE MODE and then again restarted itself in NORMAL MODE, after which I found out that ESET had been AUTOMATICALLY uninstalled from the PC. Upon scanning with EEK, MBAM and ESET Online Scanner, found a bitcoiner and two backdoors(StartupCheckLibrary.dll and winscomrssrv.dll).

Well if there's one company with better web filtering than ESET it's Kaspersky, if K can't help you no one can. Very surprised ESET a)missed something with web filtering and b)was disabled. Sounds like the type of Malware that not many AV vendors would stop, or it had specific designs against ESET. I would also be curious the source of this nasty bug.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
UPDATE:

Changed from ESET Internet Security to Kaspersky Internet Security.

I don't know but I somehow got infected yesterday just by simply browsing and without even downloading anything. PC restarted itself automatically in SAFE MODE and then again restarted itself in NORMAL MODE, after which I found out that ESET had been AUTOMATICALLY uninstalled from the PC. Upon scanning with EEK, MBAM and ESET Online Scanner, found a bitcoiner and two backdoors(StartupCheckLibrary.dll and winscomrssrv.dll).

Out of curiosity, since I’ve used ESET recently, did you have ESET’s https scanning disabled since you’re using AdGuard desktop? Getting a bad ad while using AdGuard desktop would be surprising, but looking at VT these variants seem somewhat recent.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Yikes, and I thought ESET had great self-protection. Would be great if you can found out the source of this malware. Scary stuff.
Believe me friend, I myself have no clue about how I got infected. I was searching for some information in the internet regarding a project topic when all of a sudden this message by ESET popped up. I naturally clicked Block. After around 2-3 minutes, the PC rebooted into safe mode and again rebooted into normal mode both automatically and the real nightmare was after rebooting into normal mode, ESET icon would not show up and when I double clicked the shortcut on the desktop, it said shortcut not found.
ESET.JPG
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Out of curiosity, since I’ve used ESET recently, did you have ESET’s https scanning disabled since you’re using AdGuard desktop? Getting a bad ad while using AdGuard desktop would be surprising, but looking at VT these variants seem somewhat recent.
Nope, I would never disable ESET HTTPS scanning since ESET Web Filter is one of the BEST.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Yikes, and I thought ESET had great self-protection. Would be great if you can found out the source of this malware. Scary stuff.
I wouldn't call it the fault of the ESET self-protection. I think that because of the ESET self-protection, the malware had to restart the PC in safe mode to disable ESET services and delete ESET files. But then again, I am disappointed with ESET because I had ESET HIPS to notify any change in startup application but still ESET did not notify me. So now I'm using WinPatrol since it can alert when any change in startup application occurs. For those who're interested, here's the log from Malwarebytes and the scan of
NPE.JPG
Norton Power Eraser.
 

Attachments

  • MBAM.txt
    1.4 KB · Views: 335

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I wouldn't call it the fault of the ESET self-protection. I think that because of the ESET self-protection, the malware had to restart the PC in safe mode to disable ESET services and delete ESET files. But then again, I am disappointed with ESET because I had ESET HIPS to notify any change in startup application but still ESET did not notify me. So now I'm using WinPatrol since it can alert when any change in startup application occurs. For those who're interested, here's the log from Malwarebytes and the scan of View attachment 214534Norton Power Eraser.

Did you report the event to ESET? I'm sure it would be useful for them to hear about the failure, maybe save some others from the same fate.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
As the author noted above, ads are a common vector for malware, and this is the reason I use µBO in advanced medium mode. K has a great web filter. Hope your problem is solved now.

@devjit2018 - maybe PM your query to @TwinHeadedEagle.
I've created a thread in malware assistance section. Currently I don't see any signs of infection but there are two user accounts on this PC which I have not created.
 

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
I've created a thread in malware assistance section. Currently I don't see any signs of infection but there are two user accounts on this PC which I have not created.
Personally I'd just reinstall, if it was capable of restarting in safe mode and removing ESET it could very easily hide away. Would be nice to see what TwinHeadedEagle finds, though.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
@devjit2018 using your ESET settings too with apps & OS updated? Is there anything in your browser history?
I use ESET with custom settings. I've also set up custom rules for firewall and HIPS. I have all apps updated including Sumatra PDF and LibreOffice. Windows is up to date with automatic updates(I don't know if Windows 7 was the culprit which got exploited.) Maybe the situation would have been different if I had been using windows 10.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top