Advanced Plus Security Wraith's Gaming PC Config for 2019

Last updated
Sep 2, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
ESET Internet Security + Simple Software Restriction Policy (SRP)
Firewall security
About custom security
Custom HIPS & Firewall Rules
Periodic malware scanners
Malwarebytes
Malware sample testing
Browser(s) and extensions
Brave with all the shields
Maintenance tools
CCleaner Portable
File and Photo backup
External HDD
System recovery
Windows Backup & Restore
Risk factors
    • Gaming
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
i5 7600K
ASRock Z270 Taichi
16GB Ram
Galax GTX 1070 Ti
1TB SSD

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Personally I'd just reinstall, if it was capable of restarting in safe mode and removing ESET it could very easily hide away. Would be nice to see what TwinHeadedEagle finds, though.

If I even have a doubt of infection I reimagine, if I’m not sure when it happened I just reinstall. Doesn’t happen often, like once in 15 years. Reinstalls aren’t so bad if you have data backed up. Plus you get a speedy system and fresh feeling.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Do you know of any way I can report the incident to ESET?
That’s a good question. I guess e-mail or live chat support on their site would be how I would try. I don’t know of a specific reporting address.
 
  • Like
Reactions: Wraith

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
If I even have a doubt of infection I reimagine, if I’m not sure when it happened I just reinstall. Doesn’t happen often, like once in 15 years. Reinstalls aren’t so bad if you have data backed up. Plus you get a speedy system and fresh feeling.
Yeah I have an image so that's not an issue. I'm just hesitant to do it since I need to secure erase my SSD and the backup will write another 500GB to my SSD(they have limited write cycles). Let's see what our malware expert @TwinHeadedEagle has to say regarding my Farbar logs. I'll proceed according to his instructions.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,707
(I don't know if Windows 7 was the culprit which got exploited.) Maybe the situation would have been different if I had been using windows 10.

I didn't realize you are on W7 when I posted earlier reply. When I looked again and saw it, this is what I thought. This may be your answer in the long run.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
I didn't realize you are on W7 when I posted earlier reply. When I looked again and saw it, this is what I thought. This may be your answer in the long run.
I was thinking along the same lines. This leads ta a couple of questions then-
1) 7 is still supported by MS and my OS is fully patched. So theoretically it should not have happened.
2) Since those malwares got through Chrome does it mean that Chrome is vulnerable and susceptible to these kinds of exploits?
Last but not the least I still have no idea how those two backdoors managed to get inside C:\Windows\System32 folder(through powershell)?
 

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
6 months ago, while i was browsing, out of nothing, i had the same message popped up from Comodo Internet Security.(JS coin miner trying to access Chrome/appdata etc.)I immediately Quarantine and then delete it but it reappeared after 2 days and again the same, quarantine and delete it.That was the end, but it left some remnants which i cleaned them with Malwarebytes.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
6 months ago, while i was browsing, out of nothing, i had the same message popped up from Comodo Internet Security.(JS coin miner trying to access Chrome/appdata etc.)I immediately Quarantine and then delete it but it reappeared after 2 days and again the same, quarantine and delete it.That was the end, but it left some remnants which i cleaned them with Malwarebytes.
Having remnants on appdata folder is something I've seen often specially in Google appdata folder since Chrome caches everything to that folder. But if those malwares make their way into the Windows folder then things start to get really serious. I don't know how those malwares ended up in the System32 folder. Heck I even have UAC to Notify Always.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
ADDED:
WinPatrol(for Monitoring Startup Applications, Scheduled Tasks & others)
OSARMOR(for monitoring suspicious activities since I no longer have the custom Firewall and HIPS rules of ESET)
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
WinPatrol? outdated product, no updates since 2017 :unsure::unsure:

I'm even getting warning in my KTS2020 due to the outdated WebSite certificate (expired 14/02/2019):

214544
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
WinPatrol? outdated product, no updates since 2017 :unsure::unsure:

I'm even getting warning in my KTS2020 due to the outdated WebSite certificate (expired 14/02/2019):

Strange KIS didn't give me any warning for WinPatrol. Actually I just need a product that can monitor any changes in startup application and ask me if I want to allow or deny them. OSArmor does not seem to do that. Can you recommend me a product that can monitor startup? Can OSArmor or KIS be configured to monitor startup applications?

Even Firefox warns for Winpatrol site :)
Now Brave and Chrome seem to block it. Yeah the product has not been updated since a looooong time.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
The warning I got was with FF67.0.1 x64...

I did not get the warning in main URL .com at 1st but I got it when I accesed to Products section...

About a program which monitors StartUp, KIS/KTS well tweaked can do that, also for Scheduled entries, for example I have this specific tweak in my KTS even for Trusted Application rules:
Sin título.png

Here, You may change rules for different systems settings, and change them even for Trusted Applications, although You'll get warnings (I like them :) )
Sin título 2.png
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Has anyone tried Smart Object Blocker by NoVirusThanks? Reading the description, it does sound like it requires a little work before it's up and running on one's system (rules creation). Anyone have a personal experience with it?


As to OSA, it seems there are multiple rules that could apply to the processes spawned by startup objects. Have you considered an anti-executable?
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
The warning I got was with FF67.0.1 x64...

I did not get the warning in main URL .com at 1st but I got it when I accesed to Products section...

About a program which monitors StartUp, KIS/KTS well tweaked can do that, also for Scheduled entries, for example I have this specific tweak in my KTS even for Trusted Application rules:

Here, You may change rules for different systems settings, and change them even for Trusted Applications, although You'll get warnings (I like them :) )
Will these rules ask when a startup application is added? Or will KIS just block the startup and notify me? BTW thanks a lot @harlan4096 for helping me to set up KIS. I'm using the 91 days trial right now and I'll buy the license when the trial expires.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Has anyone tried Smart Object Blocker by NoVirusThanks? Reading the description, it does sound like it requires a little work before it's up and running on one's system (rules creation). Anyone have a personal experience with it?


As to OSA, it seems there are multiple rules that could apply to the processes spawned by startup objects. Have you considered an anti-executable?
An anti-executable will of course provide an additional layer but I doubt they will be able to stop these sophisticated malwares that drop payloads directly under Windows/System32 folders without even throwing up an UAC prompt. As far as I know, VoodooShield does not monitor any processes that are started from the Windows folder, so any malwares executing from that folder will easily bypass VS.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
it looks like KIS is especially powerful, especially if one knows how to tweak it. (y)
I truly agree with this. I uninstalled Winpatrol since I have no use of it now. KIS and OSArmor make a good combo I guess. I have OSArmor set up to Block schtasks and at.exe so that malware cannot schedule any tasks without my knowledge, although malware can still use the task scheduler I guess. I'll soon be buying and adding Sandboxie to run my browsers sandboxed always. The last infection really got me scared up.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top