• Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Headcool

  • Rank
    New Member
  1. I have some suggestions regarding application- and firewall-rules: 1. Provide the option to add the "Company"-column from the "Behavior Blocker"-Tab to the "Application Rules"-Tab so it is possible to quickly see to which software a binary belongs and if it is signed. 2. Provide the possibility to clear all rules, which's binaries are not on the disk anymore. Exclude binaries from removeable media (opt out). 3. When changing a firewall rule in the "Application Rules"-Tab it should be possible to quickly add a "All allowed in private networks, anything else blocked"-rule. 4. Same rule should be added to the "Firewall - Automatic Rule Settings"-Dialog
  2. Headcool

    Found AutoIt Malware

    I removed some entries from the FRST.txt and Addition.txt out of privacy reasons. However I am sure they are not the reasons of my problems. I also noticed, that these INskGZ files reappeared under C:\programdata because I deleted them earlier today, but they are there again. EEK log.txt FRST.txt Addition.txt
  3. I did run a scan via herdprotect today. It found a file called "INskGZ.backup". I uploaded this and other files in the Malware Submission Subforum. There was also an AutoIt script which seems to have executed, but I'm not 100% sure.It contains some code which exits the script if programs like Sandboxie, Vmware Tools, Wireshark, etc are running. Since I have Sandboxie running, but not all the time, it might have executed or not. I did run Emsisoft, Herdprotect and Hitman Pro Alert, but they haven't found anything. Since the AutoIt Script is not detected by any AV today (0/54 according to Virustotal), I think there might still something malicious left.
  4. Wenn es auftritt, ist es bis zu einem Neustart reproduzierbar. Es tritt vielleicht alle 2-4 Wochen einmal auf. Teamviewer würde zwar gehen, da müsste sich aber jemand noch am selben Tag das Ganze anschauen, da ich den PC nicht über Nacht laufen lassen kann.
  5. Hi, ich habe desöfteren das Problem, dass sich Anwendungsregeln nicht ändern lassen. Ich kann sie zwar editieren, aber nach klicken des OK Buttons werden diese Änderungen nicht übernommen. Desweiteren hatte ich seit dem Update auf Version 11 zweimal einen Emsisoft Dialog ohne Dateinamen. Im Protokoll ist dann zwar ein Eintrag vorhanden, aber auch dort fehlt der Dateiname.