Eset cs beta pro behavior and socks5 proxies VPN's and tunnels

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by LouisXIV, Jul 23, 2012.

Thread Status:
Not open for further replies.
  1. LouisXIV

    LouisXIV Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    1
    Location:
    lisbon
    Hi,

    a few months back, in Berlin, I had a windows7 system completely compromised by a group of ukrainian hackers (German police and interpol were contacted but I was told by german police that ukrainian authorities never act).

    They used the embedded flash in chrome to compromise the system and were able to modify system files and re route me to their own dns servers and proxy and gain remote control of the system, eset can't help since they have written something to prevent eset sysinspect from starting (even in safe mode).

    That computer was shelved and now what worries me is that since I used skype and other networking tools, a co worker's Mac OS X 10.6 system was compromised since he saw a message in the deutsche bank site asking to "run a script to close sessions" that was clearly an attempt to breach the system and they probably managed it since that Mac has flash and a numerous other attack vectors.

    Eset cyber security beta6 was installed on that mac along with another firewall monitoring tool.... now what worries me is that they were able to compromise that mac and that the eset cyber security 6 installed on it had been tampered with (like in the windows7), a couple of questions:


    - When ESCb6 was first installed the esets_proxy was constantly and pretty much always sending and receiving information, it connected to everything from skype to the mail servers as it should but then it would keep on sending and receiving information even when the apps had quit. I contacted ESET and I was told this was going to be fixed and if esets_daemon exhibited the same behavior for me to run the script servis@eset.sk sent me. A day or so after the email was sent the esets_proxy behavior was completely fixed.

    - The block all network traffic option wouldn't work as I would still be getting network traffic

    - In ESCb6 you get a warning that your license is about to expire in 8-7-6-X days but when the 0 day reached the warning just went away.

    - In the os x system monitor I see that there are a not 1 but 2 'eset_proxy' services running

    Are all these instances normal and expected since it is a beta product?

    How can I know for sure, and what tools to use to find out if the hosts file or any system file has been tampered with in mac os x?

    It is exhibiting some very strange behavior like looping rbb radio stream in firefox but in chrome working correctly, uploading a picture in facebook just keeps uploading and when you press back it is suddenly there.

    How can I know for sure if my system is not being tunneled or if there's not a socks5 proxy or VPN re routing all traffic?
     
Thread Status:
Not open for further replies.