Announcement

Collapse
No announcement yet.

Firewall Events Logs Broken by Chinese Characters (and possible undetected Spyware)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall Events Logs Broken by Chinese Characters (and possible undetected Spyware)

    Some months ago I installed a game called Second Galaxy from the developer website (also available on Steam). After that, I keep getting firewall events written in Chinese (uninstalled the game after two weeks) that completely break the Firewall Events logs (all logs generated are blank html, with only the header).

    On blocked applications, same thing with the Chinese characters, except that I can right-click and see the application generating the events. But the application in question is a batch script I wrote that zips all sub-folders in the current folder, and then renames them from zip/rar to cbz/cbr (it does not use any kind of elevated privilege or internet connection). Windows shows the application is being used on concurrent times with the Firewall events, when I'm not using the script at all.

    Running the anti-virus never shows any results.

    Can I get some help with this?

  • #2
    Originally posted by d10142330@urhen.com View Post
    Some months ago I installed a game called Second Galaxy from the developer website (also available on Steam). After that, I keep getting firewall events written in Chinese (uninstalled the game after two weeks) that completely break the Firewall Events logs (all logs generated are blank html, with only the header).

    On blocked applications, same thing with the Chinese characters, except that I can right-click and see the application generating the events. But the application in question is a batch script I wrote that zips all sub-folders in the current folder, and then renames them from zip/rar to cbz/cbr (it does not use any kind of elevated privilege or internet connection). Windows shows the application is being used on concurrent times with the Firewall events, when I'm not using the script at all.

    Running the anti-virus never shows any results.

    Can I get some help with this?
    Did you found a solution? I've the same problem even if I've never used that game!

    Comment


    • #3
      Same problem. I don't know what caused it.
      Part of this I managed to put into translating bot and seems like most of it is actually Taiwanese. The content however looks like mix of random words that sometimes repeats.
      As OP showed on their included pictures, the name of it is very long... however in my case, when I move cursor on it, it takes THE ENTIRE SCREEN and it seems to be even longer than that.
      Currently the similiar issue I've got is with blocked connection. It's either no-name or corrupted name, which is meaningless korean symbol and broken chinese words. [refer to included screens]
      The problem is that it tries to connect to my PC every few seconds, making random breaks. Once when I left PC for antivirus scan, it showed countless positions in logs. Even scrolling down the entire list is impossible, as along the way it freezes the window. Sometimes it greatly lags my machine.
      I don't know what to do with it at this point. I hope to either find the answer myself or someone with similiar issue and/or knowledge could help.

      Comment


      • #4
        Hi there, same problem here - I didn't install something.
        Virus? Bug in Comodo?

        Comment


        • #5
          Originally posted by d10142330@urhen.com View Post
          Some months ago I installed a game called Second Galaxy from the developer website (also available on Steam). After that, I keep getting firewall events written in Chinese (uninstalled the game after two weeks) that completely break the Firewall Events logs (all logs generated are blank html, with only the header).

          On blocked applications, same thing with the Chinese characters, except that I can right-click and see the application generating the events. But the application in question is a batch script I wrote that zips all sub-folders in the current folder, and then renames them from zip/rar to cbz/cbr (it does not use any kind of elevated privilege or internet connection). Windows shows the application is being used on concurrent times with the Firewall events, when I'm not using the script at all.AppValley

          Running the anti-virus never shows any results.

          Can I get some help with this?
          Hello, d10142330@urhen.com

          Did you found a solution? I have got the same problem...

          I think I have found some useful things about this. This issue happens because the Windows Event ID is written as ASCII code, which is unsupported by Deep Security Agent. The UCS-2 is the default coding used by the Deep Security Agent since most operating systems use this one.

          Regards
          PrasadAb
          Last edited by PrasadAb; 04-10-2020, 01:00 PM. Reason: Found helpful thing and update the question.

          Comment

          Working...
          X