Announcement

Collapse
No announcement yet.

Firewall Events Logs Broken by Chinese Characters (and possible undetected Spyware)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall Events Logs Broken by Chinese Characters (and possible undetected Spyware)

    Some months ago I installed a game called Second Galaxy from the developer website (also available on Steam). After that, I keep getting firewall events written in Chinese (uninstalled the game after two weeks) that completely break the Firewall Events logs (all logs generated are blank html, with only the header).

    On blocked applications, same thing with the Chinese characters, except that I can right-click and see the application generating the events. But the application in question is a batch script I wrote that zips all sub-folders in the current folder, and then renames them from zip/rar to cbz/cbr (it does not use any kind of elevated privilege or internet connection). Windows shows the application is being used on concurrent times with the Firewall events, when I'm not using the script at all.

    Running the anti-virus never shows any results.

    Can I get some help with this?

  • #2
    Originally posted by d10142330@urhen.com View Post
    Some months ago I installed a game called Second Galaxy from the developer website (also available on Steam). After that, I keep getting firewall events written in Chinese (uninstalled the game after two weeks) that completely break the Firewall Events logs (all logs generated are blank html, with only the header).

    On blocked applications, same thing with the Chinese characters, except that I can right-click and see the application generating the events. But the application in question is a batch script I wrote that zips all sub-folders in the current folder, and then renames them from zip/rar to cbz/cbr (it does not use any kind of elevated privilege or internet connection). Windows shows the application is being used on concurrent times with the Firewall events, when I'm not using the script at all.

    Running the anti-virus never shows any results.

    Can I get some help with this?
    Did you found a solution? I've the same problem even if I've never used that game!

    Comment


    • #3
      Same problem. I don't know what caused it.
      Part of this I managed to put into translating bot and seems like most of it is actually Taiwanese. The content however looks like mix of random words that sometimes repeats.
      As OP showed on their included pictures, the name of it is very long... however in my case, when I move cursor on it, it takes THE ENTIRE SCREEN and it seems to be even longer than that.
      Currently the similiar issue I've got is with blocked connection. It's either no-name or corrupted name, which is meaningless korean symbol and broken chinese words. [refer to included screens]
      The problem is that it tries to connect to my PC every few seconds, making random breaks. Once when I left PC for antivirus scan, it showed countless positions in logs. Even scrolling down the entire list is impossible, as along the way it freezes the window. Sometimes it greatly lags my machine.
      I don't know what to do with it at this point. I hope to either find the answer myself or someone with similiar issue and/or knowledge could help.

      Comment


      • #4
        Hi there, same problem here - I didn't install something.
        Virus? Bug in Comodo?

        Comment


        • #5
          Originally posted by d10142330@urhen.com View Post
          Some months ago I installed a game called Second Galaxy from the developer website (also available on Steam). After that, I keep getting firewall events written in Chinese (uninstalled the game after two weeks) that completely break the Firewall Events logs (all logs generated are blank html, with only the header).

          On blocked applications, same thing with the Chinese characters, except that I can right-click and see the application generating the events. But the application in question is a batch script I wrote that zips all sub-folders in the current folder, and then renames them from zip/rar to cbz/cbr (it does not use any kind of elevated privilege or internet connection). Windows shows the application is being used on concurrent times with the Firewall events, when I'm not using the script at all.AppValley

          Running the anti-virus never shows any results.

          Can I get some help with this?
          Hello, d10142330@urhen.com

          Did you found a solution? I have got the same problem...

          I think I have found some useful things about this. This issue happens because the Windows Event ID is written as ASCII code, which is unsupported by Deep Security Agent. The UCS-2 is the default coding used by the Deep Security Agent since most operating systems use this one.

          Regards
          PrasadAb
          Last edited by PrasadAb; 04-10-2020, 01:00 PM. Reason: Found helpful thing and update the question.

          Comment


          • #6
            I have the same problem.
            My Computer freezes after some time of usage... might be conected to this? Has anybody found some way out?

            Click image for larger version

Name:	chinese-atack.JPG
Views:	440
Size:	165.1 KB
ID:	2781

            Comment


            • #7
              9 months and it's still happening. Just like bobbyboe above presented, in my case it's now without any name and keeps repeating like this.
              On top of that, in blocked apps it gets more broken chinese/korean named events.
              Sometimes even I witness the widget flashing red, prompting to fix it, then going back to normal. Few days ago it started staying red, until I click "fix it", just to go back into red few seconds later. I suspect this also causes my PC to run more and more slowly and it's really annoying. At this point I'm considering doing total purge, but still want to look for what's causing it and how to stop it.

              I can't even scroll too far in firewall event log, because at one point it stops responding. One time noted more than 28k events registered. This is absurd.

              Comment


              • #8
                Hi HDouble and bobbyboe,
                Sorry for the trouble. We have asked our back end team to check, we will reach you through Private message to get required logs.

                Kind Regards,
                PremJK

                Comment


                • #9
                  Has there been any solution to this? I have accumulated 470 such blocked applications and no cause that I can find.

                  I have looked but have not found anyway to link what is displayed under 'blocked applications' to files on my laptop.

                  Comment


                  • #10
                    Hi NSquirrel,

                    Please check your Inbox for private message and provide requested details to investigate the issue.
                    Thanks in advance.

                    Kind Regards,
                    PremJK

                    Comment


                    • #11
                      Hi All,

                      Our back end team suggested to follow this steps

                      1-)Try to rename cmddata to something else. If they cannot able to this, run Windows in safe mode and then rename/delete cmddata.
                      2-)Clean uninstall CIS and then install it (Recommended).

                      Thanks in advance.

                      Kind Regards,
                      PremJK

                      Comment


                      • #12
                        Well, it seems for past three weeks I had no new firewall events popping up, so I guess the problem is solved, at least for now.
                        Gonna monitor it for some more time just to be sure.
                        Thanks for assistance.

                        Comment


                        • #13
                          PremJK: I have just seen your post above, for which thank you, and I now have a nice clean '0' on blocked applications.

                          Many thanks for your assistance.

                          Comment


                          • #14
                            thanks for sharing info

                            Comment

                            Working...
                            X