1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Suspicious Process?

Discussion in 'Security and Privacy' started by Lugwalker, 2016/10/03.

  1. 2016/10/03
    Lugwalker Lifetime Subscription

    Lugwalker Forever Autumn Thread Starter

    Joined:
    2002/01/26
    Messages:
    602
    Likes Received:
    7
    My firewall has just offered to block the following process as I was browsing for a music streaming site:

    C:\Windows\TEMP\CR_2B21E.tmp\setup.exe

    Does anything think it looks suspicious? I wasn't installing anything and hadn't gone into any site when this popped up. Thanks.
     
    Lugwalker,
    #1
  2. 2016/10/03
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    Evan Omo,
    #2
    Lugwalker likes this.


  3. to hide this advert.

  4. 2016/10/04
    Lugwalker Lifetime Subscription

    Lugwalker Forever Autumn Thread Starter

    Joined:
    2002/01/26
    Messages:
    602
    Likes Received:
    7
    Thanks, Evan. I uploaded the file to Virus Total and all seems well. It 'appears' to be something to do with the 7-Zip archiver. Strange, because I don't seem to have it on my computer.
     

    Attached Files:

    Lugwalker,
    #3
  5. 2016/10/04
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    The exe is an archive file, however, the danger lies in the file(s) packed in the packed archive, which seem not to have been scanned. Delete it!
     
    TonyT,
    #4
    Lugwalker likes this.
  6. 2016/10/04
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    3,368
    Likes Received:
    411
    Any .tmp file and anything in C:\Window\Temp file can be deleted. You may have to reboot but it can be deleted without causing permanent damage.

    Are you sure it was your firewall that blocked it and not your antimalware solution?
     
    Bill,
    #5
    Lugwalker likes this.
  7. 2016/10/04
    Lugwalker Lifetime Subscription

    Lugwalker Forever Autumn Thread Starter

    Joined:
    2002/01/26
    Messages:
    602
    Likes Received:
    7
    I've deleted the zip file, Tony.

    Yes, Bill, the warning came from Privatefirewall 7.0

    Thanks, guys. ;)
     
    Lugwalker,
    #6
  8. 2016/10/04
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    I suggest a full scan with a decent anti-malware program. An exe, especially an archive type exe, cannot on its own be executed, meaning extracted and a payload run. Thus something else must be (or must have been) there to cause the execution of the file.

    If you were using Internet Explorer then the something else could be in temp internet files or an active x control. If were using other browsers then a malicious hidden extension or similar could exist.

    Start a thread in the malware forum and link to this one for reference.
     
    TonyT,
    #7
  9. 2016/10/05
    Lugwalker Lifetime Subscription

    Lugwalker Forever Autumn Thread Starter

    Joined:
    2002/01/26
    Messages:
    602
    Likes Received:
    7
    I did a full malware scan with Malwarebytes Pro and SuperAntispyware Pro and found nothing. I also did an Avast boot-time scan and found no infection.
     
    Lugwalker,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...