Sign in to follow this  
Followers 0
Krome

Is this normal?

21 posts in this topic

I went to sleep. I did not have anything running.  Computer is left on without any active application running.  When I woke up, I see this:

post-956-0-74979000-1399656985.png

 

After I deny it from internet access, I get this:

post-956-0-56123000-1399657050.png

 

Is someone attempting to have access to my computer?  What's "Newegg" has anything to do with Microsoft Compability Advisor Inventory Tool?  Anyone can help give logical explanation would be greatly appreciated.  Thanks.

Share this post


Link to post
Share on other sites

Can you show us a list of the processes running? Watson is a name I haven't heard in a long time. Is this Vista?

Share this post


Link to post
Share on other sites

From doing a quick search, those EXE files listed in the screenshots could be malware related.  Have you run a scan?

Share this post


Link to post
Share on other sites

I run Win 8.1 on 3 machines and I have never seen that before.

 

Looks very suspicious to me, I would not allow that to run or install.

Also do a full system scan with a good AV product to make sure your system is clean.

Share this post


Link to post
Share on other sites

Actually, this is with Windows 7.  Files are located in the system32\CompatTel folder under windows.  I have the same files on my Win7 systems.  Should be OK as long as they are valid MS files.  Some are masquerading as malware tho or could be a false positive.

 

The system32\CompatTel does not appear on any of my Win8 systems. 

Share this post


Link to post
Share on other sites

Well, the snapshot is taken from Symantec a/v that was monitoring any suspicious activity and I didn't think I have much application installed.  Here's the processes.

post-956-0-63162600-1399658223.png

 

I am running Windows 7.

Share this post


Link to post
Share on other sites

Well, the snapshot is taken from Symantec a/v that was monitoring any suspicious activity and I didn't think I have much application installed.  Here's the processes.

 

 

See my post above.  Those are normal files with Win7.  Probably a false positive with Symantec which happens every now and then.  Woudlnt worry about it but if you are, do some scans of your system.

Share this post


Link to post
Share on other sites

See my post above.  Those are normal files with Win7.  Probably a false positive with Symantec which happens every now and then.  Woudlnt worry about it but if you are, do some scans of your system.

 

Those files are showing Win8.1u1 version numbers.

Share this post


Link to post
Share on other sites

Those files are showing Win8.1u1 version numbers.

 

The OP is running Win7.  I can see that folder on every single system I checked so far at work running Win7.  They are normal files and Symantec is probably throwing a false positive.  See attahced

post-91978-0-81343100-1399658802.png

Share this post


Link to post
Share on other sites

Well, it's not about "false positive".  It's more like "why did it ask for internet" and "why does it has anything to do with 'newegg'?".  My browser was not running at the time.  Nothing was running.

 

I see so many response.  Thank you guys for paying attention to this problem.  This is still puzzling tbh.

Share this post


Link to post
Share on other sites

Well, it's not about "false positive".  It's more like "why did it ask for internet" and "why does it has anything to do with 'newegg'?".  My browser was not running at the time.  Nothing was running.

 

Not sure on that one.  promotions.newegg.com is a valid site and they do talk about the compatibility/upgrade adviser.  Really wouldnt worry about it and was probably running all along. Most likely, Symantec updated and is reporting issues with those files.  My guess is, it will be fixed in another update.

Share this post


Link to post
Share on other sites

Thanks techbeck.  Just FYI.  For the past few days, I have been formatting/restoring my PC using True Image.  Why?  Because there's so many odd things happenning.  I had just recently finished formatting my PC yesterday because, I was not doing anything at all, and all the sudden, the CMD window pop up and it was scanning or did something.  Previously, some other odd things happening.  I do not have any malware installed on the PC.  The computer has almost no application installed and yet I see very odd things going on.  I believe I have been a target of government surveillance program.  I have not done anything at all.  Most of the stuff I do is posting stuff on Neowin.  I do not know why I am being targetted.  Very silly and a waste of US government money.

1 person likes this

Share this post


Link to post
Share on other sites

I believe I have been a target of government surveillance program.  I have not done anything at all.  Most of the stuff I do is posting stuff on Neowin.  I do not know why I am being targetted.  Very silly and a waste of US government money.

 

paranoid.gif

4 people like this

Share this post


Link to post
Share on other sites

Thanks techbeck.  Just FYI.  For the past few days, I have been formatting/restoring my PC using True Image.  Why?  Because there's so many odd things happenning.  I had just recently finished formatting my PC yesterday because, I was not doing anything at all, and all the sudden, the CMD window pop up and it was scanning or did something.  Previously, some other odd things happening.  I do not have any malware installed on the PC.  The computer has almost no application installed and yet I see very odd things going on.  I believe I have been a target of government surveillance program.  I have not done anything at all.  Most of the stuff I do is posting stuff on Neowin.  I do not know why I am being targetted.  Very silly and a waste of US government money.

Extraordinary claims, require extraordinary evidence.

1 person likes this

Share this post


Link to post
Share on other sites

Well I have format my computer like 3 or 4 times already because of the anomaly.  I mean my PC do not have any third party apps installed but yet I see weird activities.

Share this post


Link to post
Share on other sites

I'd take a look at your router too. Make sure there are no open  ports, turn off uPnp ..check the routers DNS numbers. .. Are your images clean you are restoring from?

 

I would try a clean install from a Windows disc and not images. Maybe you have a dirty image.

Share this post


Link to post
Share on other sites

Where did you source the install media? Original CD or downloaded ISO?

Share this post


Link to post
Share on other sites

Top Qat: Original.

 

xrobwx: Thanks. Eventhough my port was/has been closed, I did the test anyways and it report that It's closed and safe.

 

warwagon: Thanks buddy for the reply.  Sorry that I could not or would not want to disclose the router security info, but I will brief on the importance of the security in question.  My router is WRT54G and firmware is up-to-date (I think). Local DHCP is disabled.

DHCP Enabled. . . . . . . . . . . : No
NetBIOS over Tcpip. . . . . . . . : Disabled
Local LAN . . . . . . . . . . . . : Static
All Unnecessary Ports . . . . . . : Closed
DMZ . . . . . . . . . . . . . . . : Disabled
Router QoS Service. . . . . . . . : Disabled
Microsoft QoS Service . . . . . . : Disabled
Router UPnP . . . . . . . . . . . : Disabled
Router Remote Management. . . . . : Disabled
Router Passworded . . . . . . . . : Yes
Router Log. . . . . . . . . . . . : Enabled

If I do not use static IP and have DHCP turned on, I will not have constant intenet connection.  I find that if I turned of DHCP and use static IP address, I have internet 24/7 all year round.  If dynamic IP is used, my internet drops if someone were to use my internet connection.  DNS poisoned and router gets clogged.  Don't beat me up on this method BudMan.  I have to go this route or suffer the security flaw. :)

 

Share this post


Link to post
Share on other sites

Hello,

Since the report came from Symantec's security software, why not contact their technical support for assistance in troubleshooting it?  They are (1) most likely to be familiar with the in's-and-out's of their own software, including any recent bugs or errors caused by recent updates; and (2) as a paying customer or theirs, you should be able to get some assistance from them, especially if you are the victim of a target zero-day attack by a nation-state.

 

Regards,

 

Aryeh Goretsky

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.