Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE Popup


  • Please log in to reply
8 replies to this topic

#1 gben123

gben123

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 04 August 2013 - 06:04 PM

Hello,

 

I have started getting a popup supposedly from Microsoft Security Essentials (which I have installed and run regularly along with MBAM and Spybot) that states that MSE has detected a file that it doesn't recognize and wants me to send to them. The popup looks legitimate but I am very suspicious of it because I've never gotten anything like this before and the directory that it lists doesn't exist. I have not allowed MSE to send the files and I dismiss the popup. MSE doesn't have to be running a scan in order for the popup to appear.

 

I am running Win7, Firefox v22.0. Here is a screenshot.

 

Thanks

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 PM

Posted 05 August 2013 - 01:54 PM

What directory/path is it indicating for the threat?

Alerts generated by Microsoft Security Essentials typically show up from the system tray in the lower right corner of your Desktop.

Bogus and fake warnings by malware generally pop up with warnings about multiple infected files and attempt to goad you into downloading a program which claims to remove those files.

MSE does allow you to submit samples or suspicious files to the Microsoft Malware Protection Center research team so they can investigate and take corrective action if confirmed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 gben123

gben123
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 09 August 2013 - 12:08 PM

Hello,

 

The path is \users\<myname>\AppData\Local\Microsoft\Temporary Internet Files\Content.Ie5\RPHQ0V\<something>\Index.html

 

The \Temporary Internet Files subdirectory does not exist under Microsoft.

 

The <something> represents what I am unable to see on the screenshot I took of the popup. I tried to include the snip on this site but it apparently didn't take it.

 

 

Thanks.



#4 gben123

gben123
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 09 August 2013 - 12:17 PM

There is also nothing in the MSE history tab to indicate anything has been encountered



#5 gben123

gben123
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 09 August 2013 - 01:55 PM

I've got the full path now:

 

 

C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGMF6QQ9\index[2].htm



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 PM

Posted 09 August 2013 - 04:23 PM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:12 PM

Posted 09 August 2013 - 05:41 PM

The path is \users\<myname>\AppData\Local\Microsoft\Temporary Internet Files\Content.Ie5\RPHQ0V\<something>\Index.html

 

The \Temporary Internet Files subdirectory does not exist under Microsoft.

 

 

Temporary Internet is a hidden system file, unless you change settings to unhide it.

Just guessing that they do this because in the past too many people tried to empty it by deleting it. :unsure:

 

-Mz



#8 gben123

gben123
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 14 August 2013 - 07:27 PM

Since running TFC the problem has gone away. Upon checking, it turns out that hidden file systems was somehow enabled (i.e. hidden)...I usually keep it disabled. My main concern was that this wasn't a legitimate MSE popup.

 

Thanks for your help



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 PM

Posted 14 August 2013 - 07:36 PM

You're welcome.

:thumbup2: Tips to protect yourself against malware and reduce the potential for re-infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users