Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is WinStore.Mobile.exe?


  • Please log in to reply
28 replies to this topic

#16 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:23 AM

Posted 31 August 2015 - 11:07 AM

Aura Post #15, given that that trick uses gpedit it won't work for users of the standard windows 8 OS, only for users on pro versions.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#17 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 31 August 2015 - 11:51 AM

There's apparently a way to manually download and use the gpedit.msc snap-in under Windows 8 (and even Windows 7 Starter and Home Premium) so it's possible.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#18 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 31 August 2015 - 08:35 PM

Atleast we can disallow outbound firewall traffic. I suspect Windows firewall won't let you lol. I use third party software firewall anyways. Hardware firewall you cannot effectly block it unless you block everything and that would pretty much break everything. Many apps dynamically open random ports. I am not sure if Cortana still logs even though it cannot reach outbound. If it does, then those logs are likely on lock down as well. As far as I can tell Winstore being blocked the appstore app will not connect and shows a blank screen. SearchUI.exe being blocked functions fine searching locally, but not Web search. If you click on search and click the cogwheel icon toggling those two switches turns web and Cortana nag screen off, essentially giving the same result, but they do not open ports to Microsoft. The gpedit policies will do that same, but that is extreme for all users and more administrative management. If you're the admin and it's your pc then you don't really need to configure the policies. I do notice that Diagtrack service is now connecting more often and opening ports. I guess Microsoft has multiple files to fall back on lol. That can be disabled I believe in services and/or firewall as well. Anyways my soft firewall (Norton) already had the entries for these two. Here's what what my firewall had along with the label...

 

[Search and Cortana application]
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

[Store]
C:\Windows\InfusedApps\Packages\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe


Edited by technonymous, 31 August 2015 - 08:36 PM.


#19 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 31 August 2015 - 08:40 PM

Apparently, Pat(rick) managed to block both incoming and outcoming communications for SearchUI.exe as I instructed him to do using the Windows Firewall.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#20 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 31 August 2015 - 09:03 PM

Yes, the firewall works, but that still doesn't answer the question if logs are still being kept and those are probably being sent out by other services like Diagtrack. There is real concern for this. Other countries governments are not going to allow this OS anywhere near their government infrastructure. That is if they know what's good for them.



#21 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 01 September 2015 - 05:20 AM

Well at least it blocks the connections for SearchUI.exe and that was the question in his other threads. For the other processes and services, I cannot say.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#22 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,107 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 02 September 2015 - 05:32 AM

@ Mokseng...in this post......http://www.bleepingcomputer.com/forums/t/588215/what-is-winstoremobileexe/#entry3803956.....

 

you said "" I realized that my nvidia gpu was running this file. I went to task manager to end that process, and my laptop runs faster.""

 

 

I have had an issue where my mouse movements are erratic etc etc....and in an attempt to isolate the culprit I updated my nvidia drivers.....

 

After reading your comment.....i looked in Task Manager.....and there are no less then 6 tasks belonging to nvidia......

 

I "ended" all of them.....and my pc is running like it is on steroids !!!....and the mouse 'erratica' is gone !

 

Thank You !

 

@ cat1092 and rp88 and technonymous........does "ending" those processes keep them that way permanently?......or is there another measure I can put in place ??


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#23 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 02 September 2015 - 05:33 AM

@ cat1092 and rp88 and technonymous........does "ending" those processes keep them that way permanently?......or is there another measure I can put in place ??


Killing processes only lasts until they are launched again during the time your system is open, or a restart. So you would have to disable them from being launched on startup if you want to prevent them from being executed automatically.

It seems like Windows 10 and NVIDIA drivers still don't play well together.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#24 mokseng

mokseng

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 02 September 2015 - 07:47 AM

Interesting. Cool.

#25 mokseng

mokseng

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 02 September 2015 - 07:49 AM

@ Mokseng...in this post......http://www.bleepingcomputer.com/forums/t/588215/what-is-winstoremobileexe/#entry3803956.....
 
you said "" I realized that my nvidia gpu was running this file. I went to task manager to end that process, and my laptop runs faster.""
 
 
I have had an issue where my mouse movements are erratic etc etc....and in an attempt to isolate the culprit I updated my nvidia drivers.....
 
After reading your comment.....i looked in Task Manager.....and there are no less then 6 tasks belonging to nvidia......
 
I "ended" all of them.....and my pc is running like it is on steroids !!!....and the mouse 'erratica' is gone !
 
Thank You !
 
@ cat1092 and rp88 and technonymous........does "ending" those processes keep them that way permanently?......or is there another measure I can put in place ??


Haha. You're welcome.

#26 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 03 September 2015 - 12:50 AM

AMD and Nvidia are working closely with Microsoft, but how is hooking a process to the GPU lowering it's performance going to resolve performance issues? With all this spying going on maybe they are trying find a way to  hook to your video, camera, sound etc. Scary thought. 


Edited by technonymous, 03 September 2015 - 12:53 AM.


#27 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,107 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 03 September 2015 - 01:39 AM

It turns out i was quite wrong about the mouse 'erratica'.....that turned out to be an add on in Firefox......(namely Custom New Tab 3.0)

 

However......i went to services.msc......and disabled ALL nvidia services there....and my pc has indeed had a 'steroid boost' as a result


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#28 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:23 AM

Posted 03 September 2015 - 03:18 AM

 

 

It seems like Windows 10 and NVIDIA drivers still don't play well together. 

 

That may help to explain 'why' it takes twice the time for AV/AM scans to run on Windows 10 versus Windows 7, all three of the computers that I reverted back to Windows 7 has a NVIDIA card. 

 

I do know that the GPU can handle these things, because some purchases a GPU for the sole purpose of bitcoin mining, so if that information can be received, processed & uploaded, so can other processes. Here is more information about the process & the areas it's been spotted the most. 

 

http://systemexplorer.net/file-database/file/winstore.mobile-exe/32727290

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#29 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 03 September 2015 - 05:20 AM

I don't seem to have the NVIDIA GPU Monitor on my system, so I cannot really check if Winstore.Mobile.exe is hooked to it. Personally, that process isn't even running on my system.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users