Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Non-Sucking service Manager: Is there an infection issue?


  • Please log in to reply
2 replies to this topic

#1 chiiibill

chiiibill

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 02 February 2017 - 10:47 AM

I've been told that Hitman Pro might be a bit too aggressive.

It came up with the following malware alert;

 

nssm.exe - Malware

C:\ExpressVPN\bootstrap\AMD64

 

Did a search on this and there seems to be quite a few people with concerns re: nssm.exe (Non-Sucking service Manager).

 

Anyone familiar with this .exe and ExpressVPN's use of it?

 

Thanks


Edited by chiiibill, 02 February 2017 - 10:48 AM.


BC AdBot (Login to Remove)

 


#2 chiiibill

chiiibill
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 02 February 2017 - 03:52 PM

KIS now hit with with similar warning (though not calling it malware, according to 'Details', it is a RiskTool).

 

KIS_zpsdxrbwe2s.pngHP_zpsgopfnx2d.jpg


Edited by chiiibill, 02 February 2017 - 08:47 PM.


#3 chiiibill

chiiibill
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 03 February 2017 - 09:49 AM

This is the reply received from ExpressVPN:

 

Thanks for contacting ExpressVPN support.

We understand that you're concerned with a file named nssm.exe that our app is using. This particular file's purpose is to keep a particular service running and attempt to restart the service whenever it encountered an issue and stopped all of a sudden. 

It is important for the ExpressVPN service to be active all the time to keep you protected while you are browsing. 

This particular program serves it's purpose for Trusted Applications such as ExpressVPN. If this file is present on your system without such apps, then it may be considered malicious. To identify if nssm.exe is only running a trusted application, you may go to your Task Manager and look for the Non-Sucking Service Manager. Expand the sevices running under the process and if you see ExpressVPN service, then there shouldn't be any problems.

To know more about this application's usage and the developer behind it. You can check this link:
https://nssm.cc/scenarios

Hope this helps. Let us know if you have other concerns and we'll be glad to assist.

Regards,

---------------------------------------------------------

 

Good enough? Checked and only the VPN is currently using it (as far as I can tell). But do I want it sitting there waiting to be compromised? Have to keep checking? Keep Task Manager running constantly?


Edited by chiiibill, 03 February 2017 - 09:54 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users