- Aug 2, 2010
- 32
- 0
- 18,530
I recently installed Avira's Premium Security Suite 10.2100.672 , and while going through the post boot routine, and I am looking through the temporarily suspended files awaiting my input, I get pop ups stating "Windows explorer is trying to establish a TCP connection", and of course i have all the usual options...but WHY would this over-hyped File Manager, NEED a TCP connection, and curiously enough, there were a number of instances of windows explorer in those tagged as malware/virus in the list along with other normally common windows service files, like svchost.exe, cttmon.exe, csrss.exe, as well as DLL's such as Kernel32.DLL wsock.DLL, wininet.DLL.
Overall i have 109 of these files in the temporarily suspended list. along with the small sampling i listed there are approximately 20 different file names spread acxross the 109 files... AT THIS MOMENT, as soon as i go back to using that machine the number will climb after each incident.
I am aware that windows 7 has automatic redundancy checks on most integral actively used operations and systems and services files, that if any are accidentally deleted, windows quickly replaces them in up to three simultaneous locations, to ensure it is VIRTUALLY impossible to get rid of some of these files, and i mention this because it is the only thing i can think of that makes sense to explain why it keeps popping up like it does, because each time Avira stops one, windows replaces it, right.... but what i want to know is are these actually FALSE positives? for sure??? since they are recursively persistent. Or are they really viruses or malware, mimicking or taking inspiration from this windows function, and keeping the infections on the drive?
I also know that often times malware writers will write their code to files with the same names as regular windows operations files to keep them obscure and from being obvious in nature.
However, how can all these be viruses, and the real time protection pops up with almost every folder i open with another short list of instances of these same named files from the same path source, for the most part, C:\windows\system32\ or just c:\windows. I am not sure if there were other files also popping up as attempting to reach outside the network, as so much happens at one time immediately post booting, and since it is a new install it has to ask almost every file at least once beyond those assigned as allowed by default.
i would really appreciate learning how to determine what these are, and if it is normal for WINDOWS explorer (emphasis is for those inherrantly confusing that with INTERNET explorer
) to attempt to connect through a TCP connection, and if so WHY??? Isn't WER and, DRM enough LOL! (I laugh but it is kind of Big Brother-ish if you even crawled through one of those wer cab folders and saw what really gets transmitted... granted nothing to connect me...EXCEPT THE PATH C:\USERS\DANIEL\PROGRAM FILES ... YEAH THEY DON'T COLLECT ANY PERSONALLY IDENTIFIABLE INFORMATION, AND MY ip address is also recorded no? Hmmm can we count 2 + 2 = violation of privacy... but that's for another thread... just a little overly passionate about these things )
Thanks to anyone who is patient enough to read through my post and provides any enlightenment as to what I should think of these circumstances and how should I best proceed.
It would be greatly appreciated... BTW I have two other problematic threads posted elsewhere of which at least one may be resolved based on the out come of this one! This is the primary reason for going with a new virus scanner, never did care for MS Security Essentials!
Again THANKS!
TSG!
Overall i have 109 of these files in the temporarily suspended list. along with the small sampling i listed there are approximately 20 different file names spread acxross the 109 files... AT THIS MOMENT, as soon as i go back to using that machine the number will climb after each incident.
I am aware that windows 7 has automatic redundancy checks on most integral actively used operations and systems and services files, that if any are accidentally deleted, windows quickly replaces them in up to three simultaneous locations, to ensure it is VIRTUALLY impossible to get rid of some of these files, and i mention this because it is the only thing i can think of that makes sense to explain why it keeps popping up like it does, because each time Avira stops one, windows replaces it, right.... but what i want to know is are these actually FALSE positives? for sure??? since they are recursively persistent. Or are they really viruses or malware, mimicking or taking inspiration from this windows function, and keeping the infections on the drive?
I also know that often times malware writers will write their code to files with the same names as regular windows operations files to keep them obscure and from being obvious in nature.
However, how can all these be viruses, and the real time protection pops up with almost every folder i open with another short list of instances of these same named files from the same path source, for the most part, C:\windows\system32\ or just c:\windows. I am not sure if there were other files also popping up as attempting to reach outside the network, as so much happens at one time immediately post booting, and since it is a new install it has to ask almost every file at least once beyond those assigned as allowed by default.
i would really appreciate learning how to determine what these are, and if it is normal for WINDOWS explorer (emphasis is for those inherrantly confusing that with INTERNET explorer
) to attempt to connect through a TCP connection, and if so WHY??? Isn't WER and, DRM enough LOL! (I laugh but it is kind of Big Brother-ish if you even crawled through one of those wer cab folders and saw what really gets transmitted... granted nothing to connect me...EXCEPT THE PATH C:\USERS\DANIEL\PROGRAM FILES ... YEAH THEY DON'T COLLECT ANY PERSONALLY IDENTIFIABLE INFORMATION, AND MY ip address is also recorded no? Hmmm can we count 2 + 2 = violation of privacy... but that's for another thread... just a little overly passionate about these things )Thanks to anyone who is patient enough to read through my post and provides any enlightenment as to what I should think of these circumstances and how should I best proceed.
It would be greatly appreciated... BTW I have two other problematic threads posted elsewhere of which at least one may be resolved based on the out come of this one! This is the primary reason for going with a new virus scanner, never did care for MS Security Essentials!
Again THANKS!
TSG!
Facebook
Twitter
Instagram