Author Topic: Is this a real threat?  (Read 14664 times)

0 Members and 2 Guests are viewing this topic.

April 12, 2017, 09:49:19 PM

Rivanni

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Is this a real threat?
« on: April 12, 2017, 09:49:19 PM »
Code: [Select]
RogueKiller V12.10.4.0 (x64) [Apr 10 2017] (Free) by Adlice Software
Operating System : Windows 10 (10.0.15063) 64 bits version

¤¤¤ Files : 1 ¤¤¤
[Adw.WinSec|PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found

Is this a real threat? The folder contains browsercore.exe (no hits in VirusTotal) and a manifest.json file.
In the json file these lines of text:
Code: [Select]
{
  "name": "com.microsoft.browsercore",
  "description": "BrowserCore",
  "path": "BrowserCore.exe",
  "type": "stdio",
  "allowed_origins": [
    "chrome-extension://ppnbnpeolgkicgegkbkbjmhlideopiji/"
  ]
}

When I search for that extension I get
https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji
which is an extension for "Sign in to supported websites with accounts on Windows 10".
It's made by Microsoft.
Sounds legit.
The only thing is that I don't have this extension installed.

Reply #1April 12, 2017, 10:56:23 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Is this a real threat?
« Reply #1 on: April 12, 2017, 10:56:23 PM »
Hi Rivanni,

Welcome to Adlice.com Forum.

This folder is quite unknown but it may be part of Windows 10 Creators Update.
Could you please zip the whole folder and attach the archive with your next reply ?

Regards.

Reply #2April 30, 2017, 10:53:27 PM

bel57

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Is this a real threat?
« Reply #2 on: April 30, 2017, 10:53:27 PM »
Hello there,

Glad I found a topic exactly related to my issue. I performed a scan with RogueKiller previously today and no thread found.
But now it just detected C:\Program Files\Windows Security as a PUP.Gen1 activity.

Looks like this is legit and corresponds to a browser addon allowing to directly connect via supported websites (mostly MS/Azure).
https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji
https://azure.microsoft.com/services/active-directory/
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/17438821-add-support-for-google-chrome-under-azure-ad-condi

Pretty sure it's related to Win10 Creators Update.

Reply #3April 30, 2017, 11:30:36 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Is this a real threat?
« Reply #3 on: April 30, 2017, 11:30:36 PM »
Hi bel,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

Reply #4May 01, 2017, 12:01:59 AM

bel57

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Is this a real threat?
« Reply #4 on: May 01, 2017, 12:01:59 AM »
Here you go. By the way, can you tell me if you find anything wrong?
I think everything is all green, but well, prevention is better than cure  :P

Reply #5May 01, 2017, 02:51:54 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Is this a real threat?
« Reply #5 on: May 01, 2017, 02:51:54 PM »
Hi bel,

Everything is OK.
Your system is clean.

Regards.

Reply #6May 01, 2017, 02:54:25 PM

bel57

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Is this a real threat?
« Reply #6 on: May 01, 2017, 02:54:25 PM »
Thanks for your fast reponse and feedback.

RogueKiller rules  :)

Reply #7May 01, 2017, 03:08:04 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Is this a real threat?
« Reply #7 on: May 01, 2017, 03:08:04 PM »
Hi bel,

You are welcome.
Thanks for the kind words.

Regards.