Secure Browser: Remote Control Warning

[Chance 0]

I have been using Eset Internet Security for a couple of years, but this message was new to me:

When I opened the secure browser, I got a warning message like this: "This computer is remotely controlled. Using internet banking may be unsafe. In case you use this software by pupose, you can safely ignore this message. The remote access software is: svchost.exe" (translated by myself, so the original wording will likely be quite different.)

I am not aware of my machine being remotely controlled, but I have seen svchost.exe running in the past as well. So I wonder what to make from this message - is there a threat to me? How to find out?

[Marcos 5,070]

Svchost.exe is a standard system process, not necessarily malware. Couldn't it be that you are connected to the machine via RDP?

[Chance 0]

Thank you for this quick answer.

No, I am not connected by RDP, I am working directly at the machine (with keyboard, mouse, LAN and monitor attached).

[itman 1,659]

2 hours ago, Chance said:

When I opened the secure browser, I got a warning message like this: "This computer is remotely controlled. Using internet banking may be unsafe. In case you use this software by pupose, you can safely ignore this message. The remote access software is: svchost.exe"

Post a screen shot of this.

I can find no reference to such an alert generated from Banking and Payment Protection. I am also wondering how it would be able to detect such activity. In normal operation, B&PP opens another browser instance in a locked down mode via an Eset process. The message being displayed seems to indicate that svchost.exe is initiating the display of locked down browser instance.

Edited March 10, 2021 by itman

[Chance 0]

(1) My immediate concern is gone. After a reboot, the secure browser behaves as usual.

(2) I am still curious what may have happened, so I have attached the screenshot, in case you are still willing to have a look at it. The text in the little grey box is the same as the text in the yellow box.

Thank you so much!

[Marcos 5,070]

I was able to reproduce it only when connected to the machine via RDP:

[itman 1,659]

I am assuming that the OP is running a Win 10 Home version? If this is the case, RDP is not installed; at least the inbound portion of it.

It is possible to install RDP on Win 10 Home but the RDP wrapper would have to be downloaded and then installed as noted here: https://www.itechtics.com/remote-desktop-windows-10-home/ . Finally, Win 10 would have to be configured to use RDP.

@Chance did you do all the above previously?

[Chance 0]

I am running Win 10 Pro, and way back when the computer was new (maybe 3 years ago) I did try RDP but have never seriously used it and certainly not within the last year. I do however use TeamViewer (support for my mother and my father-in-law) and RealVNC on a regular basis.

 

[itman 1,659]

1 hour ago, Chance said:

am running Win 10 Pro, and way back when the computer was new (maybe 3 years ago) I did try RDP but have never seriously used it and certainly not within the last year.

I would then strongly advise you disable RDP use and also its associated services.

Also disable Eset's default firewall rule that allows inbound RDP traffic. This is done by disabling Eset's "Allow remote desktop in Trusted Zone" in the firewall Services section.

 

Edited March 11, 2021 by itman

[peteyt 393]

2 hours ago, Chance said:

I am running Win 10 Pro, and way back when the computer was new (maybe 3 years ago) I did try RDP but have never seriously used it and certainly not within the last year. I do however use TeamViewer (support for my mother and my father-in-law) and RealVNC on a regular basis.

 

I can confirm that I have received this warning a few months ago in secure browser. It occurred when I began a remote connection to my father's computer using TeamViewer which you mention using.

I don't get the message when TeamViewer is running and logged on but not connected to another machine. Where you connected to anything when this popped up?

[Chance 0]

12 hours ago, itman said:

I would then strongly advise you disable RDP use and also its associated services.

Also disable Eset's default firewall rule that allows inbound RDP traffic. This is done by disabling Eset's "Allow remote desktop in Trusted Zone" in the firewall Services section.

 

Thank you itman, I disbaled RDP in both Win10 and Eset.

[Chance 0]

11 hours ago, peteyt said:

I can confirm that I have received this warning a few months ago in secure browser. It occurred when I began a remote connection to my father's computer using TeamViewer which you mention using.

I don't get the message when TeamViewer is running and logged on but not connected to another machine. Where you connected to anything when this popped up?

I wonder whether some game could do such thing.

I had my session running for a while, and in between my son used the computer with his own account. He watched youtube, played browser-games and Roblox.