nitrousoxide 0 Posted April 23, 2016 Posted April 23, 2016 Something strange happened today. I was away from my computer from 12 AM to 11 PM today. However when I came back to my computer I was greeted with safe ESET browser window with PayPal page opened (see screenshot 1). Weird, I thought. So I've decided to check browser history and found out that this page had opened at 6:33 PM. Nobody was using the computer at this time so it confused me. History also included the redirect link that made the browser open in the first place. Redirect link obviously doesn't work now but it's there if some ESET guys can help shed the light on what happened (see screenshot 2). Is there any way I can figure out what prompted the PayPal page to open?
Administrators Marcos 5,451 Posted April 24, 2016 Administrators Posted April 24, 2016 The secure browser opened as a result of opening the PayPal website in a browser. But as to why the site was opened, we can't tell. It was definitely not ESET that would have opened / accessed it.
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 The secure browser opened as a result of opening the PayPal website in a browser. But as to why the site was opened, we can't tell. It was definitely not ESET that would have opened / accessed it. Well that is very strange... I've checked history on my regular Chrome browser and there was nothing indicating an attempt to open PayPal website at 6:33 PM In fact the history at the times when I was away was completely blank as it should be. Could it be something else that prompted the safe browser to open?
ken1943 22 Posted April 24, 2016 Posted April 24, 2016 Where was the mouse pointer when you left ? I have had table movement move my mouse pointer. Never know !!
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 (edited) Where was the mouse pointer when you left ? I have had table movement move my mouse pointer. Never know !! I don't usually pay attention to such stuff. But what difference does it make? Even if the pointer had moved I don't see how it could open the window When I left I had VLC media player in fullscreen. As I woke up VLC was still fullscreen but there was the safe browser window atop of it with PayPal website on Pretty certain it wasn't my browser that triggered it since there is absolutely nothing in its history at 6:33 mark and a few hours before that Edited April 24, 2016 by nitrousoxide
TomFace 539 Posted April 24, 2016 Posted April 24, 2016 (edited) Hello nitrous. I trust you have Windows remote assistance disabled? Is the ESS firewall in automatic mode? Any jokers(fun type folks) or kids in the area? Edited April 24, 2016 by TomFace
ken1943 22 Posted April 24, 2016 Posted April 24, 2016 Remember, this is Windows, anything can happen.
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 Hello nitrous. I trust you have Windows remote assistance disabled? Is the ESS firewall in automatic mode? Any jokers(fun type folks) or kids in the area? Hey Tom. Yes it is disabled. The firewall is in auto mode. About the jokers, not that I know of, at least personally. Remember, this is Windows, anything can happen. That's pretty much spot on. I've seen so much weird going on in the past it shouldn't surprise me anymore but it still does lol. Like Chrome browser open on its own in the past which was a known bug by the way. Guess I'm little paranoid or something Actually I had opened paypal website through the secure browser before the occurrence in order to track my parcel so it's not completely out of the blue. Still don't understand why it would open itself on its own again but guess I'll never figure it out.
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 Alright guys crazy news. I was just checking this very forum for updates and suddenly the PayPal window opened again.... In case you don't believe me I've caught this on video https://vid.me/v0tE Seriously, what the hell is going on?
ken1943 22 Posted April 24, 2016 Posted April 24, 2016 (edited) Check out your desktop shortcuts that may be involved to make sure nothing was added. This is a bummer to check out, tasks in task manager. Sounds like a "path ?" got added somewhere. Reinstall SS Reboot the computer more than once. Is that a game open is the background ? Nothing should be open when accessing a banking site. Like everyone else these are just guesses Edited April 24, 2016 by ken1943
TomFace 539 Posted April 24, 2016 Posted April 24, 2016 (edited) Wow, that 's bizarre. (FYI...a little paranoia isn't necessarily a bad thing). Edited April 24, 2016 by TomFace
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 Check out your desktop shortcuts that may be involved to make sure nothing was added. This is a bummer to check out, tasks in task manager. Sounds like a "path ?" got added somewhere. Reinstall SS Reboot the computer more than once. Is that a game open is the background ? Nothing should be open when accessing a banking site. Like everyone else these are just guesses No new shortcuts were added. What do you mean the path got added? Also what's SS? Sorry didn't quite understand that. It was a twitch stream I was watching in a different tab, not a game Also used process explorer to check processes, nothing suspicious. same for eset live grid
ken1943 22 Posted April 24, 2016 Posted April 24, 2016 (edited) Smart Security If you right click on a shortcut, it shows the path to the program. If you use the right arrow you can see if anything has been added. BE CAREFUL so you don't delete it. When I use my bank site there is nothing else open in the browser. No tabs NOTHING. I don't use a "safe" browser since I don't understand how it works. Try it for a time without tabs or anything else. Edited April 24, 2016 by ken1943
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 (edited) Smart Security If you right click on a shortcut, it shows the path to the program. If you use the right arrow you can see if anything has been added. BE CAREFUL so you don't delete it. When I use my bank site there is nothing else open in the browser. No tabs NOTHING. I don't use a "safe" browser since I don't understand how it works. Try it for a time without tabs or anything else. Well, I do have a Chrome and Safe Browser shortcuts on desktop. I guess I should be looking out for these? If so, no extra paths were added to these shortcuts. No SS shortcut though The point is I wasn't even trying to use the safe browser. It just comes up randomly so I cannot possibly know when to close my tabs lol I will reinstall SS later if all else fails. I'll see if it happens again and if it does I'll try to disable the safe browser completely to see if it will still come up Edited April 24, 2016 by nitrousoxide
ken1943 22 Posted April 24, 2016 Posted April 24, 2016 I guess a reinstall of Eset SS would be the last of my strange ideas. Good luck, let us know when it gets cured.
nitrousoxide 0 Posted April 24, 2016 Author Posted April 24, 2016 I guess a reinstall of Eset SS would be the last of my strange ideas. Good luck, let us know when it gets cured. Hey really appreciate your help man... I just hope it's not a virus or anything. I've scanned with malware bytes and eset didn't find anything.
itman 1,801 Posted April 24, 2016 Posted April 24, 2016 There have been past instances with Chrome and it opening by itself as mentioned previous: hxxp://www.techrepublic.com/blog/google-in-the-enterprise/the-google-chrome-startup-mystery-troubleshooting-the-ghost-in-the-machine/ . I believe this instance was caused by a "borked" Chrome update. So I would strongly suspect the issue to be Chrome related. I would look at your Chrome logs for anything abnormal. If all else fails, you can always reinstall Chrome.
nitrousoxide 0 Posted April 25, 2016 Author Posted April 25, 2016 (edited) There have been past instances with Chrome and it opening by itself as mentioned previous: hxxp://www.techrepublic.com/blog/google-in-the-enterprise/the-google-chrome-startup-mystery-troubleshooting-the-ghost-in-the-machine/ . I believe this instance was caused by a "borked" Chrome update. So I would strongly suspect the issue to be Chrome related. I would look at your Chrome logs for anything abnormal. If all else fails, you can always reinstall Chrome. Wow great post... Do appreciate your help sir I've read through the article you provided. Not quite the same issue and nothing about chrome self launching but pretty helpful nonetheless. I've had issues with Chrome in the past so it doesn't surprise me that the borked update could cause that. Unfortunately I don't have any .log files in my chrome installation folder... So I cannot check the logs. But I will definitely be reinstalling Chrome once I at least attempt to narrow down the problem and its nature. I already thought of this issue to be Chrome related and you reinforced my belief. Thank you! Oh and by the way I do have 2 folders in my Application folder too... 49.0.2623.112 - last modified date is 8th of April 50.0.2661.87 - last modified date 24th of April Maybe that could be related Edited April 25, 2016 by nitrousoxide
Recommended Posts