Jump to content

ESET banking & payment protection browser opened itself

nitrousoxide
 Share

Recommended Posts

nitrousoxide

nitrousoxide 0

Posted
Posted

Something strange happened today. I was away from my computer from 12 AM to 11 PM today.

However when I came back to my computer I was greeted with safe ESET browser window with PayPal page opened

(see screenshot 1). Weird, I thought. So I've decided to check browser history and found out that this page had opened at 6:33 PM. Nobody was using the computer at this time so it confused me. History also included the redirect link that made the browser open in the first place. Redirect link obviously doesn't work now but it's there if some ESET guys can help shed the light on what happened (see screenshot 2).

 

Is there any way I can figure out what prompted the PayPal page to open?

 

 

post-2350-0-75265600-1461447525_thumb.jpg

post-2350-0-06302900-1461447616_thumb.jpg

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

The secure browser opened as a result of opening the PayPal website in a browser. But as to why the site was opened, we can't tell. It was definitely not ESET that would have opened / accessed it.

Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted

The secure browser opened as a result of opening the PayPal website in a browser. But as to why the site was opened, we can't tell. It was definitely not ESET that would have opened / accessed it.

Well that is very strange... I've checked history on my regular Chrome browser and there was nothing indicating an attempt to open PayPal website at 6:33 PM

In fact the history at the times when I was away was completely blank as it should be. Could it be something else that prompted the safe browser to open? 

Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted (edited)

Where was the mouse pointer when you left ? I have had table movement move my mouse pointer. Never know !!

I don't usually pay attention to such stuff. But what difference does it make? Even if the pointer had moved I don't see how it could open the window

When I left I had VLC media player in fullscreen. As I woke up VLC was still fullscreen but there was the safe browser window atop of it with PayPal website on

 

Pretty certain it wasn't my browser that triggered it since there is absolutely nothing in its history at 6:33 mark and a few hours before that

Edited by nitrousoxide
Link to comment
Share on other sites
TomFace

TomFace 539

Posted
Posted (edited)

Hello nitrous. I trust you have Windows remote assistance disabled?

Is the ESS firewall in automatic mode?

Any jokers(fun type folks) or kids in the area?

Edited by TomFace
Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted

Hello nitrous. I trust you have Windows remote assistance disabled?

Is the ESS firewall in automatic mode?

Any jokers(fun type folks) or kids in the area?

Hey Tom. Yes it is disabled. The firewall is in auto mode. About the jokers, not that I know of, at least personally.

 

Remember, this is Windows, anything can happen.

That's pretty much spot on. I've seen so much weird going on in the past it shouldn't surprise me anymore but it still does lol. Like Chrome browser open on its own in the past which was a known bug by the way. Guess I'm little paranoid or something

 

Actually I had opened paypal website through the secure browser before the occurrence in order to track my parcel so it's not completely out of the blue. Still don't understand why it would open itself on its own again but guess I'll never figure it out. 

Link to comment
Share on other sites
ken1943

ken1943 22

Posted
Posted (edited)

Check out your desktop shortcuts that may be involved to make sure nothing was added.

This is a bummer to check out, tasks in task manager.

Sounds like a "path ?" got added somewhere.

Reinstall SS

Reboot the computer more than once.

 

Is that a game open is the background ? Nothing should be open when accessing a banking site.

 

Like everyone else these are just guesses

Edited by ken1943
Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted

Check out your desktop shortcuts that may be involved to make sure nothing was added.

This is a bummer to check out, tasks in task manager.

Sounds like a "path ?" got added somewhere.

Reinstall SS

Reboot the computer more than once.

 

Is that a game open is the background ? Nothing should be open when accessing a banking site.

 

Like everyone else these are just guesses

 

No new shortcuts were added. What do you mean the path got added?

Also what's SS? 

Sorry didn't quite understand that.

It was a twitch stream I was watching in a different tab, not a game

Also used process explorer to check processes, nothing suspicious.

same for eset live grid

Link to comment
Share on other sites
ken1943

ken1943 22

Posted
Posted (edited)

Smart Security

If you right click on a shortcut, it shows the path to the program. If you use the right arrow you can see if anything has been

added. BE CAREFUL so you don't delete it.

 

When I use my bank site there is nothing else open in the browser. No tabs NOTHING.

I don't use a "safe" browser since I don't understand how it works.

Try it for a time without tabs or anything else.

Edited by ken1943
Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted (edited)

Smart Security

If you right click on a shortcut, it shows the path to the program. If you use the right arrow you can see if anything has been

added. BE CAREFUL so you don't delete it.

 

When I use my bank site there is nothing else open in the browser. No tabs NOTHING.

I don't use a "safe" browser since I don't understand how it works.

Try it for a time without tabs or anything else.

Well, I do have a Chrome and Safe Browser shortcuts on desktop. I guess I should be looking out for these? If so, no extra paths were added to these shortcuts. No SS shortcut though

The point is I wasn't even trying to use the safe browser. It just comes up randomly so I cannot possibly know when to close my tabs lol

 

I will reinstall SS later if all else fails. I'll see if it happens again and if it does I'll try to disable the safe browser completely to see if it will still come up

Edited by nitrousoxide
Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted

I guess a reinstall of Eset SS would be the last of my strange ideas.

Good luck, let us know when it gets cured.

Hey really appreciate your help man... 

 

I just hope it's not a virus or anything. I've scanned with malware bytes and eset didn't find anything. 

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

There have been past instances with Chrome and it opening by itself as mentioned previous: hxxp://www.techrepublic.com/blog/google-in-the-enterprise/the-google-chrome-startup-mystery-troubleshooting-the-ghost-in-the-machine/ . I believe this instance was caused by a "borked" Chrome update. So I would strongly suspect the issue to be Chrome related.

 

I would look at your Chrome logs for anything abnormal. If all else fails, you can always reinstall Chrome.

Link to comment
Share on other sites
nitrousoxide

nitrousoxide 0

Posted
  • Author
Posted (edited)

There have been past instances with Chrome and it opening by itself as mentioned previous: hxxp://www.techrepublic.com/blog/google-in-the-enterprise/the-google-chrome-startup-mystery-troubleshooting-the-ghost-in-the-machine/ . I believe this instance was caused by a "borked" Chrome update. So I would strongly suspect the issue to be Chrome related.

 

I would look at your Chrome logs for anything abnormal. If all else fails, you can always reinstall Chrome.

Wow great post... Do appreciate your help sir

 

I've read through the article you provided. Not quite the same issue and nothing about chrome self launching but pretty helpful nonetheless. I've had issues with Chrome in the past so it doesn't surprise me that the borked update could cause that. Unfortunately I don't have any .log files in my chrome installation folder... So I cannot check the logs. But I will definitely be reinstalling Chrome once I at least attempt to narrow down the problem and its nature. I already thought of this issue to be Chrome related and you reinforced my belief.

Thank you!

 

Oh and by the way I do have 2 folders in my Application folder too...

49.0.2623.112 - last modified date is 8th of April

50.0.2661.87 - last modified date 24th of April

Maybe that could be related

Edited by nitrousoxide
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...