A reader was warned by his security software of a 'rogue program' attempting to connect to the internet from his PC. But is it a virus, or a false positive? Our Helproom Expert outlines how to approach the problem.
QUESTION Virgin Media Security's firewall produced the error message shown in the screenshot below. I selected the Block option, since the .exe file appears to come from my D drive – this is used only for personal files and not applications.
However, I couldn't find this path or file on my system, even with Hidden Folders visible. I found a couple of spurious companies online that offer to fix the virus if I download their software. I fear this may be a phishing scam, but I'm not sure. My security software is up to date and a full scan revealed no problems. Please help. David Sawers
HELPROOM ANSWER We can't be absolutely certain from the information provided, David, but this file appears to be some sort of update program attempting to run. The IP address specified belongs to Microsoft, while the remote port 80 tells us it's trying to communicate with a web server. Browsing to this address brings up details on the Microsoft Customer Experience Improvement programme. Did you recently agree to take part, perhaps by selecting an option during an installation?
While the program looks as though it may be safe malware often disguises itself as legitimate code to trick you into running it. It's therefore advisable to run a virus scan on any such programs.
Updates typically delete themselves once they've completed their task. When you selected Block, you prevented the program from connecting to the internet but you didn't stop it from running. It has probably now deleted itself, which explains why you can't find the file on your hard drive.
See all How to articles
Get free tech support in the Helproom Forum