Solved

Strange .exe.part file listed in Network Applications but not in logs

  • 30 October 2012
  • 6 replies
  • 74 views

Hi,
 
By chance, I've just noticed a strange file which has been allowed firewall access in my Network Applicaions list in Secure Anywhere (8.0.2.27).
 
It's called sd7sfnzj.exe.part, which was apparently in my %TEMP% folder. This looks suspiciously like malware to me. I realise that .part files are Firefox download files, but I don't normally used Firefox's own download manager, and I wouldn't expect it to be executing .part files anyway.
 
The file is no longer present, and I can't find any reference to it if I save and examine a scan log. I've run a few checks with various AV tools, none of which reported anything.
 
Webroot did block a couple of websites yesterday when I searched for thunderbird in Google - it was complaining about some sites at rediff.com. Could this be the source of the trouble?
 
Can you shed any light on why there is seemingly no log of this .part file having been examined by Webroot, but it is an allowed network application? Does this mean that it was blocked before actually running?
 
Thanks,
Jim
icon

Best answer by MikeR 31 October 2012, 20:58

View original

6 replies

Userlevel 7
I agree that this seems suspicious especially since you do not download from FF. It would have been "monitored" before running and before being set to "allowed". If it was "blocked" it would not be running and the programs malicious activity would have been rolled back.
 
Please Open a Support Ticket for a potential threat and our engineers will investigate further.
Thanks. Will do.
I've opened a support ticket, and have been asked to:
 
"It would be very useful to have the log files from the Webroot SecureAnywhere application on the affected system to help us identify your issue. In order to submit the information we need, please right-click the SecureAnywhere icon in your system tray (next to the system clock display) on the computer which is experiencing the problem, then choose "Help and Support". On the page that appears, click "Open a Support Ticket" and log in, if prompted. By following this step, the necessary logs should get automatically uploaded for our review and trouble-shooting."
 
I'm not sure how that's supposed to work - it just opens a browser window, where I can log in and update my current support ticket. I can add more detail to the ticket, but I can't see how the logs would get automatically uploaded?
Userlevel 7
You can provide a brief update to the ticket. They are referring to are a very basic set of logs containing information about SecureAnywhere and its interactions on your system. The logs are submitted when a customer with SecureAnywhere on their computer submits a support ticket.
 
A simple response is all they really need. 😃
Thanks for the update Mike. Is the log data embedded in the URL or something? I can't see how it would otherwise be uploaded via Firefox.
Userlevel 7
Hey jimbo_l,
 
Your question was responded to in the support system but I will provide an update on this thread as well. It is not embedded in the URL and is dependent on having SecureAnywhere on the system that the support ticket is initialized from. The logs are securely encrypted and help expedite troubleshooting for support issues. If you wish to de-selct this feature you can do so by following the instructions below.
 
Disabling Enhanced Customer Support
1.Open SecureAnywhere
2. Click Settings
3. Click Access Controls
4. Remove the check mark from Enable Enhanced Customer Support
 
An update from our engineers will be provided on your support ticket to answer your remaining questions.

Reply