Wondering if anyone can offer insight to this annoying program access.

My Zonealarm keeps asking (usually once a day) if I will allow this app to access the internet.
I click ‘deny’ because I have no idea which program it belongs too.

I think it is benign but can’t be 100% sure.
I’ve tried to find it by looking in the folder address but can’t find any clue as to what it is.
Don’t worry about the missing part after ‘users’, that’s just my name.

• The “.tmp” part changes each time

That looks typical of a virus. Update and run your antivirus program. Update and run Malwarebytes.

https://www.malwarebytes.org/

fsm said:

That looks typical of a virus. Update and run your antivirus program. Update and run Malwarebytes.

https://www.malwarebytes.org/

I’ve already run updated malwarebytes and superantispyware, plus my Avast antivirus updates automatically.

Nothing shows up on any of these scans.

Some worms and viruses morph to avoid detection. Boot into safe mode and try running full scans again.

Oh ok, cheers fsm, I’ll try that later, just doing some work at the moment.

I’ve just updated mbam and running it in the background while I work, will try the safe mode later.

My gut feeling is that it’s benign but I just want to know which program it belongs too.

thanks

A normal program will install and register itself. A virus or other nasty will often run out of a temp folder with an ever changing namepath.

Yes, what you’re saying does make sense.

If you right-click on that Setup.exe and select Properties then you may find a description or a name of the author (if it is legitimate).

If Zone Alarm will tell you who it is trying to connect to then you could Google that IP and find out if it is a known rogue site.

If none of those are doing the job, try Adwcleaner

fsm said:

If you right-click on that Setup.exe and select Properties then you may find a description or a name of the author (if it is legitimate).

That’s the thing, I can’t find this setup exe, that image I posted is just the Zonealarm popup letting me know it didn’t execute because I denied it.

You know, I’m wondering if it has something to do with the new Epson printer I installed 2 months ago.

mbam says I’m clean.
I’ve never had issues with viruses …ever…thankfully, I am quite diligent in being careful in this regard.

Teleost said:

If none of those are doing the job, try Adwcleaner

I might give this a try, just for the hell of it.

cheers

Aquila said:

You know, I’m wondering if it has something to do with the new Epson printer I installed 2 months ago.

I’ll test this theory by uninstalling the printer for a few days.

It’s interesting, just chatting about things with other people can inspire new ideas, thoughts or avenues to pursue

cheers :-D

I’m always inspired here

At the risk of stating the obvious, try checking the “setup.exe” path before you click “OK” next time the error pops up.

A few years ago I had a vaguely similar issue with my work computer, and finished up using shexview to find that a bot had installed itself and was using shell extensions to execute itself. I posted details on the old TeckTalk, but it seems to be gone.

btm said:

At the risk of stating the obvious, try checking the “setup.exe” path before you click “OK” next time the error pops up.

A few years ago I had a vaguely similar issue with my work computer, and finished up using shexview to find that a bot had installed itself and was using shell extensions to execute itself. I posted details on the old TeckTalk, but it seems to be gone.

hmmm, your logic suggests that this pftDxxx.tmp file will locate itself, momentarily in this temp folder, which might allow me to ascertain what program it belongs too?

Aquila said:

You know, I’m wondering if it has something to do with the new Epson printer I installed 2 months ago.

My money is on this.

Aquila said:

btm said:

At the risk of stating the obvious, try checking the “setup.exe” path before you click “OK” next time the error pops up.

A few years ago I had a vaguely similar issue with my work computer, and finished up using shexview to find that a bot had installed itself and was using shell extensions to execute itself. I posted details on the old TeckTalk, but it seems to be gone.

hmmm, your logic suggests that this pftDxxx.tmp file will locate itself, momentarily in this temp folder, which might allow me to ascertain what program it belongs too?

Pretty much. If you can find it you can examine it, and find out what it’s doing.