If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
"Suspicious Warning Message from MSE"
Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). Thank you ! |
Ads |
#2
|
|||
|
|||
"Suspicious Warning Message from MSE"
"anonymous" wrote in message
... Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). http://www.file.net/process/mhotkey.exe.html What are you using for real-time protection? MSE isn't protecting your machine. |
#3
|
|||
|
|||
"Suspicious Warning Message from MSE"
anonymous wrote:
Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). Thank you ! There is a subtle difference between 1) Checking the DLLs in System32 2) Checking your "Expense_Report.doc" before opening it in MS Word. Disabling real-time scanning, disables (2). The item in step (1) is necessary, for any prospective AV tool to assure itself the OS is not compromised. Only if the AV is sure the OS is safe, should the AV present a screen offering its services. So disabling real-time scanning, does not prevent a boot-time check from occurring for (1). And the boot time check might include checking services or startup items. ******* From a heuristic (behavioral) point of view, mHotkey.exe shares characteristics with a keylogger. In that, it runs privileged, and it "sniffs" the keyboard stream. And if mHotkey.exe was replaced with a keylogger, the report could be "for real". At a time like this, I might download Malwarebytes MBAM free on-demand scanner, and have it scan the system. If you have trouble getting MBAM to download, or trouble getting MBAM to start, that's generally a sign your system is compromised. https://en.wikipedia.org/wiki/Malwarebytes_Anti-Malware http://www.malwarebytes.org https://www.malwarebytes.org/downloads/ MBAM has three versions: 1) Paid version with real time protection. 2) Offers a 30 day trial of (1) 3) Completely free on-demand scanner that does not offer real time protection. You want the "free" version for your check right now. Not necessarily the trial version. MBAM runs in a currently-running copy of Windows, for the express purpose of doing heuristic (behavioral) checking. So if it sees mHotkey.exe sniffing the keyboard, and writing what was sniffed into a file (keylogging), then it can blow the whistle. Paul |
#4
|
|||
|
|||
"Suspicious Warning Message from MSE"
On Tuesday, October 6, 2015 at 2:19:41 PM UTC-5, Bruce Hagen wrote:
"anonymous" wrote in message ... Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). http://www.file.net/process/mhotkey.exe.html What are you using for real-time protection? MSE isn't protecting your machine. Nothing! I'm the only very careful user(no kids, and a spouse that has been extensively warned to just signal any irregularities to me, never do what you are instructed by some unknown popup, and simply walk away). In 8 years, this system has never run with any real time monitoring. I do run malicious, safety scanner, and MSE quick scan on a pretty regular basis. Gary |
#5
|
|||
|
|||
"Suspicious Warning Message from MSE"
On Tuesday, October 6, 2015 at 3:53:01 PM UTC-5, Paul wrote:
anonymous wrote: Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). Thank you ! There is a subtle difference between 1) Checking the DLLs in System32 2) Checking your "Expense_Report.doc" before opening it in MS Word. Disabling real-time scanning, disables (2). The item in step (1) is necessary, for any prospective AV tool to assure itself the OS is not compromised. Only if the AV is sure the OS is safe, should the AV present a screen offering its services. So disabling real-time scanning, does not prevent a boot-time check from occurring for (1). And the boot time check might include checking services or startup items. ******* From a heuristic (behavioral) point of view, mHotkey.exe shares characteristics with a keylogger. In that, it runs privileged, and it "sniffs" the keyboard stream. And if mHotkey.exe was replaced with a keylogger, the report could be "for real". At a time like this, I might download Malwarebytes MBAM free on-demand scanner, and have it scan the system. If you have trouble getting MBAM to download, or trouble getting MBAM to start, that's generally a sign your system is compromised. https://en.wikipedia.org/wiki/Malwarebytes_Anti-Malware http://www.malwarebytes.org https://www.malwarebytes.org/downloads/ MBAM has three versions: 1) Paid version with real time protection. 2) Offers a 30 day trial of (1) 3) Completely free on-demand scanner that does not offer real time protection. You want the "free" version for your check right now. Not necessarily the trial version. MBAM runs in a currently-running copy of Windows, for the express purpose of doing heuristic (behavioral) checking. So if it sees mHotkey.exe sniffing the keyboard, and writing what was sniffed into a file (keylogging), then it can blow the whistle. Paul I have used MB in the past. Probably about ~1 year ago. It's here dormant on the system, and I get an email from MB every so often. Presumably, wondering if/when I'll be buying. I only ran it 2-3 times. No problems found. I'll have to spend a little time digesting the rest of your reply. I'm considerably less fluent here than ya'll. I'll return within 48 hours with my expanded understanding, and/or additional information. Including MB result(s). Gary |
#6
|
|||
|
|||
"Suspicious Warning Message from MSE"
On Tuesday, October 6, 2015 at 2:06:13 PM UTC-5, anonymous wrote:
Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). Thank you ! This is my 10/07 MBam scan report: https://www.amazon.com/clouddrive/sh...hare_link_copy I guess I kinda' lost focus earlier. I was really just trying to verify if the MSE popup message/request was actually MSE. I don't have any problem with transmitting the requested file to MSE. I just don't want to transmit it somewhere incorrect because I'm being fooled. Can I email contact MSE to receive confirmation that this instruction is authentic? Thanks, Gary |
#7
|
|||
|
|||
"Suspicious Warning Message from MSE"
anonymous wrote:
On Tuesday, October 6, 2015 at 3:53:01 PM UTC-5, Paul wrote: anonymous wrote: Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). Thank you ! There is a subtle difference between 1) Checking the DLLs in System32 2) Checking your "Expense_Report.doc" before opening it in MS Word. Disabling real-time scanning, disables (2). The item in step (1) is necessary, for any prospective AV tool to assure itself the OS is not compromised. Only if the AV is sure the OS is safe, should the AV present a screen offering its services. So disabling real-time scanning, does not prevent a boot-time check from occurring for (1). And the boot time check might include checking services or startup items. ******* From a heuristic (behavioral) point of view, mHotkey.exe shares characteristics with a keylogger. In that, it runs privileged, and it "sniffs" the keyboard stream. And if mHotkey.exe was replaced with a keylogger, the report could be "for real". At a time like this, I might download Malwarebytes MBAM free on-demand scanner, and have it scan the system. If you have trouble getting MBAM to download, or trouble getting MBAM to start, that's generally a sign your system is compromised. https://en.wikipedia.org/wiki/Malwarebytes_Anti-Malware http://www.malwarebytes.org https://www.malwarebytes.org/downloads/ MBAM has three versions: 1) Paid version with real time protection. 2) Offers a 30 day trial of (1) 3) Completely free on-demand scanner that does not offer real time protection. You want the "free" version for your check right now. Not necessarily the trial version. MBAM runs in a currently-running copy of Windows, for the express purpose of doing heuristic (behavioral) checking. So if it sees mHotkey.exe sniffing the keyboard, and writing what was sniffed into a file (keylogging), then it can blow the whistle. Paul I have used MB in the past. Probably about ~1 year ago. It's here dormant on the system, and I get an email from MB every so often. Presumably, wondering if/when I'll be buying. I only ran it 2-3 times. No problems found. I'll have to spend a little time digesting the rest of your reply. I'm considerably less fluent here than ya'll. I'll return within 48 hours with my expanded understanding, and/or additional information. Including MB result(s). Gary If you think the file is malware, or the detection is a "false positive", you can report the issue here. https://www.microsoft.com/security/p...on/submit.aspx Another site that can help with the process, is virustotal.com. You can upload a copy of your mHotkey.exe to virustotal.com and have it scanned. And see if any other tool reports the file as malware. Since MBAM didn't detect it as malware, my guess is the file is OK. And virustotal.com can help confirm that. Once you know the file is safe, then you can go to the Microsoft link above and submit a sample there and tell them you think there is a false positive. Paul |
#8
|
|||
|
|||
"Suspicious Warning Message from MSE"
On Thursday, October 8, 2015 at 6:34:34 PM UTC-5, Paul wrote:
anonymous wrote: On Tuesday, October 6, 2015 at 3:53:01 PM UTC-5, Paul wrote: anonymous wrote: Environment: XP MCE version 2002 SP3 - "fully updated at the time of discontinued support" Problem: Recently, I've been intermittently receiving this warning: https://www.amazon.com/clouddrive/sh...hare_link_copy Obviously, the warning is purporting a source of MSE, and requesting I allow transmit of mHotkey.exe to MS for review. 1. My MSE is always dormant. It's only used for system scanning, at will. Never real time as a monitor. 2. Is MSE even viable for any use on this XP system? 3. Is the source of this warning even from MSE? IOW, is this presented from some unauthorized source/malware? My response at this point was just to terminate the window because I was focused on other stuff, and didn't want to dedicate the time for research. But, I now want to ask for aid to determine what is at play here. I've read about mHotkey.exe at various sites/NG's, and have a very basic idea of its purpose, based on the limited description. But I can find no- thing similar to this description. I chose this group for the perceived loyalty to the XP discontinuance, rather than the MSE group. But, I can move there if needed. I do not plan for a perpetual XP use, I've just had more important issues. Also, this was written .txt, without spell check. Please excuse any error(s). Thank you ! There is a subtle difference between 1) Checking the DLLs in System32 2) Checking your "Expense_Report.doc" before opening it in MS Word. Disabling real-time scanning, disables (2). The item in step (1) is necessary, for any prospective AV tool to assure itself the OS is not compromised. Only if the AV is sure the OS is safe, should the AV present a screen offering its services. So disabling real-time scanning, does not prevent a boot-time check from occurring for (1). And the boot time check might include checking services or startup items. ******* From a heuristic (behavioral) point of view, mHotkey.exe shares characteristics with a keylogger. In that, it runs privileged, and it "sniffs" the keyboard stream. And if mHotkey.exe was replaced with a keylogger, the report could be "for real". At a time like this, I might download Malwarebytes MBAM free on-demand scanner, and have it scan the system. If you have trouble getting MBAM to download, or trouble getting MBAM to start, that's generally a sign your system is compromised. https://en.wikipedia.org/wiki/Malwarebytes_Anti-Malware http://www.malwarebytes.org https://www.malwarebytes.org/downloads/ MBAM has three versions: 1) Paid version with real time protection. 2) Offers a 30 day trial of (1) 3) Completely free on-demand scanner that does not offer real time protection. You want the "free" version for your check right now. Not necessarily the trial version. MBAM runs in a currently-running copy of Windows, for the express purpose of doing heuristic (behavioral) checking. So if it sees mHotkey.exe sniffing the keyboard, and writing what was sniffed into a file (keylogging), then it can blow the whistle. Paul I have used MB in the past. Probably about ~1 year ago. It's here dormant on the system, and I get an email from MB every so often. Presumably, wondering if/when I'll be buying. I only ran it 2-3 times. No problems found. I'll have to spend a little time digesting the rest of your reply. I'm considerably less fluent here than ya'll. I'll return within 48 hours with my expanded understanding, and/or additional information. Including MB result(s). Gary If you think the file is malware, or the detection is a "false positive", you can report the issue here. https://www.microsoft.com/security/p...on/submit.aspx Another site that can help with the process, is virustotal.com. You can upload a copy of your mHotkey.exe to virustotal.com and have it scanned. And see if any other tool reports the file as malware. Since MBAM didn't detect it as malware, my guess is the file is OK. And virustotal.com can help confirm that. Once you know the file is safe, then you can go to the Microsoft link above and submit a sample there and tell them you think there is a false positive. Paul Thanks Paul, I'll look into that further. I might add that I've not seen the mHotkey warning since re-installing MBam, and running that scan of the posted results. Nothing reported in the MBam history for that tun though. I'm not suggesting the problem is corrected. It just seems dormant currently. Thank again everyone, for all of your assistance. Gary |
Thread Tools | |
Display Modes | |
|
|