Remove From My Forums

A recently installed program....

Question
0

Sign in to vote
Program Compatibility Assistant popped up window in the middle of the normal Windows session (not any installations were done recently) and the message was:

How to find out which program or task tries to install that driver?
I believe it is a malicious software.

Just a note. Before that window popped up, there was an activity in Windows and twice there was a flashing black cmd.exe window. At that time my computer was almost idle, me reading just an article online. How to find out what was in that cmd window? Is any history available?

Thanks,

/jas
- Edited by jastrzebiec Saturday, February 7, 2015 11:40 PM
Saturday, February 7, 2015 11:17 PM

Answers

1

Sign in to vote
JAS

If you had Malwarebytes running & active this would not have happened. Your choice is to eradicate it using Malwarebytes or re-installing windows.
Wanikiya and Dyami--Team Zigzag
- Proposed as answer by Yolanda Zhu Tuesday, February 17, 2015 8:41 AM
- Marked as answer by ZigZag3143x Tuesday, February 17, 2015 11:52 AM
Tuesday, February 10, 2015 4:42 PM

All replies

0

Sign in to vote

Which program did you install recently ? I'll suggest you to check with the application vendor.
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Sunday, February 8, 2015 10:20 PM
0

Sign in to vote

Ugh????

Maybe you can read my post again before pitching it in?!

And if you are unable to answer that do not bother!

/jas

Sunday, February 8, 2015 10:38 PM
0

Sign in to vote

I dont see this as an issue with windows directly, so asked for the recently installed app.

Btw, what do you see in event viewer ? Logs for this event ?
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Sunday, February 8, 2015 11:02 PM
0

Sign in to vote

Jas

It is malware. Run Malwarebytes

Please download the free version of Malwarebytes.

Update it immediately.
Do a full system scan
Let us know the results at the end.

http://www.malwarebytes.org/products

Wanikiya and Dyami--Team Zigzag

Sunday, February 8, 2015 11:03 PM
0

Sign in to vote

Jump onto the event viewer. and filter based on events within say a few hours of this message first appearinghave a look at the below link, which has details of filtering for installation events

https://technet.microsoft.com/en-us/library/cc735588(v=ws.10).aspx

Let me know how you get on.

Sunday, February 8, 2015 11:03 PM

From General tab:

The Program Compatibility Assistant was invoked due to an unsigned driver install. This version of Windows requires all drivers to have a valid digital signature. Information about the driver is below.

Driver: nethfdrv
Service: nethfdrv
Publisher: nethfdrv
Location: C:\Windows\System32\drivers\nethfdrv.sys
Version: 1.4.3.1

This driver is unavailable and the program that uses this driver might not work correctly.

From Details tab:

System

-	Provider

[ Name]

Microsoft-Windows-Application-Experience

[ Guid]

{EEF54E71-0661-422D-9A98-82FD4940B820}

EventID

102

Version

Level

Task

Opcode

Keywords

0x2000000000000000

-	TimeCreated

[ SystemTime]

2015-02-07T22:52:22.631283900Z

EventRecordID

-	Correlation

[ ActivityID]

{027EC293-D7C5-4A60-9282-C7E53793ACA5}

-	Execution

[ ProcessID]

704

[ ThreadID]

6648

Channel

Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

Computer

Jacek-PC

-	Security

[ UserID]

S-1-5-21-1276512731-3058948033-1909733514-1000

UserData

-	HelpedUserWithUnsignedDriverEvent

DriverName

nethfdrv

ServiceName

nethfdrv

PublisherName

nethfdrv

DriverPath

C:\Windows\System32\drivers\nethfdrv.sys

DriverVersion

1.4.3.1

Sunday, February 8, 2015 11:29 PM

0

Sign in to vote

Jas

It is a pup

Wanikiya and Dyami--Team Zigzag

Sunday, February 8, 2015 11:38 PM
1

Sign in to vote
Hi Jas,

According to your description ,I agree with MVP ZigZag ,there is a possibility that this issue is caused by a malicious software .It is recommended to perform a full scan of the whole system with an antivirus software .We can perform this in safe mode to ensure the scanning is more reliable.

Apart from this ,we can use the Autorun tool to check the suspicious autorun service.
Autoruns for Windows v13.0
https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Best regards
- Edited by MeipoXuMicrosoft contingent staff Monday, February 9, 2015 3:13 AM
Monday, February 9, 2015 3:12 AM
0

Sign in to vote
OK guys.

First of all I do have Malwarebytes (Premium) installed on my computer and having that did not prevent my computer from having that file and whats worse from the attempt to install that driver..

Secondly, I am trying to find out the source (application) which tried to install that driver in the middle of nowhere. It looks to me as a trojan, because suspicious software were not invoked at the time on my computer.

/jas

Note:

There must be some way for Windows to know and log which app (or service) tries to install driver. How to find that?
- Edited by jastrzebiec Tuesday, February 10, 2015 4:21 PM
Tuesday, February 10, 2015 4:18 PM
1

Sign in to vote
JAS

If you had Malwarebytes running & active this would not have happened. Your choice is to eradicate it using Malwarebytes or re-installing windows.
Wanikiya and Dyami--Team Zigzag
- Proposed as answer by Yolanda Zhu Tuesday, February 17, 2015 8:41 AM
- Marked as answer by ZigZag3143x Tuesday, February 17, 2015 11:52 AM
Tuesday, February 10, 2015 4:42 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

A recently installed program....

Question

Answers

All replies