locked
A recently installed program.... RRS feed

  • Question

  • Program Compatibility Assistant popped up window in the middle of the normal Windows session (not any installations were done recently) and the message was:

    How to find out which program or task tries to install that driver?
    I believe it is a malicious software.

    Just a note. Before that window popped up, there was an activity in Windows and twice there was a flashing black cmd.exe window. At that time my computer was almost idle, me reading just an article online. How to find out what was in that cmd window? Is any history available?

    Thanks,

    /jas


    • Edited by jastrzebiec Saturday, February 7, 2015 11:40 PM
    Saturday, February 7, 2015 11:17 PM

Answers

  • JAS

    If you had Malwarebytes running & active this would not have happened.  Your choice is to eradicate it using Malwarebytes or re-installing windows.


    Wanikiya and Dyami--Team Zigzag

    • Proposed as answer by Yolanda Zhu Tuesday, February 17, 2015 8:41 AM
    • Marked as answer by ZigZag3143x Tuesday, February 17, 2015 11:52 AM
    Tuesday, February 10, 2015 4:42 PM

All replies

  • Which program did you install recently ? I'll suggest you to check with the application vendor. 

    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, February 8, 2015 10:20 PM
  • Ugh????

    Maybe you can read my post again before pitching it in?!

    And if you are unable to answer that do not bother!

    /jas

    Sunday, February 8, 2015 10:38 PM
  • I dont see this as an issue with windows directly, so asked for the recently installed app. 

    Btw, what do you see in event viewer ? Logs for this event ?


    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, February 8, 2015 11:02 PM
  • Jas

    It is malware.  Run Malwarebytes

    Please download the free version of Malwarebytes.
    Update it immediately.
    Do a full system scan
    Let us know the results at the end.

    http://www.malwarebytes.org/products


    Wanikiya and Dyami--Team Zigzag

    Sunday, February 8, 2015 11:03 PM
  • Jump onto the event viewer. and filter based on events within say a few hours of this message first appearinghave a look at the below link, which has details of filtering for installation events

    https://technet.microsoft.com/en-us/library/cc735588(v=ws.10).aspx

    Let me know how you get on.

    Sunday, February 8, 2015 11:03 PM
  • From General tab:

    The Program Compatibility Assistant was invoked due to an unsigned driver install. This version of Windows requires all drivers to have a valid digital signature. Information about the driver is below.

    Driver: nethfdrv
    Service: nethfdrv
    Publisher: nethfdrv
    Location: C:\Windows\System32\drivers\nethfdrv.sys
    Version: 1.4.3.1

    This driver is unavailable and the program that uses this driver might not work correctly.

    From Details tab:

    System
    - Provider
    [ Name] Microsoft-Windows-Application-Experience
    [ Guid] {EEF54E71-0661-422D-9A98-82FD4940B820}
    EventID 102
    Version 0
    Level 4
    Task 0
    Opcode 0
    Keywords 0x2000000000000000
    - TimeCreated
    [ SystemTime] 2015-02-07T22:52:22.631283900Z
    EventRecordID 19
    - Correlation
    [ ActivityID] {027EC293-D7C5-4A60-9282-C7E53793ACA5}
    - Execution
    [ ProcessID] 704
    [ ThreadID] 6648
    Channel Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
    Computer Jacek-PC
    - Security
    [ UserID] S-1-5-21-1276512731-3058948033-1909733514-1000



    -

    UserData
    - HelpedUserWithUnsignedDriverEvent
    DriverName nethfdrv
    ServiceName nethfdrv
    PublisherName nethfdrv
    DriverPath C:\Windows\System32\drivers\nethfdrv.sys
    DriverVersion 1.4.3.1

    Sunday, February 8, 2015 11:29 PM
  • Jas

    It is a pup


    Wanikiya and Dyami--Team Zigzag

    Sunday, February 8, 2015 11:38 PM
  • Hi Jas,

    According to your description ,I agree with MVP ZigZag ,there is a possibility that this issue is caused by a malicious software .It is recommended to perform a full scan of the whole system with an antivirus software .We can perform this in safe mode to ensure the scanning is  more reliable.

    Apart from this ,we can use the Autorun tool to check the suspicious autorun service.
    Autoruns for Windows v13.0
    https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    Best regards


    Monday, February 9, 2015 3:12 AM
  • OK guys.

    First of all I do have Malwarebytes (Premium) installed on my computer and having that did not prevent my computer from having that file and whats worse from the attempt to install that driver..

    Secondly, I am trying to find out the source (application) which tried to install that driver in the middle of nowhere. It looks to me as a trojan, because suspicious software were not invoked at the time on my computer.

    /jas

    Note:

    There must be some way for Windows to know and log which app (or service) tries to install driver. How to find that?

    • Edited by jastrzebiec Tuesday, February 10, 2015 4:21 PM
    Tuesday, February 10, 2015 4:18 PM
  • JAS

    If you had Malwarebytes running & active this would not have happened.  Your choice is to eradicate it using Malwarebytes or re-installing windows.


    Wanikiya and Dyami--Team Zigzag

    • Proposed as answer by Yolanda Zhu Tuesday, February 17, 2015 8:41 AM
    • Marked as answer by ZigZag3143x Tuesday, February 17, 2015 11:52 AM
    Tuesday, February 10, 2015 4:42 PM