Do I have a trojan?

I've been noticing on both XP partitions, there is a process that always occupies the top two spots in taskmanager processes and that is unsecapp.exe. I checked the web and this process is used for asynchronous call-backs in web clients. I also have MSE installed btw, so maybe this is using unsecapp.exe to asynchronously dl the definition updates?

Anyways. can anyone else confirm that they always have this process at or near the top of their taskmanager list even with higher priority than iexplore.exe?

 

I suspect this is a sabotagie attempt by you know who seeing how it's on both XP partitions. I happened to manually dl the very last MSE definition (supposed) for XP on July 14, 2015. This could be the root cause. They did this with the last MSE version prior to XP EOL last year (it caused your system to halt rendering it useless until you uninstalled the program). I suspect they doped the very last MSE definition as well.

Will have to reinstall my XPses again this weekend using MSE definitions I dled in June to see if unsecapp.exe never pops up again. I suspect there will no problem if you let the MSE program auto-update itself (yes, my MSE program still gets definition updates well past the cutoff date for XP which was back in July 14 and probably until 2020). The danger comes when you run the .exe definition update package that you manually dled as that could have included other goodies besides just the malware signatures...

 

no, various programs and windows WMI are using unsecapp.exe, The only time I saw it was when I had avast installed, just checked my task manager now and it is not running

I have one of these on my computer located at:

C:\WINDOWS\system32\wbem.

 

I don't have avast installed and this thing loads up at boot. I'm not suggesting that this unsecapp.exe is the actual virus. It may be the virus is calling this process, which is why it''s on on my system 100% of the time.

Anyways, whoever created this virus that has to rely on unsecapp.exe, thnx for making it obvious. Otherwise I wouldn't have suspected something is amiss!

 

UPDATE: Recently I inherited a spare monitor and thought I'd hook it up to my laptop. I had also purchased a very cheap Logitech USB keyboard + mouse combo to go with the setup.

I can't rule out the very last MSE definition that I manually updated, but I think this unsecapp.exe only appeared after I started using the Logitech USB devices. I'm reading that ppl are complaining after they updated their Logitech software, unsecapp.exe started appearing in their taskmanager as well. But the previous version of the Logitech software didn't have to rely on this process, which leads me to believe I'm being spied on.

Anyways, I shall go back to using the laptop's keyboard and touchpad. Having a large external monitor is nice for watching movies, but not much else...

 

do you also run Malwarebytes, along with mse??

If you use autoruns, you can right click and it will tell you what program is using unsecapp.exe



https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396

 

I already wiped my HDD clean and reinstalled the two instances of XP. Will use autorun next time some suspicious process pops up...

 

okay,

 

OMFG, unsecapp.exe is back! Unpluged the USB keyboard/mouse to do fresh reinstalls.

Applied all 280-ish updates to the first XP partition. No sight of unsecapp.exe right before I install MSE. I did the manual definition update first using June 08 .exe file then allowed MSE to auto-update again to Jul 31... (And no, I don't have any other anti-malware programs installed other than MSE).

And what do you know? Stupid unsecapp.exe like I had never reinstalled the OS!

In a way I'm relieved it's not the Logitech USB keyboard/mouse spyware drivers, so I can continue to "dock" the laptop to my ext monitor setup.

Tried to find out what's loading unsecapp.exe on boot with SysInternals Autoruns. Autoruns did not find any entries! Unbelievable!

How do I auto-kill this process on boot? Could there be something in services.msc that I can disable to make this process go away? (I know it has something to do with talking asynchronously to a remote admin computer, but I've already disabled remote help and server, or so I think)

There is also the 2nd XP partition which I've yet to install anything. I will use that one to find out/confirm when exactly did unsecapp.exe pop up, and I will not apply the manual MSE June 08 file this time around. I will let the program auto-update itself straight to Aug 01...

 

http://forums.guru3d.com/showthread.php?t=389527

read through above thread, says renaming it can get it to stop auto starting, couple of links to other threads, also.

does Process Monitor show what is using unsecapp.exe??

https://technet.microsoft.com/en-us/Library/bb896645.aspx?f=255&MSPPError=-2147217396

 

Well, I just figured out the cause of my grief... My Intel wireless software!

I uninstalled the one I got from Intel's www and reinstalled the OEM one. Poof! No more unsecapp.exe!

 

glad you figured that out, but you can tell from your experience that the unsecapp.exe is not a virus or a trojan in this case, just a file needed for your software.