Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: [SOLVED] Suspicious behavior - Launcher.exe and C:\Windows\SysWOW64\cmd.exe

  1. #1
    Join Date
    Feb 2013
    Posts
    7

    Default [SOLVED] Suspicious behavior - Launcher.exe and C:\Windows\SysWOW64\cmd.exe

    Hi, I get a pop up with the following Suspicious Behavior message every time I boot: Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe, or use another program to gain access to privileged resources. Do any of you know what this is? I've been denying it each time to be on the safe side, but I'd like to get rid of it (and it pops up with every boot even though the "remember this setting" box is checked). Thanks for your help. M

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    Hi!

    whenever posting in a user forum you should try to give minumum information of your setup. Right click the ZA icon near the clock, about, copy to clipboard, paste it here. Also mention your OS version and SP/patch. Explain which other security tool you are using and any other information you deem useful.

    More information your put more likely other users here will be able to help.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Feb 2013
    Posts
    7

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    Thanks,Fax. Here's what I'm running:

    ZoneAlarm Free Firewall version: 10.2.081.000
    Vsmon version: 10.2.081.000
    Driver version: 10.0.217.000
    Web Identity Protections version: 1.5.396.0

    Windows 7 Enterprise SP1 (64-bit)

    Startup programs listed in msconfig:
    Logitech Download Assistant
    ZoneAlarm Browser Security
    Logitech SetPoint
    IDT PC Audio
    Quickset
    Microsoft Windows OS
    Akamai NetSession Client
    avast! Antivirus
    ZoneAlarm
    Microsoft Office 2010
    Adobe Reader and Acrobat Manager
    Cisco AnyConnect Secure Mobility Client
    ZoneAlarm Installer
    PowerReg
    Bluetooth Software

    Let me know if there is any other info that would be helpful.

    Thanks,
    M

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    I guess its only missing the exact message you receive that you should be able to copy from the logs. Thanks

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    Join Date
    Feb 2013
    Posts
    7

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    Images of the pop up window I am seeing and the entries in the log are attached.

    Thanks again,
    M

    ZApopup (290x272).jpgZAlog (400x245).jpg
    Last edited by mjb; February 15th, 2013 at 09:50 AM.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    Now you need to check where this launcher comes from. Which application? System? Other software? Not using that old version of ZA so I cannot help but others users may be still on ZA 10.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    Join Date
    Feb 2013
    Posts
    7

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    From what I can tell, Launcher.exe is from ZoneAlarm. It's located in C:\Progarm Files (x86)\CheckPoint\Install. But if so, I don't understand why ZA would be flagging it as suspicious behavior. ???

    Thanks,
    M

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    Probably a broken ZA, no idea sorry.
    I would load the file to virustotal.com to have it checked by 30 antivirus scanner. So you will be fairly sure its clean.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    Join Date
    Feb 2013
    Posts
    7

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    Thanks for the suggestion. The detection ratio from virustotal.com is 6/44. False positives, or should I be concerned you think? Here are the details:

    Agnitum---20130214
    AhnLab-V3---20130215
    AntiVir---20130215
    Antiy-AVL---20130215
    Avast---20130215
    AVG---20130215
    BitDefender---20130215
    ByteHero---20130215
    CAT-QuickHeal---20130215
    ClamAV---20130215
    Commtouch---20130215
    Comodo---20130215
    DrWeb---20130214
    Emsisoft---20130215
    eSafe---20130211
    ESET-NOD32---20130215
    F-Prot---20130215
    F-Secure---20130215
    Fortinet---20130215
    GData---20130215
    Ikarus---20130215
    Jiangmin---20130215
    K7AntiVirus---20130215
    Kaspersky---20130215
    Kingsoft-Win32.Troj.Fednu.c.(kcloud)-20130204
    Malwarebytes---20130215
    McAfee---20130215
    McAfee-GW-Edition-Heuristic.BehavesLike.Win32.ModifiedUPX.C-20130215
    Microsoft---20130215
    MicroWorld-eScan---20130215
    NANO-Antivirus---20130215
    Norman---20130215
    nProtect---20130215
    Panda---20130215
    PCTools---20130215
    Rising-Trojan.Win32.Fednu.cxh-20130205
    SUPERAntiSpyware---20130215
    TheHacker-Posible_Worm32-20130215
    TotalDefense---20130215
    TrendMicro-PAK_Generic.001-20130215
    TrendMicro-HouseCall-PAK_Generic.001-20130215
    VBA32---20130215
    VIPRE---20130215
    ViRobot---20130215
    Last edited by fax; February 15th, 2013 at 11:40 PM. Reason: formatting to save space

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Suspicious behavior - Launcher is trying to launch C:\Windows\SysWOW64\cmd.exe...

    yes, looks like false positives. I would uninstall ZA from WIN7 uninstall a program, reboot., turn on win7 firewall, download a more recent version of ZAfree (for example, this one here). Install and see if this happens again. If not, problem solved.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Constant "Suspicious Behavior" complaints using Eclipse
    By John Kraynack in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 3
    Last Post: March 22nd, 2012, 02:02 PM
  2. iexplore.exe SUSPICIOUS BEHAVIOR attempts to set a Windows hook
    By snagglegrain in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 8
    Last Post: February 24th, 2009, 08:46 AM
  3. Replies: 1
    Last Post: December 20th, 2008, 10:07 AM
  4. "ZoneAlarm Security Alert: Suspicious Behavior" when Windows Update
    By cska in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 2
    Last Post: January 6th, 2007, 10:27 AM
  5. WINDOWS LIVE MESSENGER, WINDOWS MEDIA PLAYER 11, IE7 and CTFMON (SUSPICIOUS BEHAVIOR)
    By cinolandia in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 3
    Last Post: December 8th, 2006, 03:08 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •