Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

A strange plug-in

Created: 29 Jan 2013 • Updated: 05 Jun 2014 | 2 comments

Hey, I’m a AV fan. I found a plug-in’s activity looks weird but not reported by you. So kind of wondering if you could help to find out what’s that. The name is npbaidusafeinput.dll (kind of unreadable) and I attached it in this mail. Looks like it will upload all my process and screen shot to some unknown server. None of AV reported this but I do think this plug-in is uploading my privacy to somewhere and kind of scared.

Hope you will help to find out what’s really going on there and share the results. Cheers.  

I attached the plug-in and upzip password is 'infected'

Comments 2 CommentsJump to latest comment

Brɨan's picture

Submit to security response for analysis and if it is malicious they will write new signatures

https://submit.symantec.com/websubmit/gold.cgi

You can also submit to virus total for a quick check of what it may be

https://www.virustotal.com/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Alex2013's picture

hmm, looks like from virustotal's feedback, it's clear. but still the activity of this dll is wired