HxTsr.exe Ran After Blocked Port Scan

3VILALLIUM

Bitdefender blocked a port scan from 94.137.74.151. AbuseIPDB rated it as 100% malicious Russian IP. Cisco Talus and VirusTotal also ranked it as likely malicious.

Right afterward, HxTsr.exe contacted what appears to be Microsoft IP 52.96.111.82/0.

I ran a full system scan on Windows Defender and Bitdefender Total Security, but they found nothing. When I tried to open the full file name (not sure if sharing it all is safe here), it said I did not have administrator permissions, even though this is a personal device with Windows 11 Pro, and I am the sole user.

While I've used Windows PCs for work for a long time, I've never owned my own device before. I'm not sure if there are additional steps I should take here to ensure my computer is not infected with anything. OS and all apps and virus tools are up to date.

Is it unexpected that I cannot open the HxTsr.exe file as an admin?

Help a noob out!

[Deleted User]

@3VILALLIUM ,

Welcome to the Bitdefender Forums. HxTsr.exe is normally a legitimate Windows file, but it can be trojanized.

It is a protected operating system file. Unless you modify the permissions (NOT RECOMMENDED), you cannot access or execute it.

I have a copy of that file on my computer that is 91 KB in size. It is used for communicating with Microsoft servers, so it contacting a Microsoft IP is expected behaviour.

If you have done a Full System Scan with Bitdefender and nothing was detected, I would not be worried unless you are seeing suspicious activity on your computer.

If you are suspicious, you could always go to the Bleeping Computer Malware Removal Forum and ask a Malware Removal Team member to examine your FRST scan logs. Instructions can be found here.

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

I hope this helps. Have a great day.

Regards,

Phil

3VILALLIUM

Update: I blocked the IP on my PC. Still trying to figure out how to do it on my router