HxTsr.exe Ran After Blocked Port Scan

Bitdefender blocked a port scan from 94.137.74.151. AbuseIPDB rated it as 100% malicious Russian IP. Cisco Talus and VirusTotal also ranked it as likely malicious.

Right afterward, HxTsr.exe contacted what appears to be Microsoft IP 52.96.111.82/0.

I ran a full system scan on Windows Defender and Bitdefender Total Security, but they found nothing. When I tried to open the full file name (not sure if sharing it all is safe here), it said I did not have administrator permissions, even though this is a personal device with Windows 11 Pro, and I am the sole user.

While I've used Windows PCs for work for a long time, I've never owned my own device before. I'm not sure if there are additional steps I should take here to ensure my computer is not infected with anything. OS and all apps and virus tools are up to date.

Is it unexpected that I cannot open the HxTsr.exe file as an admin?

Help a noob out!

Best Answer

  • @3VILALLIUM ,

    Welcome to the Bitdefender Forums. HxTsr.exe is normally a legitimate Windows file, but it can be trojanized.

    It is a protected operating system file. Unless you modify the permissions (NOT RECOMMENDED), you cannot access or execute it.

    I have a copy of that file on my computer that is 91 KB in size. It is used for communicating with Microsoft servers, so it contacting a Microsoft IP is expected behaviour.

    If you have done a Full System Scan with Bitdefender and nothing was detected, I would not be worried unless you are seeing suspicious activity on your computer.

    If you are suspicious, you could always go to the Bleeping Computer Malware Removal Forum and ask a Malware Removal Team member to examine your FRST scan logs. Instructions can be found here.

    I hope this helps. Have a great day.

    Regards,

    Phil

Answers

  • Update: I blocked the IP on my PC. Still trying to figure out how to do it on my router