HxTsr.exe Ran After Blocked Port Scan
Bitdefender blocked a port scan from 94.137.74.151. AbuseIPDB rated it as 100% malicious Russian IP. Cisco Talus and VirusTotal also ranked it as likely malicious.
Right afterward, HxTsr.exe contacted what appears to be Microsoft IP 52.96.111.82/0.
I ran a full system scan on Windows Defender and Bitdefender Total Security, but they found nothing. When I tried to open the full file name (not sure if sharing it all is safe here), it said I did not have administrator permissions, even though this is a personal device with Windows 11 Pro, and I am the sole user.
While I've used Windows PCs for work for a long time, I've never owned my own device before. I'm not sure if there are additional steps I should take here to ensure my computer is not infected with anything. OS and all apps and virus tools are up to date.
Is it unexpected that I cannot open the HxTsr.exe file as an admin?
Help a noob out!
Best Answer
-
Welcome to the Bitdefender Forums. HxTsr.exe is normally a legitimate Windows file, but it can be trojanized.
It is a protected operating system file. Unless you modify the permissions (NOT RECOMMENDED), you cannot access or execute it.
I have a copy of that file on my computer that is 91 KB in size. It is used for communicating with Microsoft servers, so it contacting a Microsoft IP is expected behaviour.
If you have done a Full System Scan with Bitdefender and nothing was detected, I would not be worried unless you are seeing suspicious activity on your computer.
If you are suspicious, you could always go to the Bleeping Computer Malware Removal Forum and ask a Malware Removal Team member to examine your FRST scan logs. Instructions can be found here.
I hope this helps. Have a great day.
Regards,
Phil
1
Answers
-
Update: I blocked the IP on my PC. Still trying to figure out how to do it on my router
0