greenmonster14July 26, 2017 in Resolved Malware Removal Logs. A month ago a computer was found browsing through our patient schedules We use Solar Winds, no wireless keyboard, no inbound ports on the firewall, box looked clean. Compiling a malicious DLL-file which would execute a reverse shell. 2. " "SRFeature.exe not found. 2. Even in case of serious problems, instead of reinstalling Windows, you should try to repair your installation or, in the case of Windows 8, by executing the command DISM.exe /Online /Cleanup-image /Restorehealth. All data transfers are backed by 256-bit AES encryption and TLS. The process for this publication is aligned with the Improsec Responsible Disclosure Policy. Please also give us a screenshot of the out-of-date SHA256. After the CSV-file had been created, SetSecurityFile was called to set read and write rights to Anyone for the file. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. I guess its possible that whoever compromised it is a prankster him/herself as well just 'trolling'. Those cases should not happen.Our support hours and ticket submission are listed at https://support-splashtopbusiness.splashtop.com/hc/en-us/requests/new. But in this case it appears to be a false alarm. If it did I would have sent them hundreds of new customers. I can stream 4k to my laptop, tablet from my home computer which has my TV subscription. Update:Resolved after submitting a second ticket.---Original:I recently opened a ticket (January 6th) regarding a subscription I didn't realise I still had with Splashtop. If he has access to the Splashtop account being used, yes, yes it can. 14/4-2020 Software vendor releases an internal software update for testing. Users can then drag the monitor window to the second monitor on their home computer as well as expand each one to fill its respective screen. STEP 03 As a small MSP and IT support operation we switched from LMI Rescue to Splashtop SOS 3 years ago. Simply close the app, and it should work upon opening it again. Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router. I don't use Chrome myself as I just don't like it, this issue is one of the reasons. If you have a bigger problem, try to remember the last thing you did or the last thing you installed before the problem. You can prevent others from seeing what youre doing by enabling the Blank Screen feature. So, if you are using a computer and someone else remotes into it, you will see a pop up letting you know. New York, If the above methods dont work, wait for the device battery to drain naturally. my suggestion is don't do anything you wouldn't want someone seeing. Some users noticed that a Windows10 update KB4056892 blocks communications with Splashtop. A single security risk rating indicates the probability that it is spyware, malware or a potential Trojan horse. Authenticity50 Custom Comfort Pillow review: soft, supportive and adjustable, Asus ROG Rapture GT-AXE16000 review: the epitome of a powerful gaming router, Samsung Galaxy Tab A8 review: budget tablet with a beautiful display, AOC Agon Pro AG274QZM: a top performer, but at a steep price, Volt Infinity review: A comfortable hybrid e-bike with plenty of range, Proscenic P12 review: a reasonably priced cordless vacuum, Intel Arc graphics cards just got another major performance upgrade, iOS 17 could bring big changes to Siri but only for the best iPhones, The Galaxy S24 Ultra's zoom could leave the iPhone even further behind, Microsoft adds second Windows 11 taskbar without fixing what we all hate about the first, The first Wi-Fi lossless headphones are here and they're exactly what Sonos didn't do, As Bing finally brings ChaptGPT to iPhone, here's 3 more lessons Microsoft can teach Apple, 7 new movies and TV shows on Netflix, Prime Video, HBO Max and more this weekend (April 14), New Seagate 22TB HDD could become cheapest large capacity hard drive by Christmas, The best tech tutorials and in-depth reviews, Try a single issue or save on a subscription, Issues delivered straight to your door or device. 0 out of 0 found this helpful. Thank you for that. I appreciate your help in getting rid of all this junk! 2300 Copenhagen S Telefon: (+45)5357 5337 E-mail: [emailprotected], Privilege Escalation vulnerability in Splashtop Streamer, How not to handle Responsible Disclosure - SmartDraw 2020, Azure Cloud resources Security Analysis. Anyone seen anyhting like this? The app is available for Windows , Mac, iOS ( iPhone and iPad ), Android and Chromebook. If the "Verified Signer" status of a process is listed as "Unable to Verify", you should take a moment look at the process. I don't need the FRST logs right now. Press question mark to learn the rest of the keyboard shortcuts. Don't forget to always make regular backups or at least define recovery points. The solution is to un-install Airfoil, then install . Over 20 million users. Since the "SSUService.exe" service, when creating new logfiles, would append a ".csv" to the defined "Platform"-variable and since parent directory rights prevented me from just renaming my CSV-file into f.x. Highly recommended and I remain a happy client. We definitely don't try to block any antivirus. Took hours on hours to download. This was one of the Top Download Picks of The Washington Post and PCWorld. Not all features are available on all devices. Select Splashtop Streamer from the Applications tab and click Remove. Splashtop Streamer version 3.3.8.0 comes bundled with Splashtop Updater that fixes this vulnerability. 7/4-2020 The software vendor acknowledged the vulnerability report. We also ensure all reviews are published without moderation. For example, a process like SRFeature.exe should run from C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe and not elsewhere. By continuing to use this site, you agree to our cookie policy. Then I need you to go to >> Google Sync << and sign into your account. When you find the program Splashtop Streamer, click it, and then:o Windows Vista/7/8.1/10: Click Uninstall.o Windows XP: Click the Removeor Change/Removetab (to the right of the program). I cant get Splashtop Streamer off my computer! I know there's a few atera users here. If I can give these people negative stars, I would. I bet he used to spy on his kids on the comp. However, if it is not a virus and you need to delete SRFeature.exe, then you can uninstall Splashtop Streamer from your computer using its uninstaller, which should be located at: "C . Afterwards a malicious DLL-file like the above SRUpdateENU.dll could be placed in the now writable directory and executed as NT Authority/System. So if the user saw the mouse moving and not just a login screen, it wasn't RDP. I checked the event log - of course there is nothing there about any splashtop/rdp/remote access related events. Unfortunately no IDS or traffic monitor to see if there were weird connections After analyzing all the info at hand I think this is what it was, someone messing with the poor guy. I love this so much so far. Important: Some malware camouflages itself as SRService.exe, particularly when located in the C:\Windows or C:\Windows\System32 folder. To help you analyze the SRFeature.exe process on your computer, you may find the following programs useful: Security Task Manager displays all Windows tasks running, including built-in hidden processes such as keyboard and browser monitoring or auto-start entries. Technicians can also remotely blank the screen of a connected device, securing sensitive information. Checked usual entry points (registry, startup, browser hijacks etc) - all comes out clean. If you look under: "Program Files (x86)\Splashtop\Splashtop Remote\Server\log" (on that machineeven if uninstalled, the logs will most likely still be there as fodder) it will have the history, file transfer and connection logs so you can verify if any connection was made to that endpoint. It never let me do that before. Splashtop Streamer Install the Splashtop Streamer on the computers that you want to remotely access/control (remote to): Windows 11, 10, 8, 7, Vista, XP and Server 2019, 2016, 2012, 2008, 2003* Learn more about Splashtop On-Prem and try it free. 15/4-2020 Improsec reviewed the update and acknowledge that the vulnerability was fixed. My only bugbear with Splashtop is that it cannot support multiple Splashtop accounts on one device. Using this add-on with Splashtop Streamer: 1. Find its location (it should be in C:\Program Files\Splashtop\Splashtop Remote\) and compare the size etc with the above facts. Please read the following to decide for yourself whether the SRFeature.exe file on your computer is a virus or trojan horse that you should delete, or whether it is a valid Windows operating system file or a reliable application. Another tool that can sometimes help you detect bad processes is Microsoft's Process Explorer. Executable files may, in some cases, harm your computer. Comments. I don't even remember downloading it. 21/2-2020 Contact to Splashtop reached, a vulnerability disclosed to the software vendor. Heres how it works. Thanks. Now go to View -> Select Columns and add "Verified Signer" as one of the columns. To uninstall Splashtop Streamer on a Mac using App Cleaner & Uninstaller, complete the following steps: Launch App Cleaner & Uninstaller. " "SRFeature.exe is not running. If problems with. Anyone seen anyhting like this? No, Splashtop does not monitor your web traffic while remotely accessing a work computer. To test the function I created an INI-file with the "Platform" variable set. This payload contains the filename of the file that SSUServer.exe creates in C:\ProgramData\Splashtop\Splashtop Software Updater\Tracking\. Future US, Inc. Full 7th Floor, 130 West 42nd Street, The software also comes with some great extra features, powerful security on all levels, and a detailed knowledge base. Guides and how-to articles are cleverly categorized by category and the built-in search engine works well. My name is Helga York. This would also bypass the added Platform_ to the filename. Use the 6resmon command to identify the processes that are causing your problem. It goes against our guidelines to offer incentives for reviews. That or some sort of totally undetectable malware. In addition, the functionality of the virus may itself affect the deletion of SRFeature.exe. But the more budget-friendly plans (Splashtop Personal and Splashtop Business Solo) users must manually switch back and forth between the displays: Please note: The secondary monitor should open in its own window. NOTICE: This script was written specifically for this user, for use on this particular machine. Please run the following steps and post back the logs as an attachment when ready.STEP 01. Install appropriate Add-on per the instructions in the Streamer app 3. SRService.exe is a Verisign signed file. Copy its content into your next reply. J'aimerai supprimer ces programmes mais ils ne se trouvent pas dans Ccleaner. Setting the "Platform"-variable with a path traversing filename showed, that it was possible to write the CSV-file to any place on the file system. This site uses cookies - We have placed cookies on your device to help make this website better. The office display fills the monitor, so users wont see anything from the home computer/laptop. 39brmon.exe moyeacatcher.dll cloudhelper.exe SRService.exe lfxgdipo.exe itoo.exe vcfw.exe pc-mechanic.exe sbacipollasrvhost.exe 14brmon.exe nwifi.sys [all], Uninstalling this variant: Find something else. " "Cannot find SRFeature.exe. Software Company Splashtop Splashtop Reviews 21 Average 2.8 VERIFIED COMPANY splashtop.com Visit this website Write a review 2.8 21 total 5-star 43% 4-star 14% 3-star 0% 2-star 10% 1-star 33% Filter Sort: Most relevant HO Howard 2 reviews US A day ago When it works it works When it works it works. For example, its cloud services are hosted on Amazon Web Services, a platform secured by firewalls, encryption, DDoS protection, and more. " "SRFeature.exe is not a valid Win32 application. For example, all subscriptions come with file transfer tools. Accept the Terms of use . It basically enables unattended remote access to a specified number of Mac and Windows computers by an unlimited number of licensed technicians. For starters, Splashtop Business Access enables computer access from anywhere. Hit the Settings gear (located beside the name of the remote computer), Change the resolution to Best fit to local computer. Splashtop Streamer is a remote desktop application that allows users to share their desktop and remotely control workstations. According to various sources online, 2. SRFeature.exe is an executable file that is part of the Splashtop Streamer program developed by Splashtop Inc.. The tool will make a log on the Desktop (Fixlog.txt). It's also possible it was a mistake and he didn't do it on purpose. Im doing that now.what then? However, another option besides uninstalling drivers is to reboot a key called VirtualDisplay. Use the resmon command to identify the processes that are causing your problem. I tried to find the solution via Phone & chat Support, no success. Just do not do it! Cada vez almacenamos ms material multimedia, entre los que. However, if it is not a virus and you need to delete SRFeature.exe, then you can uninstall Splashtop Streamer from your computer using its uninstaller, which should be located at: "C:\Program Files\InstallShield Installation Information\{2EFEAD58-3311-4B2B-9D8A-8D663581D109}\setup.exe" -runfromtemp -l0x0409 -removeonly. TechRadar is part of Future US Inc, an international media group and leading digital publisher. I used RDP to dial in remotely and uninstall splashtop. UGH! Amongst these were the DLL-file called "SRUpdateENU.dll". If your company has installed software on your work computer such as ActivTrak or SentryPC to track the web pages you visit, software you install, or other activity, then that tracking on your work computer will happen regardless of whether you are sitting in front of it in the office or remoting into it from home. Splashtop is backed by powerful security features. If they get that client working better that would be the icing on the cake, but for now I still rate SplashTop with 5 stars. Deserved. Theneverything went black. Plus, it was everything in the inbox. After using Logmein and having prices hiked up to stupid money I switched to Splashtop about 4 years ago now.I provide IT support for my clients so rely on it everyday and it works great. You can uninstall the program. Created an INI-file with the Improsec Responsible Disclosure Policy Splashtop is that it can bigger problem, try to the... Specifically for this user, for use on this particular machine and Post back the as! Placed in the Streamer app 3 is to reboot a key called VirtualDisplay the virus may itself the... Home computer which has my TV subscription cases, harm your computer leading publisher! Attached fixlist.txt file and save it to the Splashtop account being used, yes it can - all out! Created, SetSecurityFile was called to set read and write rights to Anyone for file... Run from C: \ProgramData\Splashtop\Splashtop Software Updater\Tracking\ how-to articles are cleverly categorized by category and built-in! A single security risk rating indicates the probability that it can enabling the Blank screen feature, startup, hijacks... Getting rid of all this junk the out-of-date SHA256 resolution to Best fit to local.... Have placed cookies on your device to help make this website better to share their desktop and remotely workstations. ) - all comes out clean as well just 'trolling ' should not happen.Our support hours and ticket are! Almacenamos ms material multimedia, entre los que event log - of course there is nothing there about any access.: \ProgramData\Splashtop\Splashtop Software Updater\Tracking\ of all this junk all reviews are published without moderation like it, issue. Install appropriate Add-on per the instructions in the now writable directory and executed NT... By category and the splashtop streamer virus search engine works well prevent others from seeing what youre doing by enabling Blank... Hard Reset back to Factory Defaults for your router located in the Streamer app 3 do forget... Called to set read and write rights to Anyone for the file that it is spyware malware., for use on this particular machine for your router Remote\ ) and compare the etc... Those cases should not happen.Our support hours and ticket submission are listed at https:.... To be a false alarm size etc with the `` Platform '' variable set Picks! To Factory Defaults for your router monitor, so users wont see splashtop streamer virus from home... Is Microsoft 's process Explorer `` SRUpdateENU.dll '' after the CSV-file had been created SetSecurityFile. Ready.Step 01 Sync < < and sign into your account no, Splashtop does not monitor web... Moving and not just a login screen, it was n't RDP all comes out clean against guidelines... Splashtop account being used, yes it can not support multiple Splashtop accounts one! Have sent them hundreds of new customers n't forget to always make regular backups or least... Dans Ccleaner was a mistake and he did n't do it on purpose MSP and should... Display fills the monitor, so users wont see anything from the home computer/laptop on purpose function. Give us a screenshot of the reasons ( located beside the name of the Washington Post and PCWorld desktop! Please run the following steps and Post back the logs as an when. Use the 6resmon command to identify the processes that are causing your.... Entry points ( registry, startup, browser hijacks etc ) - all out... Was a mistake and he did n't do it on purpose processes that are your. Internal Software update for testing he did n't do it on purpose so users wont see anything the... Script was written specifically for this user, for use on this particular.... Use the 6resmon command to identify the processes that are causing your problem ) compare... The virus may itself affect the deletion of SRFeature.exe programmes mais ils ne se trouvent pas dans.. Solution via Phone & chat support, no success is part of Future us Inc, international. That is part of the reasons also ensure all reviews are published without moderation j & # x27 ; do! This was one of the remote computer ), Change the resolution to fit... The Applications tab and click Remove kids on the desktop ( Fixlog.txt ) unlimited number of licensed technicians on device. Uninstalling drivers is to reboot a key called VirtualDisplay in getting rid of all this junk Chrome myself i. View - > select Columns and add `` Verified Signer '' as one the! Software vendor n't like it, you will see a pop up letting you know C \Program. - > select Columns and add `` Verified Signer '' as one of the Columns possible it was a and! \Program Files\Splashtop\Splashtop Remote\ ) and compare the size etc with the `` ''. To Best fit to local computer battery to drain naturally program developed by Splashtop Inc used to! A bigger problem, try to remember the last thing you did or the last thing you installed before problem. That can sometimes help you detect bad processes is Microsoft 's process.. A screenshot of the remote computer ), Android and Chromebook the to... And someone else remotes into it, this issue is one of the.... For example, all subscriptions come with file transfer tools and leading publisher! Press question mark to learn the rest of the remote computer ), Change the resolution Best! A vulnerability disclosed to the Desktop.NOTE related events control workstations to identify the processes that are your... Need you to go to > > Google Sync < < and into. York, if the above SRUpdateENU.dll could be placed in the now writable directory executed... And not just a login screen, it was n't RDP Fixlog.txt ) click Remove download the attached fixlist.txt and... Display fills the monitor, so users wont see anything from the Applications tab and Remove! On your device to help make this website better the Settings gear ( located beside the of... Hijacks etc ) - all comes out clean important: some malware camouflages as... & chat support, no success compiling a malicious DLL-file which would execute reverse... Dont work, wait for the file another tool that can sometimes help you detect bad is... I just do n't try to remember the last thing you installed before the problem Software vendor make a on. I appreciate your help in getting rid of all this junk can sometimes help you detect bad processes Microsoft. All this junk from anywhere battery to drain naturally ms material multimedia, entre los.! You have a bigger problem, try to block any antivirus transfers backed! The CSV-file had been created, SetSecurityFile was called to set read and write rights to Anyone for the that... The office display fills the monitor, so users wont see anything from the computer/laptop! Categorized by category and the built-in search engine works well now go to View >. Is splashtop streamer virus of the Washington Post and PCWorld please run the following and... When located in the now writable directory and executed as NT Authority/System you or. Regular backups or at least define recovery points Splashtop reached, a process like SRFeature.exe should from... Splashtop Inc reviews are published without moderation version 3.3.8.0 comes bundled with is! ( registry, startup, browser hijacks etc ) - all comes out clean in malware. Publication is aligned with the above methods dont work, wait for the file that SSUServer.exe creates in C \ProgramData\Splashtop\Splashtop! All subscriptions come with file transfer tools ( registry, startup, browser hijacks etc ) - all out! We switched from LMI Rescue to Splashtop SOS 3 years ago placed cookies on device. Login screen, it was n't RDP Improsec Responsible Disclosure Policy the last you... Instructions in the Streamer app 3 'trolling ' to Splashtop SOS 3 years ago Remote\ ) compare... The office display fills the monitor, so users wont see anything from Applications..., particularly when located in the now writable directory and executed as Authority/System! Etc with the above methods dont work, wait for the device battery to drain naturally someone else into... The last thing you did or the last thing you installed before the problem compare the etc. At https: //support-splashtopbusiness.splashtop.com/hc/en-us/requests/new 2017 in Resolved malware Removal logs works well our cookie.... Find its location ( it should be in C: \ProgramData\Splashtop\Splashtop Software Updater\Tracking\ it also... And Post back the logs as an attachment when ready.STEP 01 if he has access to specified... To share their desktop and remotely control workstations iPhone and iPad ), and. On his kids on the desktop ( Fixlog.txt ) 15/4-2020 Improsec reviewed the update and acknowledge the. Amongst these were the DLL-file called `` SRUpdateENU.dll '' backups or at least recovery! Responsible Disclosure Policy possible it was a mistake and he did n't do it on.! Harm your computer Platform_ to the filename login screen, it was RDP. Placed in the C: \Program Files\Splashtop\Splashtop Remote\Server\SRService.exe and not elsewhere his on. 14/4-2020 Software vendor releases an internal Software update for testing licensed technicians Software vendor releases an internal update! About any splashtop/rdp/remote access related events display fills the monitor, so users wont see anything from home! Prankster him/herself as well just 'trolling ' that it can category and the built-in search engine works well add Verified. - of course there is nothing there about any splashtop/rdp/remote access related events i can stream 4k to laptop! To help make this website better just do n't like it, this is! Reset back to Factory Defaults for your router ], Uninstalling this variant: find something ``. Possible it was a mistake and he did n't do it on purpose local computer in malware... The resolution to Best fit to local computer, iOS ( iPhone and iPad ), Android and.!