Persistent, Lurking Chinese Malware...

...associated with my banking login window.

Hello, again. You may recognize me from my recent thread "Windows 7 updater won't run" (or something like that) on 22 September 2016.

Before that thread and, I just discovered, after going through that cleaning process, there remains suspcious activity on my PC.

It only happens when I visit my one and only banking login screen: the total 360 antivirus, which, as you know, evaluates web sites and especially shopping websites, pops up with a message that it is examining the environment, which is described in Chinese characters (picture is uploaded). Total 360 then gives me the 'go ahead' green banner on top of the screen (screenshot is uploaded). Total 360 then pops up a risk notification window (screenshot is uploaded). Since the September 22nd cleaning, only the 'CaptureLibService.exe' element is present.

Sometimes all of these activities occur, sometimes only the risk notification window, sometimes nothing suspicious at all.

Buckley

 

I infer from your implication that FVC is the origin of the troubling notices, therefore, I deleted it, whether it be innocent or malevolent. The start of occurrences correspond to the approximate time of downloading FVC but the appearance only upon opening one (banking) web site and only one web site leaves a residual suspicion .

At any rate, let's see if that ends it.

Thank you.

B

 

I realized both the source of the CaptureLibService.exe and the implications of your observation. I had been toying with the idea of getting rid of FVC but thought that the juxtaposition of the total 360 notices and the banking window was just too ominous to be so obvious. I see now I was just making assumptions; I will probably be more comfortable if total 360 is more comfortable. Thank you again.
B

 

Update.
Bottom line: Antivirus program Total 360, while not as intrusive as other av programs, may display prudent notifications that the naive user (i.e., me) may interpret as being infected.

Case in point: having uninstalled FreemakeVideoCapture a week ago, today I went to my banking site and the Total 360 pop-up commenting on the safe environment (which usually happens in 'shopping mode') of the website, including Chinese characters, persisted in occurring. My two old assumptions came back in force: 1. why was this nonshopping environment notification always happening with my banking site and only with my banking site (is some bogus 'shopping' vendor trying to transfer money from my account for a sham purchase?) and 2. what is up with the Chinese characters since my bank is American, not Chinese and a lot of hacking is reported to come from China and some of it reportedly directed at government and large corporations (i.e., banking)?

Resolution of my concerns: Googling this problem did not come up with a direct answer, but learning more about Total 360 did allow me to answer my own question. A visit to https://blog.360totalsecurity.com/en/buy-safe-with-online-shopping-protection/ was instrumental.

1. Total 360 whitelists high-risk web sites and increases the security level when these sites are entered. The sites are usually shopping sites. I am assuming my banking site is being included by T360. Therefore, it is not being 'targeted' by malware. From the URL above:
360 Total Security creates a safe shopping environment for you. Online Shopping Protection keeps your browser secured by preventing malware from redirecting you to a dangerous site; only programs on the white list are allowed to be running within your shopping time. Protection level is also risen, thus neither keyloggers can record your keyboard, nor phishing sites can deceive your banking information.

2. Total 360 is a Chinese company (!). From the URL: http://www.zdnet.com/article/360-total-security-anti-virus-first-impressions/ :
360 is a product of Qihoo 360 Technology Co. Ltd. (Qihoo 360) in Beijing, China.

Problem (of my own making) solved. This being sent to you just F.Y.I. in case other people log in with a similar complaint.

Buckley