Author Topic: autosandbox warns that PID4 is opening program  (Read 4891 times)

0 Members and 1 Guest are viewing this topic.

NADelaney

  • Guest
autosandbox warns that PID4 is opening program
« on: September 01, 2011, 01:59:08 AM »
Twice, while my computer is idle, the autosandbox pops up with the warning that a game program on my computer is being opened by "PID 4" Why does this happen when I'm not opening anything? ANy ideas?

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: autosandbox warns that PID4 is opening program
« Reply #1 on: September 01, 2011, 09:23:36 AM »
This popup doesn't make sense for PID 4. What's the name of your game program and OS version? Thanks.

NADelaney

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #2 on: September 03, 2011, 08:33:45 PM »
Running WinXP Pro, programs is MysteryCaseFiles13thSkullCE.exe which isn't the game, but the setup file... Weird.

Sorry it took so long to answer - I'm a school bus company manager, and we had a hectic week...

Thanks for your reply.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86128
  • No support PMs thanks
Re: autosandbox warns that PID4 is opening program
« Reply #3 on: September 03, 2011, 08:42:03 PM »
If you check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log\autosandbox.log file using notepad that will show exactly what file and location it was that the autosandbox was asking to run there.

This may be a hidden folder, so you might need to change the Explorer, Tools, Folder Options to view them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

NADelaney

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #4 on: September 03, 2011, 09:03:45 PM »
Thank you much for the reply - VERY helpful to know the location of the log file.

Still, it says what I remembered:
9/3/2011 9:34:46 AM   Autosandbox candidate: X:\GAMES\MysteryCaseFiles13thSkullCE.exe
   [Source: ]
   [Opened by: PID 4]
    --> Result: Denying execution (based on user's decision).

It is the game setup file, and I did not initiate the opening of it. My computer was idle, and it just popped up. It has happened three times. Once each day, but not consecutive days. I can't tell if it's a virus or what....

I looked up PID4 and understand it's a port, so it's an even greater mystery to me why a port would be calling for an application to open.

ANy help would be much appreciated.

cooby

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #5 on: September 03, 2011, 10:45:21 PM »
PID 4 is most likely a SYSTEM process. SYSTEM runs services. It's not a port.
Might be some already installed service SYSTEM is trying to open though I would think the service would then be identified.

Disclaimer - I don't think I have sandbox in Avast here, not sure really.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86128
  • No support PMs thanks
Re: autosandbox warns that PID4 is opening program
« Reply #6 on: September 03, 2011, 10:58:04 PM »
It is certainly strange for it to be activated without your activating it.

PID4 isn't a port PID is Process IDentifier and the number is what is displayed in the Task Manager. Low numbers like this are usually System, see image of mine, though PIDs could differ, the low numbers are almost always system related.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

NADelaney

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #7 on: September 04, 2011, 06:08:15 AM »
Hmmmm.... a system instead of a port... Now I don't know what I read. But either way, I'm mystified that anything would be trying to open a program out of the blue. I've run avast full scan and malware bytes and they didn't show anything amiss. I just hoped someone on the forum had experienced a similar situation and could tell me how to resolve it (without deleting the game)

Thanks all for your replies.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86128
  • No support PMs thanks
Re: autosandbox warns that PID4 is opening program
« Reply #8 on: September 04, 2011, 02:23:05 PM »
You're welcome.

Perhaps the clue to this mystery is in the file name MysteryCaseFiles13thSkullCE.exe ;D

First, do you actually have this Game or do you know anything about this game ?
If not I would be tempted to remove it.

Is the file actually in that location, when was this file created (file properties), is the drive letter correct 'X:\' and what is this drive ?

It might be worth a look in the registry and see if there are any entries for this file name and also look in the task scheduler and see if there is an entry for it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

NADelaney

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #9 on: September 04, 2011, 11:41:24 PM »
:-) Thank you for staying in touch with me about this.
And yes... it's probably just a "haunted" file... Seriously, it is the installation exe file for that game. I havn't installed it yet, but keep the file on my "X" drive because I was intending to install it after I finish the game I'm playing now. (Hate to have too many games loaded). I designated the drive as "X" because it's easier to remember (I have three other sata drives in the system - not to mention those flash drives that use a letter also... )

I will check the registry, and, if all else fails, I'll just delete the file. Too much trouble - and I have the cd anyway.

Thanks again.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86128
  • No support PMs thanks
Re: autosandbox warns that PID4 is opening program
« Reply #10 on: September 05, 2011, 12:28:03 AM »
No problem, glad I could help.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jodivon

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #11 on: September 24, 2011, 12:56:31 AM »
Just today I had two instances of this happening to me - Avast warning me that PID 4 is attempting to open files. I have deleted both of the files it referenced to be safe. One was a Photoshop third party executable print image match file, the other a bookkeeping tool, an executable from AccuWage - a Social Security gov't sponsored electronic wage reporting format verification program that's downloaded from the Social Security Online website.

I had just installed and run a complete Malwarbytes session prior (actually still running when the first warning popped up) when these events first happened. Could they be related?

9/23/2011 2:27:01 PM   Autosandbox candidate: C:\Documents and Settings\All Users\Documents\Programs & Program Files\accu09.exe
   [Source: ]
   [Opened by: PID 4]
    --> Result: Denying execution (based on user's decision).

9/23/2011 2:29:00 PM   Autosandbox candidate: C:\Documents and Settings\All Users\Documents\Programs & Program Files\PS7\Third Party Products\Seiko Epson\PRINT Image Matching.exe
   [Source: local://*C:\WINDOWS\Explorer.EXE      ]
   [Opened by: PID 4]
    --> Result: Denying execution (based on user's decision).

9/23/2011 3:06:12 PM   Autosandbox candidate: C:\Documents and Settings\All Users\Documents\Programs & Program Files\PS7\Third Party Products\Seiko Epson\PRINT Image Matching.exe
   [Source: local://*C:\WINDOWS\Explorer.EXE      ]
   [Opened by: C:\WINDOWS\Explorer.EXE]
    --> Result: Denying execution (based on user's decision).


jodivon

  • Guest
Re: autosandbox warns that PID4 is opening program
« Reply #12 on: September 24, 2011, 12:59:06 AM »
Forgot to add - I'm on Windows XP Pro, Service Pack 3 (work computer)