A strange plug-in

Posted on Jan 29 2013, 12:24 PM

Hey, I’m a AV fan. I found a plug-in’s activity looks weird but not reported by you. So kind of wondering if you could help to find out what’s that. The name is npbaidusafeinput.dll (kind of unreadable) and I attached it in this mail. Looks like it will upload all my process and screen shot to some unknown server. None of AV reported this but I do think this plug-in is uploading my privacy to somewhere and kind of scared.

Hope you will help to find out what’s really going on there and share the results. Cheers.  

I attached the plug-in and upzip password is 'infected'

  • Reporting
  • Products
  • Symantec Website Security
  • Evaluating
  • Community Supported Data Connectors
  • Conficker Detection Tool
  • DigiCert SSL TLS Certificates
  • 1

    Submit to security response for analysis and if it is malicious they will write new signatures


    You can also submit to virus total for a quick check of what it may be


  • 0

    hmm, looks like from virustotal's feedback, it's clear. but still the activity of this dll is wired