Suspicious registry call

jbpiligrim
jbpiligrim
Community Member
edited May 2019 in 1Password 7 for Windows

I have 1password 7 for windows running on Windows 10 pro. Every time when I sign in on 1Password's secure desktop ESET Internet Security spews notification, screenshot of which I've attached. In short, 1password attempts to create a registry key pointing to something called "internat.exe."
This file doesn't exist in WIndows 10, it was present in 7 and was related to keyboard localisation, moreover, Symantec describes it as a Trojan. NetSnake.Infostealer
Why is 1Password 7 (paid version), attempts to reference above-mentioned registry key? My 1Password version is 7.3.684 running on Windows Pro Version 1809, OS Build 10.0.17763.437
Thanks and kind regards, jbpiligrim

Comments

  • MikeT
    edited May 2019

    Hi @jbpiligrim,

    Thanks for reporting this.

    We don't use that file nor do we make any calls to that file, please block it right away. That looks like something is trying to inject itself into our process and make that call, so you could be seeing an infection on your system but that could be a red herring due to Microsoft injecting something for the Secure Desktop function.

    Try to block it, run a full virus scan, and make sure 1Password's Unlock on Secure Desktop still works fine.

  • @jbpiligrim i hope to be wrong, but it looks like your 1Password.exe is infected. I just ran the search over whole code and Windows folder - there is no such thing as internat.exe.

This discussion has been closed.