I found a plug-in’s activity looks weird but not reported by you. So kind of wondering if you could help to find out what’s that. The name is npbaidusafeinput.dll (kind of unreadable) and I attached it in this mail. Looks like it will upload all my process and screen shot to some unknown server. None of AV reported this but I do think this plug-in is uploading my privacy to somewhere and kind of scared.

Hope you will help to find out what’s really going on there and share the results. Cheers.

looks like not able to attache the dll. what I suppose to do?

None of AV reported this

upload npbaidusafeinput.dll to virustotal.com and test it
post link to scan result here

I extract one word ‘baidu’ and this is a Chinese company that trawls the internet indexing content, there are even ‘baidu’ spiders indexing this forum.

A search for that dll name returns few hits all cached and all in Chinese Simplified language, something about Baidu Security Controls and Candid plugin or something about 360 Browser. 360 is also related to an AV.

There are only certain file types you can attach in the forums, certainly not suspect ones as the last thing we want would be for avast to end up alerting on its own forum. Not to mention this is a publicly available site and you would have no control over who downloads it or what they do with it.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page.