Over 1 million tech questions and answers.

Google redirect and suspicious activity

Q: Google redirect and suspicious activity

Good Morning all,,,,,Google searches redirect me to unassociated web sites mostly adds and such and sometimes keystrokes dont regester in my browser !
been messing with this for 3 or four days now and have not seemed to clean this completely FYI I have posted to the log forum,as stated in my other post I picked this monster up by opening an attachment on a spoofed fedex email on yahoo (dont open that attachment)webroot warned me immediatly but i guess too late, did malwarebytes scan and it eliminated a few things,ran spybot s&d it found a few things but apparently it is still in there somewhere,,At this point I am about to panic,,,
I have sysutilities process explorer and see suspicious file file activity Mshta.exe which i know is legit but it is being called by svchost and points to a website which i am fairly sure is illegit or I would never visit it ???? I killed this process tree but it came right back.
Any input with this would be greatly appreciated

patiently waiting

RELEVANCY SCORE 200
Preferred Solution: Google redirect and suspicious activity

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Google redirect and suspicious activity

Hello and welcome,you will be helped in a few days as we are backlogged. ALL logs are replied to so we ask your patience.Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this topic.

Read other 1 answers
RELEVANCY SCORE 74

Google-detected suspicious activity....I had typed in a search term and google asked me to type in some letters for security purposes. Said suspicious activity had been detected from my IP address and they wanted to be sure this was really me. (FYI-the search term was new england health exchange) so i dont think what I was searching for had anything to do with it. I am concerned someone has hacked into my wifi. Is there a way i can see recent activity? The other thing that makes me suspicious is that i was blocked briefly from my FBOOOK acct yesterday for the same reason...FB said they detected activity from NY...I have not been to NY!. I changed my password but today when i got the google message i was really concerned! I have never even heard of google search having this safety measure (i am glad they do but never knew about it). I ran a scan and there is no virus on my computer (i have ms essentials).
1. how can i investigate activity and protect myself?
Thanks
Lisa
 

A:Solved: Google-detected suspicious activity

Please click HERE to download and install HijackThis.

Run it and select Do a system scan and save a logfile from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next reply.

IMPORTANT: Do not fix anything
 

Read other 1 answers
RELEVANCY SCORE 73.2

Hey there! Before i start i'd like to express my gratitude at any and all attempts to help me with my situation My computer's security used to be pretty good, however recently ive been hit with a number of attacks. In the the past 2 weeks ive been infected with Fake antivirus software on more than 3 occasions. Initially i was able to remove it manually with the help of an online guide, until the other day where i got infected with one which removed my Regedit and task manager privlages. I ran Malwarebytes and it managed to fix the constant fake antivirus popups etc however i started getting some weird notifications and i noticed my connection speed and general speed of my computer is at an all time low!Note: After that most recent attack i realised my firewall wasnt up to the challenge, before i was simply using the windows firewall as my norton antivirus ran out not so long ago, however i downloaded and installed Comodo to cope with the problem.Heres some of the problems ive been getting- Regular "Host Process for Windows has stopped working" and "Application layer gateway" notifications, too frequent to ignore.- Also sometimes i get another notification similar to the one before only for randomly named exe files (Alarming!)- Ive noticed that a number of times my desktop does a weird change where the start bar and explorer window change, sort of to the older style like seen in windows 98 etc. This kinda made me think it was rootkit rel... Read more

A:Google Redirects and Suspicious activity, possibly a Hijack

I cant see where to delete this topic, but just to let you all know ive decided to format my drive and start over. It's about time i cleaned this thing up ;) Thanks for looking anyways!

Read other 2 answers
RELEVANCY SCORE 64.4

One day my friend decides to visit websites, without my supervision. When I check on the computer, a fake anti-virus software had appear. I did what I thought was logical which was go into safemode and use avast! and spybot: s&d to remove anything. The program was luckily removed, but search results as mentioned in the topic redirects me. An example of the problem. I go to google.com. I would type "test" in the search field and search. There are a list of results and I click on the links such as http://www.humanmetrics.com/cgi-win/JTypes1.htm, however during the process it leads the address becomes:I don't know what the search.php links does so, please don't click it whoever is reading this x_Xhttp://ouijaclub.com/search.phpI don't know what the search.php links does so, please don't click it whoever is reading this x_Xwhich then leads me to another page which is not the page I clicked.Also from time to time, ad would pop up from out of nowhere.I really would appreciate any help since I tried known anti malware programs such as malwarebytes antimalware and hitman pro, which removed something but did not fix my problem. I have no idea how to use combofix or hijackthis either. Thank you!here is the dds report:DDS (Ver_10-03-17.01) - NTFSx86 Run by Ernest at 12:27:53.70 on 05/16/2010 SunInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.2046.1409 [GMT -4:00]AV: avast... Read more

A:Google results redirect to ad related/suspicious websites

Hello IronicIdealsWelcome to BleepingComputer ========================One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Read other 7 answers
RELEVANCY SCORE 64

I have had a google redirect virus for about a year. It affects all browsers. I have tried multiple scans and checks and they have not come up with anything. I have unhid all files on my computer, i have checked the host files, and pretty much done everything. Many times these things can be found from windows drive.

Sifting through all the files from ntbtlog.txt i came across Loaded driver \SystemRoot\system32\drivers\73673686.sys. I checked 73673686.sys on google and nothing comes up. All the other files come up when I search google. I am not sure what it is/if this is the virus. thanks for your time

A:Have a google redirect virus, need help identifying a suspicious ntbtlog file

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 64

My computer became infected with various sorts of spyware and trojans. It seemed that I was able to remove all of it with malwarebytes, superantispyware, and adaware. However, there is still one problem that I have now:

When I click on google search results, firefox browser opens suspicious-looking pages in a new tab or new window. I have uninstalled firefox (including all my settings) and re-installed it, which did not solve the problem.

Besides that, my computer keeps showing me a message about an "internet explorer script error", even when I am not using Internet Explorer. It includes the following URL: hxxp://ui.mevio.com/static/js/combined/index.js?r=38312. I suspect that this message could be caused by a virus too.

Many thanks in advance for any help you can give. As instructed, here is the content of the DDS.txt file:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by F at 20:01:04,82 on 06.04.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.615 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
... Read more

A:google redirect problem in firefox & suspicious IE error message

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 63.6

Hi there,

I posted for help on another forum but my thread was ignored but I hope I can get help on this forum.

I currently have Google redirect problems.

Please show me how to fix this.

Regards,

Aydin

P.S I had tidserv activity, TDSS viruses several weeks ago, which may still be there.

A:Google Redirect virus + Tidserv activity

Hello and welcome to TSF.

Your post at BC was not ignored, rather closed due to lack of response from you.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 62.4

Computer specs:
Windows 7 Home Premium (64-bit)
HP Pavilion dv6 Notebook PC
**NOTE: Nearly all viruses/trojans mentioned below were found in the Local\appdata folder. One was found in registry.

I'm not all that experienced with computers...I think. So I'd prefer explanations as simple as possible if you can. Thank you so much!
Hi! First off, I'd like to thank you guys beforehand for taking a look at my problem. I'm not super great with computers, and I think I've done all I can. Additionally, I will post all the instructed logs after my log tirade of trying to explain my problem in as much detail as possible; I apologize if it bores you. Moving on, here's my problem:

I've got some viruses and a redirect problem on my Internet browser (Mozilla v.3.6.18 - I kept it since 4 would not work with my fingerprint scanner). It seems to go through "quick-search.com" but I haven't been redirected as much recently, so I can't be 100% sure it's still going through that site. And now my computer runs a bit slow and firefox no longer works, displaying "the proxy server is refusing connections." It was working fine earlier today, and I didn't touch a thing regarding those settings. I received advice to temporarily set it as "no proxy" (rather than the usual "use system settings," which also didn't work--it was changed to using manual proxy that I didn't understand) in order to regain ... Read more

A:Google redirect, malware/virus (trojan/backdoor), and suspicious .exe file problems.

Read other 10 answers
RELEVANCY SCORE 62.4

Hi, folks!

I have been using your advice to clean up/out infections for years, and I'll take this opportunity to thank you for your excellently detailed tutorials on virus removal. You've saved my system & my sanity many times. I have a virus removal folder on a separate flash drive - with rkill, TDSSkiller & other utilities - that has become invaluable to me over the past year or two.

I want to start out by referencing this string - "http://www.bleepingcomputer.com/forums/topic393454.html/page__hl__google+redirect" - because this user had the exact same issues as I have, and had tried the same remedies that I have, to no avail. Instead of following the advice from the tech who helped him (especially because I'm fearful of using ComboFix unsupervised, and because all system configurations are different), I wanted to post the issue again here.

My infection began as a fake security software come-on, which was similar to a few infections I've received (Paladin, XP Anti-Spyware, etc.). Unfortunately I can't tell you the name of it this time, because as soon as it showed up onscreen, I closed the window in an effort to stop it from loading. I then ran rkill, TDSSkiller and Malwarebytes and quarantined the 11 infections that Malwarebytes found. The system recovered accurately after rebooting, but was running very slowly & took a long time to load. Over the next few days I ran SuperAntiSpyware in addition to the other anti-malware pro... Read more

A:Google redirect, svchost.exe activity & Windows Explorer disable

Hi again, Bleepers!

It's been over 10 days since I posted my request and I haven't heard a word from you. I realize you're all very busy, what with all the viruses & other malware out there, but I'm left to assume that I did something wrong in my original post. I'm sorry if I insulted someone by requesting a particular tech to help me, but I thought it would be quicker to ask for someone who just handled the identical problem. But, as I said, any one of the helpers would be fine.

If the problem is that I didn't post the requested logs yet, it's because my infected computer is disconnected from the internet to avoid any further infections from being compromised by the existing malware.

I don't know what else I may have done wrong for you to ignore my post, while others with similar problems received responses within a day or so, but I apologize and assure you that whatever it was, it was inadvertent. I really need your help, since I rely on my system for personal and business purposes, and have been severely compromised without it. As I said, I don't want to use ComboFix unsupervised - as recommended - but I'm getting pretty desperate.

Please let me know what else you need me to do, or not do, so that I can get a response from you to help me. Thanks again in advance.

- Arney X

Read other 75 answers
RELEVANCY SCORE 62.4

Like so many others on here, I got hit with the google redirect bug, and my norton 360 kept popping up notifications of needing to manually remove Tisderv Activity 2. I also got notifications about Trojan.Gen.2 and "[email protected] (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required". Although it says resolved, the notifications kept happening.

The norton tool to remove Tisderv scanned with 0 results. I came to this website and have already followed some of the advice from other posts (malwarebytes, scanning in safe mode, and ComboFix).

The norton and malwarebytes scans seemingly removed a lot of bad stuff, but the norton notifications for Tisderv Activity 2 remained. I then ran ComboFix because I saw a lot of other posts doing that, and ever since I ran ComboFix, the Norton notifications have gone away and my google search results are no longer redirecting...so YAY, I think.

SO, the reason for this post is to just make sure that everything in my logs seem fine, and that nothing stands out. Any other advice (such as updating my java, etc) would be great as well. Any help would be GREATLY appreciated.

Here are my logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Kevin at 21:21:05 on 2011-10-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2387 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Wind... Read more

A:Tisderv Activity 2, google redirect, and constant norton notifications

Also, like I said, things have been looking pretty good ever since I ran ComboFix. Here is my ComboFix log. Please let me know if you see anything that needs to be worked on.

***EDIT: I just read that I shouldn't run ComboFix unless asked to. Sorry about that. I hope this will be ok. ***

ComboFix 11-10-04.04 - Kevin 10/04/2011 20:14:56.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2362 [GMT -7:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kevin\AppData\Roaming\6A50.C14
c:\users\Kevin\AppData\Roaming\Adobe\plugs
c:\users\Kevin\AppData\Roaming\Adobe\shed
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\kw5ehcgy.default\extensions\{ac8845dc-f631-4651-b741-5693e7727f31}
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\kw5ehcgy.default\extensions\{ac8845dc-f631-4651-b741-5693e7727f31}\chrome.manifest
c:... Read more

Read other 3 answers
RELEVANCY SCORE 61.6

Hello members of Bleeping Computer,
I have been having troubles with the infamous Google Redirect Virus (as well as rootkit activity being detected) for about a week now. In the past, Combo-Fix was able to solve this problem. This time, however, Combo-Fix seems to have no effect on fixing the problem. Thanks for taking the time to help me!

A:Combo-Fix is not fixing Google Redirect Virus, also Rootkit activity detected

Also, whenever i try to run Combo-Fix now, the following error message comes up:
"Some files could not be created. Please close all applications, reboot Windows and restart this installation"
I'm not sure if the virus is making that message pop up or if there really are other benign applications that are causing this message to show up. Once again, thanks for reading this!

Read other 7 answers
RELEVANCY SCORE 58.8

First I wanna say hi to you guys! I'm new here.

These are my specs:

Intel i5-3210 2.5GHz
6GB DDR3
ATI-Radeon 7670 - 1GB/Intel HD4000 1GB
500GB HDD (don't know more about it than this..)
Got Windows 7 64bit installed.

I'm suspicious there's something wrong with my laptop. I only got it two days ago and I've installed Windows 7 (brother won't help me with it so I have to do it myself every time ), but even *now* as I've been installing the drivers the HDD activity is really peculiar. Not only is the computer sluggish when something is running - even something really minor and unimportant - the HDD activity in the Task Manager>Resource Monitor pitches all the time then goes down again and then up again. It ranges from 1KB/s to 20MB/s..
I also hear it crackling which isn't the way it's supposed to be, right? You're not supposed to "hear" your HDD crackle when it's working, or am I wrong and is that completely normal?

Worry no. 2 is that my memory usage keeps going higher and higher. Especially when Windows Update is installing something it can go up to 80%, in slow steps.

Can someone give me some peace of mind and let me know if the computer's fine or should I run more tests?

Thanks in advance!
 

Read other answers
RELEVANCY SCORE 58.8

I have Norton 360 and it is fully up-to-date but I still have activity on my computer which I am not sure is suspicious or not.

The worst symptom is when I log onto the internet. When I first log on to the net the computer becomes exceptionally busy and the CPU/Hard Disc(?) indicator light flashes continuously. This continues for anything from 10 to 20 minutes. During this time it is difficult to do anything at all on the net and downloading any pages at all is a laborious task.

I can even check that Windows Update has not downloaded any updates on that day and yet the problem still happens.

Is this suspicious activity or is it a hardware issue here?
 

Read other answers
RELEVANCY SCORE 58.8

Hey,
Every time my display turns off automatically I can see my HDD light flashing and I can hear it. When display comes active it stops and under task manager I don't see anything running either and no HDD usage, thats why it's kinda weird and suspicious for me. Sometimes it just stops, and it shows more activity just after display is turned off. Might it be some kind of scheduled "hidden" activity I'm not aware about or what?
It's definitely not some kind of disk defrag or sth.
I might do Avast scan and see if some virus shows up, but I haven't downloaded anything suspicious.

Maybe you guys know more about this.

A:Suspicious HDD activity.

This sounds like your schedulred maintenence which will happen either a defined time (normally 3 am) or if this time is not free at the next time your PC is not busy.

Don't worry about it.

Automatic Maintenance - Change Maintenance Settings in Windows 8

Read other 3 answers
RELEVANCY SCORE 58.8

I use a Dell Dimension E521 running Vista Premium 32 bit with dual processor and 4gbs of ram. I have run McAfee, Malwarebytes, and Spybot with negative results. The "suspicious activity" I have noticed is that I have my computer screen saver set to enable after 10 minutes of inactivity. Sometimes after the screen saver has enabled I have noticed that the desktop will reappear with no input from myself and the hard drive will begin working. Often the screen saver will not come back on afterwards, sometimes it does. Any ideas? Thanks for your help!

A:Suspicious Activity

Discovered that a NEXON game that I had downloaded "Combat Arms" was the culprit. Seems that it uses your computer to upload updates you have received to other users even when you aren't playing the game. I uninstalled the game and thought I had the problem resolved. Turns out I had not deleted the installer that was still in my download folder and it was updating itself from time to time and was still uploading to other users as well. Deleted it and problem solved. Afterward I also deleted all references to NEXON and Combat Arms from my registry.

Read other 1 answers
RELEVANCY SCORE 58.8

Hi, just feeling a little suspicous.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:17:49 PM, on 11/23/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exeC:\Program Files (x86)\AVG\AVG8\avgtray.exeC:\hp\kbd\kbd.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page... Read more

A:Suspicious Activity

Hi iDukeHelp,Welcome to Bleeping Computers My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for the issues on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate your letting us know. If not, please post a new HijackThis log so that we can have a look at the current condition of your machine.

Read other 28 answers
RELEVANCY SCORE 58.8

I received a message from Qtel (qatar phone and provider) That lots of spam was being sent from our IP address. My husband received it as well when he logged on to his laptop (different than mine). I barely use email, nor does he. We are from the States but living in Qatar, and we have heard about some nasty virus's spreading in this part of the world. Anyways, the site recommended we run anti virus, spyware programs etc., but we did not go to the links they suggested. This was the first curious thing. This is a brand new laptop, my old one got very sick with blue screens and constant (every 5 minutes) sudden crashed and lots of dsebugger error codes and JIT issues...and drove me nuts trying to get it working for many days and many hours, I finally gave up. But one thing my old laptop started doing when idle was, a message would pop up saying local wants permission to run my camera and mic with the option to allow or decline. The minute I would move the cursor to hit decline the message would disappear. Now, my new laptop is doing the same thing. It also is having crazy sporadic cursor movements, like someone else is controlling it at one website, a game that I play. I have altered my touchpad settings but it hasnt helped. I just want some piece of mind that nothing has infected this new laptop, and that the same fate doesn't await this one as my old one that I recently gave up on. I fear someone remotely controlling or taking over this computer. Not typi... Read more

A:Suspicious Activity

DDS/HijackThis logs are not permitted in this forum. The HJT Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to the HJT forum if we cannot assist you here and we need to use more powerful tools or you don't mind waiting.Please download Malwarebytes Anti-Malware (v1.41) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sur... Read more

Read other 1 answers
RELEVANCY SCORE 58.8

Hi all,
 
My account with my ISP has a limited amount of bandwidth I can use a month before accruing extra charges. I was notified today that I had reached that total, although I'm very conscious about how much I use, and generally I don't use very much on a daily basis. When I checked the daily usage report, I noticed that there was over 7 GB of activity this past Wednesday, and I know for certain that I did not download, or use anything that  would account for that much activity.
 
I did call my ISP and they suspect a virus (and, nicely enough, are going to give me a credit for this months over usage). I ran scans with MS Security Essentials, Malwarebytes and the Bitdefender online scanner, with no positive results. 
 
Other than the large amount of activity on that one day, everything else on my account (ISP daily usage) looked fine, and as far as I can tell the computer is running as per usual. 
 
Any help will be appreciated.
 

A:Suspicious Activity

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.    Click on Change Parameters and click Detect TDLFS File System.    Click the Start Scan button.    Do not use the computer during the scan    If the scan completes with nothing found, click Close to exit.    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.    A TDSSKiller text file would be saved in Local Disk C.    Copy and paste the contents of that file in your next reply.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential... Read more

Read other 16 answers
RELEVANCY SCORE 58.8

Hi there, I'm new. A member of another group told me about this site.Oh I rum XP with IE6

Just logged onto my usual group and my firewall popped up asking me to allow or block.
"Outbound connection."

Remote IP adress.... cla.libart.calpoly.edu.
( 129.65.43.134 )

Remote port 16080

Local port 1170.


Did a " who is" search..

It came up with California polytechnic Liberal arts state university.

This only started a couple of days ago, yesterday it popped up with the port numbers... 1170, 2011, 4218.

I ran a port scanner which said 25 ports are open, but Kaspersky said none open?.
Here's a log file, could you see if there is something amiss?

Many Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:38:57, on 28/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin... Read more

Read other answers
RELEVANCY SCORE 58.8

Hi
 
I just installed Win7 64Bit newly on my PC.
But I got high CPU Usage in stand-by.
 

 
I just start the PC and dont do anything.
Is this normal?
 
My Setup:
CPU AMD FX8350 4Ghz 8Core
GPU GTX 1080
RAM 16GB
PSU 600W
Mobo ASRock 970 Extreme3

A:Suspicious CPU activity

- What did you install ? Win 7 with or without Service Pack 1 ? How many updates did you install after that ? Is Windows Update set to "Donwload & Notify" ?
- Sounds like you've got the "Windows Update" problem that's plagueing Windows users for - at least - 6 months. Keep an eye on what CPU & memory usage (4 Gb is rather high) is doing.
http://www.tweaking.com/forums/index.php/topic,4799.0.html

Read other 1 answers
RELEVANCY SCORE 58.8

Alright, this is a problem on a different machine I have.
 
This machine runs Windows 7 and doesn't have any slow down problems. However, once in a while, pop up ads show up down by the clock and Outlook.com refuses to work in Firefox. I've done all the suggestions that Microsoft and Mozilla list to fix the problem but nothing works. I also keep getting constant reminders to update Flash and Java. I've removed Java and Flash entirely then installed them from their respective websites but the notices keep popping up. I have ran Malwarebytes and Microsoft Security Essentials but both came back as clean.

A:Suspicious Activity on PC

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

Read other 12 answers
RELEVANCY SCORE 58.8

Windows 7
Macbook Air

I'm trying to work on this machine for a friend who says they encountered issues when one of their friends tried to install adobe acrobat. After the computer was rebooted, I'm told firefox looks different, and there seems to be more things going on in task manager. Instead of uninstalling acrobat, the person did a system restore to before the program was installed. Now the acrobat folder is still there, but will not delete. There is no uninstall program function. The gmail address associated with the machine suddenly got 4 emails from mypcbackup...very rare for spam to not be properly filtered in gmail according to owner. I don't know much more but am hoping you can tell me whether the machine is compromised and how to make sure it is clean!


HJT Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:18:37 PM, on 4/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Pro... Read more

A:Suspicious activity

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by BG at 16:53:31 on 2014-04-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2221.921 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitec... Read more

Read other 3 answers
RELEVANCY SCORE 58.8

Can someone please help me with trouble that I have been having for the past 5 years or so? (Yes, 5 years indeed.)
I want to make this thread as simple and as accurate as possible so that I can receive the most help I can get.
So with a lot of patience and hope I type this so that I will get some clarification to what has been happening.

The problem I have is that my internet connection gets cut off very frequently. I believe someone is doing it from behind the scenes. Now before I start pointing fingers or before people start calling me paranoid please take into consideration what I have to say. First lets start with what Operating system I use. I am currently using WINDOWS 7 but I try to stay away from it since it has many vulnerabilities. My other option that I prefer is Linux, I have tried so many Linux distributions that I can not say which I favor regardless the problem is there. So taking in mind what I just said about which operating system I use I can say that MALWARE is probably not the issue here.

Next lets talk about my Internet Service Provider.. It provides my home with both CABLE and CABLE INTERNET I am going to try to be as diligent as possible about this topic and not name the company for my sake!.. Let me just tell you that this company has been rated as one of the worst in the US.

Ive called my internet service provider many times asking what is up with my internet. Not to my surprise the representatives either do not want to give me information since I ... Read more

A:Suspicious activity.

Read other 10 answers
RELEVANCY SCORE 58.8

HI THERE I GO TO CHATROOMS AS WELL AS DO OTHER STUFF LIKE GO TO INFO SITES/SOFTWARE SITES ECT. A FEW MONTHS AGO I WHILE I WAS IN A CHATROOM I KEPT GETTING DC LIKE 30 40TIMES IN AN HOURS TIME EVERYDAY IT WOULD SHOW UP AS CONNECTION RESET BY PEER SO AFTER AWHILE OF THAT HAPPENING I DECIDED TO GET MORE INFO ON IT I FOUND OUT THAT WHEN SOMEONE ATTACKS YOUR COMP AND YOUR IN A CHATROOM IT SHOWS AS A REGULAR CONNECTION RESET MSG SO I WENT AND GOT ZA AFTER I HAD THAT FOR BOUT A WEEK AND LEARNED THE CONTROLS A BIT I THEN WENT BACK TO THAT CHATROOM I NOTICED WITH IN 10-15MINS THAT 3DIFF IPS HAD ATTEMTPED TO GET THROUGH MY PORTS 50TIMES EACH AND ONCE I HAD THE FIREWALL I STOPPED LEAVING THE CHAT SERVER ITS BEEN THREE MONTHS I HAVE NO MORE PROBS AS FAR AS BEING DC BUT THE ATTEMTPS HAVNT STOPPED ON MY COMPUTER NOW THIS PERSON OR PEOPLE ARE TRYING TO SEND ME (SSh) (ftp) (html) among other things all on port 111 this happens day in and day out and they dont try just once they try hundreds of times i mean it got so bad i had to uncheck the alert box cuz it kept popping up so many times SO I WENT GOT A TRACER PROGRAM I THOUGHT ID TRACE THIS IP BUT THEN WHEN I WENT TO TRACE IT I GOT THE HOST IS UNREACHABLE OTHER TIMES ON A DIFF IP I GOT A NETWORK LOCATION IN VA,PA,CANADA,ENGLAND,CHINA,GERMANY,RUSSIA FOR THAT SAME IP BUT NONE GAVE ANY INFO SO I FIGURED IT WAS SPOOFED NOW I DO ADMIT I SHOULDNT WORRY BOUT THIS SENSE THE FIREWALL IS DOING ITS JOB BUT THE RATE THIS HAS BEEN KEPT UP SOMEDAY THEY WIL... Read more

A:Suspicious Activity

Hiya

The problem with tracing is that they can be an infected machine and you will only be getting the innocent party in trouble.

If you are having all those IP's hitting you, you say 3, then you may have a trojan.

Go here: http://housecall.antivirus.com/housecall/start_corp.asp

and run an online virus scan. Also, go here: www.moosoft.com and download The Cleaner ( 30 day demo)

Also, go here: http://home.earthlink.net/~rmbox/Reticulated/Toys.html

and download Startup Log. Install and run it, allow the DOS window to close then copy/paste the results here.

The IP's may be useful to have a look at. But first, see if you're infected.

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 58

I am on a mission...

About 1 year ago I downloaded SnoopFree Privacy Shield (http://www.snoopfree.com/PrivacyShield.htm), a keyboard filter and logger detector.

Upon boot up it gave me the breach message that file "samfilt.sys" is a Keyboard Filter and has access to everything that I type into the keyboard. In other words, a keylogger.

The directory it's in is: C:\WINDOWS\SYSTEM32\DRIVERS

Given information is that the file is Written for Dolphin, Inc. by Walter Oney Software. It's Copyright 2002 Dolphin, Inc., and the file version is 1.0.0.0.

I moved the file (to the desktop) and restarted Windows XP. On the LOGIN screen, my keyboard no longer worked and I could not login. So, I repaired my installation and all seemed fine. The repaired Windows XP no longer had the "samfilt.sys" file.

But today I am still curious: What exactly was this file? Back a year ago there were 0 Google results for samfilt.sys. Today, there are less than 20.

It is almost as if "samfilt.sys" does not even exist!

One link is http://www.file.net/process/samfilt.sys.html, where it says:

samfilt.sys is located in the folder C:\Windows\System32\drivers. The file size on Windows XP is 34688 bytes. The driver can be started or stopped from Services in the Control Panel or by other programs. The program has no visible window. It is a keyboard driver, can record inputs. The service has no detailed description. samfilt.sys is not a Windows system file. samfilt.s... Read more

A:samfilt.sys suspicious activity

Read other 6 answers
RELEVANCY SCORE 58

Hello all, new here. I recently was infected with Vista Smart Security, which is a rogue anti-spyware program. I removed it by deleting its registry keys and disabling it so that malwarebytes could run. Malwarebytes removed the infections and the program is gone, but everytime I use IE, random search engines open in another tab and have a query from a previous site. I also have been using peerblock to provide a safer browsing exerience. When I leave peerblock running when IE isn't open, random ip's are blocked. They are connections such as "Amazon.com", "Tribal Fusion Inc." When I closed IE, next to my mouse is a loading cursor that disappears after about 3 sec. This is not normal and I had never experienced this before. Also, at the same time, my taskbar makes a quick shift like something was running. I have tried everything to find the infection. I have ran AVG, ESET, Superantispyware, Malwarebytes, Hijack This, and ComboFix. I have ran these in safe mode multiple times as well, but no luck. Any help is gladly appreciated. I am running Vista Home Premium.Thanks

A:IE Hijacking and Suspicious Activity

Hello,Your issues are caused by remnants of the infection and its buddies. Please follow the instructions in ==>This Guide<== starting with step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 58

New to this forum. I just know i was infected. iexplorer.exe keeps coming out when there is no IE open. My MSN Messanger.exe became msnmsgr .exe. I run ComboFix but to no avail. Bitdefender picks up a rootkit activity but it dosent solve the issue (so much for it being the Top 1 AV).Here is the log,UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 1/4/2010 1:06:02 AMSystem Uptime: 2/3/2010 6:42:27 PM (1 hours ago)Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7211Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 775 | 2994/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 98 GiB total, 64.152 GiB free.D: is FIXED (NTFS) - 51 GiB total, 35.468 GiB free.E: is CDROM ()==== Disabled Device Manager Items =============Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: SCSI ControllerDevice ID: PCI\VEN_1191&DEV_8040&SUBSYS_80401191&REV_02\3&13C0B0C5&0&40Manufacturer: Name: SCSI ControllerPNP Device ID: PCI\VEN_1191&DEV_8040&SUBSYS_80401191&REV_02\3&13C0B0C5&0&40Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Multimedia Audio ControllerDevice ID: PCI\VEN_1106&DEV_3059&SUBSYS_B0101462&REV_60\3&13C0B0C5&0&8DManufacturer: Name: Multimedia Audio... Read more

A:Suspicious Rootkit Activity

bumpz! Please help.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a mem... Read more

Read other 23 answers
RELEVANCY SCORE 58

Hi,

I have a cable modem for the last week or so showing constant activity which is very fishy indeed. I've ran things like Spybot checks (also Norton and AVG scans) but the problem remains. As soon as I block network traffic the activity stops.
I've posted to a couple of other forums which little help, is there anyone who can help out there!

Below is a HiJackThis log....

-Marc

Logfile of HijackThis v1.99.1
Scan saved at 18:25:15, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Sha... Read more

A:Suspicious Network Activity

Hi Welcome to TSG!!

Nothing showing in the log. What are you blocking access to?
 

Read other 3 answers
RELEVANCY SCORE 58

Hi everyone, I have a ThinkPad Edge 15 running Windows 7 Home Premium that I bought near the beginning of 2011. So far it has run flawlessly, but today I started to experience some suspicious activity.
Occasionally, my mouse cursor lags considerably, my webcam and microphone indicator icons flashes between on/off even though I left both off, and my volume mutes and unmutes itself. I get strange key input like d'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''&#... Read more

A:Suspicious activity on Windows 7

Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon... Read more

Read other 7 answers
RELEVANCY SCORE 58

Found out it was normal, other people have it too. Just hp support assistant updating without my consent

Read other answers
RELEVANCY SCORE 58

I recently have encountered some odd things happening with my computer. I have no concrete evidence that my computer is being a plagued by a virus but nevertheless better safe than sorry. It all started today in the morning when I needed to photocopy a document. I turned on my computer and noticed that the whole screen had froze. Nothing was moving not even the cursor. I didn't think much of it because this sorta thing happens time and time. But regardless my scanner/printer was working anyways so I went ahead and photocopied what I needed. To shut off my computer I simply pressed the Restart button and hit the Power button on start up. Later in the afternoon I turned on my computer once again. The Start menu was completely frozen and my cursor would display the hourglass icon if I moused over it. System Tray icons took a very long time to load and Task Manager had froze on my once when I tried to see what processes were going on. The system icons had finally loaded after about 10 minutes which is unusual and I noticed that my avast antivirus system tray icon had a red X next to it. I opened the control system for avast and pressed the 'Fix Now' button and tried to enable the system but there was no response. Aside from that I can freely browse through the internet, but without an antivirus system functioning I am weary that I may be hit by a virus.


DDS (Ver_10-11-27.01) - NTFSx86
Run by Owner at 16:17:39.18 on 03/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJava... Read more

A:Suspicious Activity on Computer

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_... Read more

Read other 1 answers
RELEVANCY SCORE 58

Hi guys,

Forgive my apparent ignorance about this, but I've posted in recent months about my machine waking up on its own while in Hibernation. However, it only happened seldomly --ninety to ninety-five percent of the time it just stayed in its Hibernation sleep state until I reactivated it. Well, that's no longer the case --it's waking up on its own more frequently, and for that reason is beginning to make me a bit suspicious. I should add here that my machine was attacked twice in the last week from an IP Address in China --my firewall intercepted it, and I did a search on the address and saw that a number of people here have been reporting and complaining about that same individual.

So my question is this: to what extent does my firewall protect my machine when it's in Hibernation, and can it be woken up by a nosy guy in China that's trying to hack into peoples' machines here in the States?

Thanks for your help.

A:Suspicious machine activity

God Lord, am I not worthy of even one simple response regarding this, or did the question spook people here?

Read other 7 answers
RELEVANCY SCORE 58

I got the following message below while playing Zuma Blitz on Facebook with Chrome as my browser. When the pop-up came up, clicking anywhere else in Chrome resulted in a beep. I closed it down using the task manager. I just ran MalWareBytes last night, and ran SpyBot just now. Nothing but the usual cookie tracking stuff. I have Free AVG as my anti-virus. Did this message come in through Facebook somehow? I suspect it's one of those bogus security s/ware ploys, but did it come through a game in Facebook, or did it make its way to me another way? The page at ad47669.d2n3.net says:E-Set has found suspicious activity on your pc and will perform some action on your pcOK <button> Thanks.Jane

A:E-Set has found suspicious activity...

Hello Jane. There could have been malicious script in either. As you do NOT have ESET I suspect it was a rogue attack.To be sure...Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not ru... Read more

Read other 5 answers
RELEVANCY SCORE 58

Over the past few days I've noticed highly suspicious activity in my main email account, which is a web-based hotmail account. As over this time period, I've had large numbers of delivery notification failures to my hotmail inbox which contain spam like messages featuring an attachment and word salad( I have not opened any of the attachments sent to my mail box), I've also noticed that the spam emails are ether forwarded to other people throughout the world, or are sent directly from me. This is suspicious enough for me, however today when I went to check my morning mail, I found that my inbox had an even larger number of spam attachment emails sent(again ether from me directly or forwarded from my box.In addition, even more alarming when I went to check my sent box I've confirmed that a sizable quantity of these spam messages where sent using my hotmail account.

I don't see how my account could have been compromised, as I have very strong and very regularly updated antivirus, anti-hacking, anti-phishing, etc the works in terms of protection. Also I follow good web protocol and never open anything from an unfamiliar sender etc, never look at sketchy inappropriate websites.

So I'm trying to figure out how my hotmail account could have been compromised like this?

However recently my college has come under frequent spam, phishing, hacking, an denial of service attacks so that is one possible cause of this I figure? Especially, since my school's web... Read more

A:Suspicious Activity on my email

Any opinions?

Read other 1 answers
RELEVANCY SCORE 58

Lately I have found that my computer has been running slower and random audio of Advertisements have been playing however not till today I have discovered that Inter Explorer was open in task manager but not on my desktop. Task manager was showing Internet Explorer opening multiple websites such as "whatismyIp" as soon as I saw this I panicked and am now wondering how may I stop/Solve this from continuing

A:IE Open with Suspicious activity

FWIW:  One instance of iexplore.exe is displayed in Task Manager as a process...always.  For every window/tab opened, 1 additional process appears in Task Manager.
 
Louis

Read other 1 answers
RELEVANCY SCORE 58

I've followed the setup...I'm seeing domains, DCs, users, computers and groups...but nothing else...I've tried to generate a suspicious event, still nothing...
I see KerberosV5 and LDAP traffic back and forth from my DCs on my ata gateway server...
Here's the Microsoft.Tri.Gateway-Errors log...
2016-02-23 18:55:35.9577 3164 10  1aab5d65-d404-4e6f-a9e6-2ff64fb60254 Error [GatewayConfigurationManager] Failed to update configuration System.ServiceModel.Security.MessageSecurityException: An unsecured
or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: At least one security token in the message could not be validated.

   --- End of inner exception stack trace ---
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass7_0`1.<CreateGenericTask>b__0(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous ... Read more

Read other answers
RELEVANCY SCORE 58

Just recently my computer has been displaying odd activity. For starters, it would jump from an active window to an inactive window about every 30 seconds. When I ran task manager, I saw that iexplorer would spike up about the time this happened. This issue has somewhat settled down, but now I get frequent "low virtual memory" messages and then dwwin.exe errors where my applications just shut down. I have also been getting random pop up's here and there. Overall, I just think something annoying is lurking in the background and need help getting my PC clean as I rely on this PC primarily for school now. I have attached gmer.txt and have also pasted my hijackthis and dds reports. Thank you for your help in advance.
-Jay

**********DDS**********

DDS (Version 1.0) - NTFSx86
Run by Jaybird at 12:28:19.23 on Sun 11/16/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.498 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Grisoft\AVG Anti-Spy... Read more

A:Random Suspicious Activity

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up in... Read more

Read other 9 answers
RELEVANCY SCORE 58

Hello All
I have installed Wondering Ips on my computer
and have noticed that some suspicious network
activity. Could someone recomend an app. that
could help identify the activity that is going on
and if it's good or bad.
Any help will be appriciated.

RalphG

A:Suspicious Network Activity

What is the suspicious network activity?

Read other 9 answers
RELEVANCY SCORE 58

For starters, I have only a very basic knowledge of how computers function, so I'd be most grateful for solutions that don't require an immense understanding of what's beyond the screen.

Now, I've recently begun experiencing these moments where the fans start roaring on my ca. 3 months old Acer Aspire S3. When I open the task manager, it claims CPU usage is at 100. For a second or so, the majority is attributed to the manager itself, then its usage drops down to a reasonable level and there's no proof of what is causing this overload. Sometimes it begins decreasing when I open the task manager, sometimes it keeps going at 100.
In some cases, it occurs when I start something up, and other times it's completely random. Sometimes, like right now, the fan keeps blowing loudly even when the task manager claims the CPU usage has dropped.

I recently looked into some cryptocurrency CPU mining but gave up when I realised it was probably both futile and dangerous to the laptop. The cause might be some lost process therefrom, but I suspect malware is at work here.

So far, I've tried scanning with AVG, uninstalled it and then scanned with Avast!, the later of which found and vaulted a file at /Appdata/Roaming/eintaller/89CC34BDD2064099999AC9FCAD94A862, an unknown folder which includes a "config" document and a "desk365" programme of 4255kb.

I also ran an sfc /scannow from both normal and safe mode, and they detected nothing.

Still, the issue came up pr... Read more

A:Suspicious fan activity and CPU spike to 100

Without being there it's difficult to know for sure if a problem exists. Many installed programs run in the background and can manifest what you're observing and it might be totally normal. Looking at scheduled tasks might give you a clue.

Read other 2 answers
RELEVANCY SCORE 58

Hi everyone,

First of all, I apologize if this might be out of the ordinary for posting but I have been trying to logon to the Sygate forum page for a couple hours now and as usually their web page bites. So I figure I'd come here and try with people that "know what they are doing". Well, anyways to my problem I have noticed when I read my Sygate traffic log there's something that sticks out that I'm not sure if it is normal activity or something I should be concern about. I do have Norton Anti-Virus, Ad-aware, Spotbot S&D, SpywareBlaster, Bazooka and WinPatrol running and have recently scanned my system. The scans come out clean. It seems that I get different remote hosts with the same IP addresses (38.113.220.??) with the last two numbers being different. These events are being logged even though I haven't been on that particular web page for hours (MTV). I also backtraced all of the IP addresses and they belong to Performance Systems International , Inc. Is this normal activity? I'm not sure if I being hacked or what. I have included a portion of my log below. Please I would appreciate any help you can give like I said before logging on to the Sygate Forums page is like trying to raise the dead. If someone could review my log and tell me if I need or not need to be concern about this activity I would really appreciate it. THANK YOU for your assistance and patience!

94562 11/20/2004 12:59:07 Allowed 10 Outgoing TCP
us.js1.yimg.com [3... Read more

A:Suspicious Firewall Activity???

Not sure if this will make you feel better or not, but I see from the trace it comes from DC!
 

Read other 3 answers
RELEVANCY SCORE 58

For the last 2 days there has been some odd activity with one of the svchost.exe processes. It will randomly start using 200kbps+ of bandwidth and disk usage, its also over 50mb in size and unlike all the other svchost.exe processes that are set to a normal priority this one is set to low. It is the system svchost.exe file and everything checks out so i dont think its anything dangerous but when its running at 80%+ of my total bandwidth it gets rather annoying.

Is there any way to see whats going on with the process (and a way to stop it) because it should not being doing this.
 

Read other answers
RELEVANCY SCORE 58

Hi everyone, I have a ThinkPad Edge 15 running Windows 7 Home Premium that I bought near the begnning of 2011. So far it has run flawlessly, but today I started to experience some suspicious activity.
Occasionally, my mouse cursor lags considerably, my webcam and microphone indicator icons flashes between on/off even though I left it off, and my volume mutes and unmutes itself. I get strange key input like d'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''&... Read more

Read other answers
RELEVANCY SCORE 58

I am running tests with microsoft ATA, I have installed the gateway on 3 domain controllers, I have performed tests creating a false account and adding SID, failed attempts with an account, testing with nslookup but the ATA does not show anything in the
dashboard, if this Synchronizing with the AD because it shows me the recent activities of the users, but with all the tests that I have done I do not see any suspicious activity, they can indicate to me that more tests I can realize or that could be happening
in my environment.

Read other answers
RELEVANCY SCORE 58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:29 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1154925291\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Prog... Read more

A:Suspicious comp activity - HJT Log

Download Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your system.
Please download Combofix from any of these lo... Read more

Read other 1 answers
RELEVANCY SCORE 57.6

I had AVG Free for years without any serious issues. I decided to switch it up and try Avast (free). When I did a scan with Avast it gave me a message that my router was set to "weak password" with a link to fix it. When I tried to log into the Netgear site it wouldn't accept the password, so I contacted my cable provider who I lease the router from. The person I talked to told me to contact Netgear support, (I later learned they weren't supposed to refer me to Netgear, but that's neither here nor there). The number I found for Netgear support online was 855-666-8856. I spoke to some guy with very bad English who had me open to the Netgear support page and immediately began telling me to just click yes on the prompts he was sending me. I realized he was attempting to have me give him control of my computer so I said, "I just want to know how to change my password, I don't need you to do it for me, just tell me how to do it." He got irritated and told me he couldn't help me over the phone unless he had access. It seemed odd but I'm no techie and at that point I believed I was speaking to an authorized Netgear support tech, so I clicked the prompts and allowed him to control the computer. He ran a scan and showed me where someone had accessed my computer on June 7th at 12:54pm. He then took me to a page and started showing me different SonicWall options trying to sell me that product for $300+. I told him I wasn't interested in buying anything, I just wanted to change the passw... Read more

A:Suspicious Activity (uncertain if affected)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Unhide files/folders Windows 7.How To:http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7<<<>>>Remove this program via the Control Panel > Programs > Programs and Features applet.SavingsBull (Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF HKU\S-1-5-21-3931276179-3777703916-1810220762-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014... Read more

Read other 0 answers
RELEVANCY SCORE 57.6

Hi everyone,

Every now and then when I am on-line I hear my computer fan kick on very high and when I look at system performance under the task manager, something is using almost all of the CPU power. This has been happening every now and then for a long time.

Yesterday, I checked the connections with my comodo firewall (version 3.0.13.268) and Svchost.exe located at C:\windows\system32\svchost.exe was as using most of the INTERNET connection.

My computer IP address was the source using port 4732, and the destination IP address was issued to my ISP using port 80. What surprised me is that it had downloaded 17 MB of data and uploaded over 1 MB of data. This is just a 56k dial up connection. After about 17 MB, more data started to download using port 1569. I have Microsoft automatic updates set to just notify me if anything is available, not to download automatically. I generally turn off automatic updates on all installed programs as well.

I closed the browser (running sandboxie) and even deleted the sandbox and it just kept on downloading and uploading.

I terminated the connection in the firewall but it reconnected, this time my IP was using port 2421 and the destination address kept using port 80

I tend to think it's not malware because I did a full system scan with Avira a couple of weeks ago and it said everything was OK. I don't do full scans that often since the disk is so full and it takes so long. I also did a quick scan with Malwarebytes, superantis... Read more

A:Suspicious Svchost.exe internet activity

Read other 16 answers