Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys

Featured Deal: This Free Course Lets You Achieve Digital Transformation for Your Company

_something_ is phoning home upon boot

Started by corrosiv , Jan 22 2011 09:49 AM

Please log in to reply

7 replies to this topic

#1 corrosiv

Members
4 posts
OFFLINE

Local time:04:53 AM

Posted 22 January 2011 - 09:49 AM

PeerBlock starts at boot-time, and IMMEDIATELY shows blocked accesses to IPs under the "Archer Communications" range.

- how do I identify what process is making this attempted communication, and how said process is started?
- what's the story on Archer? I'll get the actual IP addresses shortly when I restart.

thanks all

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 ThunderZ

Deactivated
4,454 posts
OFFLINE

Gender:Male
Local time:03:53 AM

Posted 22 January 2011 - 09:57 AM

Archer Communications

More info. Possibly why it is phoning home. Just what piece of software it is tied to I have no idea. But may give you a starting point.

Back to top

#3 corrosiv

Topic Starter

Members
4 posts
OFFLINE

Local time:04:53 AM

Posted 24 January 2011 - 08:22 AM

PeerBlock starts at boot-time, and IMMEDIATELY shows blocked accesses to IPs under the "Archer Communications" range.

- how do I identify what process is making this attempted communication, and how said process is started?
- what's the story on Archer? I'll get the actual IP addresses shortly when I restart.

thanks all

The addresses:
66.235.143.184
...58
...2
...24
...121
...20

whois shows they are all Omniture (marketing/analytics) owned by Adobe.

Does this ring a bell with anyone?

Back to top

#4 ThunderZ

Deactivated
4,454 posts
OFFLINE

Gender:Male
Local time:03:53 AM

Posted 24 January 2011 - 08:25 AM

If you have any Adobe software on your machine then it really comes as no surprise.

Back to top

#5 corrosiv

Topic Starter

Members
4 posts
OFFLINE

Local time:04:53 AM

Posted 24 January 2011 - 08:44 AM

If you have any Adobe software on your machine then it really comes as no surprise.

I'm not surprised that a software package might phone home. What I'm curious about is that there is nothing related to Adobe in my startup lists - I want to know which specific program is doing this and how it is started.

Back to top

#6 ThunderZ

Deactivated
4,454 posts
OFFLINE

Gender:Male
Local time:03:53 AM

Posted 24 January 2011 - 08:55 AM

Flash is Adobe.

Also I`ll guess you have Adobe PDF. If you check msconfig I believe you will find at least on instance related to it.

You may also want to check Add\remove for something along the lines of Adobe updater or downloader. Forget the exact name.

Other then Flash. I have not used Adobe products in years for reasons like this and more.

Back to top

#7 corrosiv

Topic Starter

Members
4 posts
OFFLINE

Local time:04:53 AM

Posted 24 January 2011 - 09:00 AM

Flash is Adobe.

Also I`ll guess you have Adobe PDF. If you check msconfig I believe you will find at least on instance related to it.

You may also want to check Add\remove for something along the lines of Adobe updater or downloader. Forget the exact name.

Other then Flash. I have not used Adobe products in years for reasons like this and more.

I found the culprit finally. One of this whois-like pages I found on Google mentioned Skype. MS Sysinternals autoruns showed Skype in the Task Scheduler, which I disabled.