Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkown file accessing internet


  • Please log in to reply
8 replies to this topic

#1 skoop

skoop

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 08 June 2011 - 11:01 PM

Running XP service pack 3. Recently installed new free firewall program Private Firewall ver.7. It's firewall log shows the following application accessing the internet: c:\WINDOWS\Tasks\user_feed_synchronization-{dba3c256-bd04-4e96-9a30-6314e42efb3d}.job. The firewall allows the conection and I can see it under the process manager of the firewall. I cannot find this entry on my computer. The I.P. address it connects to is 64.4.11.160:1208. Checking I.P. shows Hot Mail. I do not have a Hot Mail account. Ran AVG free, SuperAntiSpyware, Malwarebytes. Computer checks out clean with these programs. Any info and where to find the file on the computer would be appreciated.

Edit: Moved topic from XP to the more appropriate forum, at the request of staff. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 PM

Posted 08 June 2011 - 11:44 PM

Did you try to remove it from Task Scheduler?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 skoop

skoop
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 June 2011 - 10:07 AM

Broni: Checked Task Schedular, nothing there. I don't have any task entries. Need other ideas.

#4 Allan

Allan

  • BC Advisor
  • 8,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:30 PM

Posted 09 June 2011 - 10:32 AM

C:\Windows\Tasks is the folder for what runs in your task scheduler. You can try deleting the item from that folder (or just move it to a temp folder for the time being).

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 PM

Posted 09 June 2011 - 10:33 AM

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 skoop

skoop
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 June 2011 - 01:47 PM

Update: On starting my computer a pop-up from the firewall stated that this task "c:\WINDOWS\Tasks\user_feed_synchronization-{dba3c256-bd04-4e96-9a30-6314e42efb3d}.job" had changed. It gave me the option to delete, allow, or block> I blocked it and then went looking. I finally found an entry in the registry containg the file in Question. It was in a folder marked Feeds. Only entry. I saved the registry entry and then deleted the folder and contents. So far So good and we will see what happens later on.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 PM

Posted 09 June 2011 - 01:55 PM

Very well.
Just to be on a safe side, I'd run MBAM anyway.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 skoop

skoop
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 June 2011 - 03:01 PM

thanks Broni: I have run Malwarebytes (purchased program) and Superantispyware (purchased program) prior to asking for help. This feeds folder was found in the registry under programs. I think it may be a leftover.. I keep checking and update in a week. Thanks for the replies.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 PM

Posted 09 June 2011 - 04:10 PM

Sure thing :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users