Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible strange network activity in Process Hacker?


  • Please log in to reply
6 replies to this topic

#1 ultimatedorkboy

ultimatedorkboy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 19 January 2014 - 06:47 PM

OS: Windows 7 Home Premium x64

 

I use Process Hacker as a task manager replacement and I sometimes glance at the “Network” tab.  Last week when I was looking at the “Network” tab, I saw a weird website under the “Local Address” column that I’ve never seen before: traffic.acwebconnecting [dot]com

 

Process Hacker "Network" tab:

http://s156.photobucket.com/user/ultimatedorkboy/media/ProcessHackerpic_zpse448f95d.png.html

 

Honestly, I cannot recall if that “traffic.acwebconnecting [dot]” com was always there or not.  I only noticed it in Process Hacker last week.

 

I don't know if acwebconnecting was normal or not so I did some research on acwebconnecting and I found out that they are supposedly a legitimate company.  But there are two things that concern about this acwebconnecting website.

  1. The website “traffic.acwebconnecting [dot] com” is listed as an entry in the MVPS hosts file.
  2. I looked up acwebconnecting on URLVoid and found out that there are several dodgy websites that share acwebconnecting’s IP Address

acwebconnecting URLVoid info:

http://www.urlvoid.com/ip/91.208.175.119/

 

I became worried about this so I ran numerous virus scans.  The scanners I ran were Norton, Malwarebytes, Emsisoft, HitmanPro, Comodo Cleaning Essentials, and TDSKiller. 

 

Scan Results:

Norton: Found three false positives (Nirsoft apps)

Malwarebytes: One false positive.  (another nirsoft tool)

Emsisoft: Found two objects but Emsisoft deemed them as “no risk”

HitmanPro: Four false positives

Comodo Cleaning Essentials: Detected that my hosts file was changed but that’s because I use the MVPS hosts file.

TDS Killer: Nothing found.

 

Ironically, I have not been experiencing any freezes, crashes, or any other problems that are potentially caused by viruses.  My internet speed has also been fine as well.

 

A few more important points:

  1. I don’t think acwebconnecting is phoning home.  I’ve never seen any of the acwebconnecting processes connect to the web.  Then again, I am a novice when it comes to understanding networking.
  2. Last week, I installed Winpcap as a requirement for another program, FLV Recorder (could Winpcap be causing the problem?).  I uninstalled both programs but acwebconnecting still remained in Process Hacker.
  3. I ran some of the virus scanners in Safe Mode but they still didn’t find anything.  (Ran Norton, Malwarebytes, and HitmanPro).

Is this acwebconnecting [dot]com a normal thing or do I have a potential problem?

 

Any help or advice will be appreciated!  

 

Thanks.


Edited by ultimatedorkboy, 19 January 2014 - 07:17 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 19 January 2014 - 09:43 PM

AC Webconnecting - who we are
acwebconnecting.com snoop summary
Cookie Audit: traffic.acwebconnecting.com

Process Hacker is primarily a tool for investigating processes. You can investigate further with TCPViewFrom my quick research, it doesn't appear to be anything nefarious.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ultimatedorkboy

ultimatedorkboy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 January 2014 - 07:04 PM

Sorry for the very late reply.  I've been busy all week.

 

Well I used TCPView and I didn't see anything funny.  At least, I don't think there was anything funny listed.

 

I also tired using Currports and Resource Monitor's network tab but both of them were a little too overwhelming for me.

 

At this point, I am beginning to think that I am overreacting to this issue.  This "acwebconnecting" could just be some harmless thing. 

 

Though, I'm still curious on why it is listed as a Local Address on my computer? (At least according to Process Hacker).



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 26 January 2014 - 08:08 PM

Yes its odd if its only showing in Process Hacker.

When you right-click on one of the entries and choose "Go to Process Enter" what process is it pointing to?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ultimatedorkboy

ultimatedorkboy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 January 2014 - 10:30 PM

As an example, I right-clicked nis.exe (PID: 2496), selected "Go To Process" and it pointed towards one of the two nis.exe processes that's running.

I could also see the "traffic.acwebconnecting" when using Process Explorer as well.  Though in this case, I had to right-click on the process (the same nis.exe process), select "Properies," and go to the TCP/IP tab.  I uploaded a picture of this just in case.

http://s156.photobucket.com/user/ultimatedorkboy/media/Capture_zps790ce3a8.png.html?sort=3&o=0



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 AM

Posted 27 January 2014 - 09:20 AM

And nis.exe is Norton Internet Security.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ultimatedorkboy

ultimatedorkboy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 27 January 2014 - 09:09 PM

Yes, nis.exe is Norton Internet Security.  Though, that was just one of the processes.  There are other processes that have the "traffic.acwebconnecting" thing as well (refer to the picture in my first post). 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users