Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost (netsvcs) extensive download from Akamai - why?


  • Please log in to reply
3 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 21 November 2014 - 01:45 PM

Platform: Windows 7 Home Premium 64 bit, ASUS K52F laptop
 
I have observed extensive downloads (from the NetMeter gadget on my desktop) averaging 600kbps for up to 10 minutes from Akamai. This has happened several times. I would appreciate if someone would explain what is happening. Here is the process I followed to track this download:
(1) Log in as Administrator.
(2) Used Windows ResourceMonitor to see the process PID that was downloading from the Internet. ResourceMonitor displayed "svchost (netsvcs)" as the process involved in the download.
(3) Used ProcessMonitor to display the process tree for the svchost process in question. See the attached "Appinfo Svchost process tree.jpg" for details.
(3) Used CPorts.exe to trace the process PID to a specific URL from which the process is downloading, then traced the IP in Who.Is to see that the site is Akamai. See the attached "Download process & remote address.jpg" for details.
(4) In ProcessMonitor if I kill the specific process, the download immediately stops. This is confirmation that I am looking at the culprit PID.
 
Note that I have scanned my laptop with the following & nothing was found:  AdwCleaner, Avira, Malwarebytes, Stinger, SuperAntiSpyware, Windows Defender, TDSSKiller, Gmer, Junk Removal Tool, Rkill, RogueKiller.  I also used SFC to check integrity of Windows libraries - all ok.
 
I understand that Akamai is a CDN. However the download does seem to be extensive (although I do not have specific numbers as to exactly how much is downloaded). 
Questions:
(1) Is there any way for me to determine exactly what is being downloaded and why this is occurring?
(2) Is there any way to match the downloads to specific software on my laptop?
(3) Any other comments?
 
Thank you.


BC AdBot (Login to Remove)

 


m

#2 technonymous

technonymous

  • Members
  • 2,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 21 November 2014 - 04:58 PM

If you look at your second attached thumbnail picture showing ports etc. It states 'activesync' So, it's syncing with your computer system with their servers of the files you share/backup or whatever it is. Also, their services may also be used to update their software with security patches etc. If you wanted to see what's going on in more depth you would need to use a program called Wireshark so you can analyze/capture the network traffic. IMO I wouldn't be to worried about it. It's doing what it needs to do to function correctly.



#3 GoshenBleeping

GoshenBleeping
  • Topic Starter

  • Members
  • 249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 22 November 2014 - 08:51 AM

The funny thing is that I have Windows update service set to manual. And I do not store anything in the cloud. So I cannot think of any software on my laptop that would be syncing. 

Is using Wireshark that best method for tracking down which software on my laptop is calling Akamai?

Thank you.



#4 technonymous

technonymous

  • Members
  • 2,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 23 November 2014 - 04:39 AM

Probably apple products. Do you have a device that you connect to your pc like a ipad? You can check for more info in services by going to start and typing services.msc {press enter key}  However, it might be easier to do searches and queries in CLI.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users