Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adwcleaner using Ping.exe?


  • Please log in to reply
10 replies to this topic

#1 HairyApricot

HairyApricot

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 17 February 2017 - 12:26 PM

I ran Adwcleaner today, just to see, It found nothing, so great. However, I noticed a program I have never seen before was run as well, either when I ran it or as a result of uninstalling it. It was PING.exe. Now I can't remember this file having ran before. It exists in 4 locations. System32, SysWOW64 and 2 ins winsxs. Seems to be a legit process, just curious as to what reason it had to run.

 

Thanks :)


Edited by hamluis, 17 February 2017 - 12:51 PM.
Moved from Web Browsing/Email to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,611 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 17 February 2017 - 05:06 PM

Ping.exe = TCP/IP Ping Command...it is a legitimate Windows file that resides in the System32 and SysWOW64 folders.

The winsxs (Windows component store) folder contains all Windows system components...it is used to store backups and for support functions needed for customization, updates, system recovery and during servicing operations within Windows installations...see The Windows component store and WinSxS folder

I'm not aware of any relation with AdwCleaner.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 cocochepeau

cocochepeau

  • Security Colleague
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 PM

Posted 18 February 2017 - 02:44 AM

Hello,

 

AdwCleaner is talking to external servers for several reasons, like knowing if you got the latest database, the latest product version, ..

 

Just to be sure, I'll ask you a couple of questions :

  • What's the target domain name (ping)?
  • Did you download AdwCleaner from one of its official link? (here in BC or at Malwarebytes)

Regards,


ToolsLib <Software hosting platform for developers> | https://cocochepeau.net


#4 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 18 February 2017 - 12:34 PM

I downloaded AdwCleaner from MalwareBytes. I don't know what it was. I never actually seen any traffic for it. PING.exe was launched and then terminated. Never seen it running before which is why I decided to post here. I reset winsock with adwcleaner if that makes any difference at all. Does resetting winsock require that to be run?



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,611 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 18 February 2017 - 05:41 PM

I do not know the detailed inner workings of the program or if the developers want to provide that kind of info in public. Sometimes safeguarding the integrity of the tool from malware writers is more important than providing specific answers.

You can ask at the Malwarebytes AdwCleaner Forum or wait for cocochepeau to reply back here.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 February 2017 - 10:00 AM

I shall wait. Never seen it run before, so I was just curious as to the reason :)



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,611 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 19 February 2017 - 01:23 PM

Ok.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 fr33tux

fr33tux

  • Security Colleague
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 21 February 2017 - 01:14 PM

Hello,

 

The utility ping.exe is not used by AdwCleaner, it should have been launched by another software. Do you observe the same behaviour if you relaunch AdwCleaner?

 

Thanks,


https://fr33tux.org | https://toolslib.net
Information is power. But like all power, there are those who want to keep it for themselves. - Aaron Swartz

 


#9 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 24 February 2017 - 07:06 AM

I can't remember. I uninstalled it after I used it. The only reason I am assuming is that it has never been launched before, I did click the reset winsock setting. It it required to run when that is reset?



#10 fr33tux

fr33tux

  • Security Colleague
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 01 March 2017 - 12:42 PM

Hello,

 

Sorry for the delay to answer.

 

It's not, but it may be triggered by Windows after the reset.

 

Regards,


https://fr33tux.org | https://toolslib.net
Information is power. But like all power, there are those who want to keep it for themselves. - Aaron Swartz

 


#11 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 01 March 2017 - 01:49 PM

No bother, thank you for replying. Well then I suppose it must have been. Checked the prefetch folder and it hasn't been used since then. haven't seen it before then either. Must be related.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users