Scrooge 0 Posted January 26, 2019 Report Share Posted January 26, 2019 I'm on Windows 10 64-bit, version 1809 (OS Build 17763.292) the latest update January 22, 2019 I've had Emsisoft installed for some time and I haven't had any issues so far with infection. CPU usage is normal, when I do do anyting it's 1 to 4 %, when I start up a browser it goes to 8-11 %. Nothing out of the ordinary. I've started monitoring my network traffic recently and I noticed that Windows Host processes represented by svchost and their assocciated Windows processes conneting to these IP addresses. I didn't monitor my network before. Maybe these connections always were there. I don't know. Is this normal behavior for Windows 10 nowadays? I thought Windows host processes like Cryptographic service or Diagnostic Policy service must connect only to Microsoft IP addressess but why Google MSI Verizon and Cloudflare? I don't get it. They don't run very often, just occaionally pop up for a few second once a day, and quicly stop. Maybe I became a bot or something? I think Emsisoft would pick it up already External IP PID 216.58.209.35:80 Google LLC USA 4276 CryptSvc 93.184.220.29:80 MSI Communications UK 4276 CryptSvc 104.16.95.121:80 Cloudflare Inc USA 4276 CryptSvs 172.217.17.67:80 Google LLC US 4276 CryptSvc 93.184.221.240:80 MSI Communications UK 4276 CryptSvc 216.58.209.131:80 Google LLC US 4140 DPS Link to post Share on other sites
Kevin Zoll 309 Posted January 27, 2019 Report Share Posted January 27, 2019 Scrooge, All those look to be legit. Link to post Share on other sites
Scrooge 0 Posted January 27, 2019 Author Report Share Posted January 27, 2019 Thanks a lot Kevin, I thought if these were russian or chinese IPs, I would start worrying and rush right off the bat like crazy to block port 445 and 139 and maybe 137, 138 as well :)) but these our our guys form NSA and other three-letter "companies" so they probably 'forgot' that it says there in my file " PKIA somwhere in the Pasific":) Thanks again Kevin, and God bless America just in case..:)) p.s. So Microsoft has been using their servers for quite some time I see. It's like dedicated web hosting or something, right outsourcing and whatnot. who knows... Link to post Share on other sites
Kevin Zoll 309 Posted January 29, 2019 Report Share Posted January 29, 2019 Virtually all software today has some kind of call home feature. Meaning automatic update checks and services. I would get concerned when software is phoning home to an unknown entity. Link to post Share on other sites
Kevin Zoll 309 Posted January 31, 2019 Report Share Posted January 31, 2019 Thread Closed PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread Link to post Share on other sites
Recommended Posts