Solved Strange process that I've never installed

Jcwisgod

New Member
Member
Messages
265
Location
USA
I was checking all the processes connected to my computer with TCPView, and I noticed a strange svchost.exe from Akami Networks, I know it's a legitimate company, but I've never downloaded anything to do with Akami. Could it be a botnet?, and I also noticed one from a company called verio inc. Attaching the whois info below.
 

Attachments

  • info.txt
    7.9 KB · Views: 212

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Love some aliens
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
You might have aliens in your computer.
What an intelligent and helpful response!


I was checking all the processes connected to my computer with TCPView, and I noticed a strange svchost.exe from Akami Networks, I know it's a legitimate company, but I've never downloaded anything to do with Akami. Could it be a botnet?, and I also noticed one from a company called verio inc. Attaching the whois info below.
Akamai Technologies makes for instance downloaders for companies like Microsoft and Adobe. You seem to have it connected with Tucows so I suspect you have downloaded something which uses Akamai download manager.

It's totally normal, no reason to panic. I posted this post at our sister site the Seven Forums where Akamai was also discussed:

They may provide a good service in that regard but they're no angel of the network when it comes to personal privacy. IE already has a download manager. Why would ADM be necessary?
I am not saying it is automatically a good thing, nor am I capable to answer why Microsoft, TechNet, MSDN, Adobe and numerous others have decided to use Akamai Downloader in delivering their stuff.

What I tried to say in between the lines is that sometimes this security hype gets too far. Please do not misunderstand me, security is nothing to play carelessly with, but for instance in this OP's case I believe there's nothing wrong, no reason to panic. Nobody has cracked his router's and Windows' firewalls to steal his credit card information.

Yet, the combined forces of Seven Forums "run to rescue", to solve a non-issue.

Some background: If you allow cookies and you stream videos from a site which uses Flowplayer, you'll find some Akamai stuff in your AppData. The same if you watch Fox News on your Windows PC.

DOM Store is nothing but an advanced method to store cookie information. The fact that OP finds the URL of his / her credit card company most probably is because that site uses Akamai technology to store advanced cookie information in DOM Store.

Safety is one thing. Paranoia something else. If you allow cookies, if you subsribe MSDN or TechNet, if you buy and download something from Adobe, and so on, you need to accept the fact your AppData contains some information about you.
(Quoted thread: Transmission to strange website during startup - Windows 7 Help Forums)

Kari
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    Laptop
    System Manufacturer/Model
    HP ENVY 17-1150eg
    CPU
    1.6 GHz Intel Core i7-720QM Processor
    Memory
    6 GB
    Graphics Card(s)
    ATI Mobility Radeon HD 5850 Graphics
    Sound Card
    Beats sound system with integrated subwoofer
    Monitor(s) Displays
    17" laptop display, 22" LED and 32" Full HD TV through HDMI
    Screen Resolution
    1600*900 (1), 1920*1080 (2&3)
    Hard Drives
    Internal: 2 x 500 GB SATA Hard Disk Drive 7200 rpm
    External: 2TB for backups, 3TB USB3 network drive for media
    Cooling
    As Envy runs a bit warm, I have it on a Cooler Master pad
    Keyboard
    Logitech diNovo Media Desktop Laser (bluetooth)
    Mouse
    Logitech MX1000 Laser (Bluetooth)
    Internet Speed
    50 MB VDSL
    Browser
    Maxthon 3.5.2., IE11
    Antivirus
    Windows Defender 4.3.9431.0
    Other Info
    Windows in English, additional user accounts in Finnish, German and Swedish.
Alright not gonna worry much about it then, is there any way to tell what could've been downloaded that uses Akami?
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
If a site uses Akamai Download Manager like Adobe or Microsoft's MSDN and TechNet, then it's used for all downloads from that site. But Akamai also makes stuff to handle cookies more securely, so it does not need to be a downloader but can also be simply because Tucows uses their cookie storage technology.

Whatever it is, Tucows is a respected site and I see no problems with it. However, if you are worried you should clear your browser's cookies and change its settings so that third party cookies are not allowed.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    Laptop
    System Manufacturer/Model
    HP ENVY 17-1150eg
    CPU
    1.6 GHz Intel Core i7-720QM Processor
    Memory
    6 GB
    Graphics Card(s)
    ATI Mobility Radeon HD 5850 Graphics
    Sound Card
    Beats sound system with integrated subwoofer
    Monitor(s) Displays
    17" laptop display, 22" LED and 32" Full HD TV through HDMI
    Screen Resolution
    1600*900 (1), 1920*1080 (2&3)
    Hard Drives
    Internal: 2 x 500 GB SATA Hard Disk Drive 7200 rpm
    External: 2TB for backups, 3TB USB3 network drive for media
    Cooling
    As Envy runs a bit warm, I have it on a Cooler Master pad
    Keyboard
    Logitech diNovo Media Desktop Laser (bluetooth)
    Mouse
    Logitech MX1000 Laser (Bluetooth)
    Internet Speed
    50 MB VDSL
    Browser
    Maxthon 3.5.2., IE11
    Antivirus
    Windows Defender 4.3.9431.0
    Other Info
    Windows in English, additional user accounts in Finnish, German and Swedish.
I already got 3rd party cookies blocked, I'm not gonna worry much about it, I'm about 99% sure my laptop isn't infected
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Somewhat unrelated but Kari, thanks for reminding me about "Tucows". Used to download a lot of stuff from them in the years past but somehow it slipped under my radar.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
Alright not gonna worry much about it then, is there any way to tell what could've been downloaded that uses Akami?

It's not abnormal to see svchost connect to Akamai IP addresses, as they're a content delivery company who Microsoft use. You'll probably see other system processes connecting to Akamai IP addresses as well.

The problem with Akamai IP addresses is that it's not easy to do a reverse IP lookup to see exactly what host the IP address was for, as it will usually just show something along the lines of [IP].deploy.static.akamaitechnologies.com, which could be anything. With Akamai IP's I've found they're not usually stored in the DNS cache either, so "ipconfig /displaydns" won't help. So essentially it could be svchost.exe connecting to windowsupdate.com or update.microsoft.com to check for updates, or it could be connecting to crl.startssl.com or crl.verisign.com to check for Certificate Revocation Lists. Because quite a few big companies use Akamai it's a guessing game, unless you captured the traffic at the time.

The only real way to see what connections are for is to use packet capture software such as Wireshark or Microsoft Network Monitor to see what host it's connecting to and what URI's it's requesting.

I've never seen svchost connect to Verio though (although maybe it's a geographical thing).
 

My Computer

System One

  • OS
    Win 8 64-bit
Somewhat unrelated but Kari, thanks for reminding me about "Tucows". Used to download a lot of stuff from them in the years past but somehow it slipped under my radar.
I used to download stuff from Tucows, too, it was one of the biggest sources for freeware and shareware in mid 90's. Totally trivial information: did you know that Tucows is an acronym which stands for The Ultimate Collection Of Windows Software.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    Laptop
    System Manufacturer/Model
    HP ENVY 17-1150eg
    CPU
    1.6 GHz Intel Core i7-720QM Processor
    Memory
    6 GB
    Graphics Card(s)
    ATI Mobility Radeon HD 5850 Graphics
    Sound Card
    Beats sound system with integrated subwoofer
    Monitor(s) Displays
    17" laptop display, 22" LED and 32" Full HD TV through HDMI
    Screen Resolution
    1600*900 (1), 1920*1080 (2&3)
    Hard Drives
    Internal: 2 x 500 GB SATA Hard Disk Drive 7200 rpm
    External: 2TB for backups, 3TB USB3 network drive for media
    Cooling
    As Envy runs a bit warm, I have it on a Cooler Master pad
    Keyboard
    Logitech diNovo Media Desktop Laser (bluetooth)
    Mouse
    Logitech MX1000 Laser (Bluetooth)
    Internet Speed
    50 MB VDSL
    Browser
    Maxthon 3.5.2., IE11
    Antivirus
    Windows Defender 4.3.9431.0
    Other Info
    Windows in English, additional user accounts in Finnish, German and Swedish.
Somewhat unrelated but Kari, thanks for reminding me about "Tucows". Used to download a lot of stuff from them in the years past but somehow it slipped under my radar.
I used to download stuff from Tucows, too, it was one of the biggest sources for freeware and shareware in mid 90's. Totally trivial information: did you know that Tucows is an acronym which stands for The Ultimate Collection Of Windows Software.
No, didn't know it was an acronym, I thought it was misspelled 2COWS, like in moooo cow.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
The original two cows logo was picked because of that, because the acronym almost spelled two cows :).
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    Laptop
    System Manufacturer/Model
    HP ENVY 17-1150eg
    CPU
    1.6 GHz Intel Core i7-720QM Processor
    Memory
    6 GB
    Graphics Card(s)
    ATI Mobility Radeon HD 5850 Graphics
    Sound Card
    Beats sound system with integrated subwoofer
    Monitor(s) Displays
    17" laptop display, 22" LED and 32" Full HD TV through HDMI
    Screen Resolution
    1600*900 (1), 1920*1080 (2&3)
    Hard Drives
    Internal: 2 x 500 GB SATA Hard Disk Drive 7200 rpm
    External: 2TB for backups, 3TB USB3 network drive for media
    Cooling
    As Envy runs a bit warm, I have it on a Cooler Master pad
    Keyboard
    Logitech diNovo Media Desktop Laser (bluetooth)
    Mouse
    Logitech MX1000 Laser (Bluetooth)
    Internet Speed
    50 MB VDSL
    Browser
    Maxthon 3.5.2., IE11
    Antivirus
    Windows Defender 4.3.9431.0
    Other Info
    Windows in English, additional user accounts in Finnish, German and Swedish.
The original two cows logo was picked because of that, because the acronym almost spelled two cows :).
Yeeh, I saw cow, cow said moooo and I left it at that.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
Alright not gonna worry much about it then, is there any way to tell what could've been downloaded that uses Akami?

It's not abnormal to see svchost connect to Akamai IP addresses, as they're a content delivery company who Microsoft use. You'll probably see other system processes connecting to Akamai IP addresses as well.

The problem with Akamai IP addresses is that it's not easy to do a reverse IP lookup to see exactly what host the IP address was for, as it will usually just show something along the lines of [IP].deploy.static.akamaitechnologies.com, which could be anything. With Akamai IP's I've found they're not usually stored in the DNS cache either, so "ipconfig /displaydns" won't help. So essentially it could be svchost.exe connecting to windowsupdate.com or update.microsoft.com to check for updates, or it could be connecting to crl.startssl.com or crl.verisign.com to check for Certificate Revocation Lists. Because quite a few big companies use Akamai it's a guessing game, unless you captured the traffic at the time.

The only real way to see what connections are for is to use packet capture software such as Wireshark or Microsoft Network Monitor to see what host it's connecting to and what URI's it's requesting.

I've never seen svchost connect to Verio though (although maybe it's a geographical thing).

Idk much about it, I just noticed it while using TCPView to check if I was part of a botnet because my Router Log reported DDoS attacks from my own IP, I did notice one thing but I'm not 100% sure why it's there.

rumk.png
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Idk much about it, I just noticed it while using TCPView to check if I was part of a botnet because my Router Log reported DDoS attacks from my own IP, I did notice one thing but I'm not 100% sure why it's there.

View attachment 38562

That's different to what I was talking about as that looks like you've actually installed Akamai NetSession Download Manager software. It may well be legitimate, however I wouldn't be too happy having that running on my computer, as according to Wikipedia it uses your computer as a peer-to-peer network to distribute their files.

It's pretty shocking if as Kari says Microsoft, Adobe, etc. get users to install this 'Download Manager' to download content and essentially turn their users computers into p2p file servers.

Personally I would un-install it, however I've just noticed that you posted about it previously, but was unable to get rid of it. I don't know what to suggest as I've never had it installed, so I'd just be doing the same as you and Googling un-install instructions.
 

My Computer

System One

  • OS
    Win 8 64-bit
It's pretty shocking if as Kari says Microsoft, Adobe, etc. get users to install this 'Download Manager' to download content and essentially turn their users computers into p2p file servers.
This is one of those non-issues that circulate among Windows users every now and then. There's nothing to be worried about, Microsoft, Adboe & Co. are not making your PC into a P2P file server.

No reason to panic, no problems, nothing to be worried about. Of course if you want to be absolutely sure and not let anything on your PC, disconnect it from the network and never reconnect.

For Microsoft (MSDN, TechNet), here's the Akamai FAQ: Akamai Download Manager Help for MSDN Subscriptions
And here for Adobe: Akamai Download Manager FAQ

Kari
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    Laptop
    System Manufacturer/Model
    HP ENVY 17-1150eg
    CPU
    1.6 GHz Intel Core i7-720QM Processor
    Memory
    6 GB
    Graphics Card(s)
    ATI Mobility Radeon HD 5850 Graphics
    Sound Card
    Beats sound system with integrated subwoofer
    Monitor(s) Displays
    17" laptop display, 22" LED and 32" Full HD TV through HDMI
    Screen Resolution
    1600*900 (1), 1920*1080 (2&3)
    Hard Drives
    Internal: 2 x 500 GB SATA Hard Disk Drive 7200 rpm
    External: 2TB for backups, 3TB USB3 network drive for media
    Cooling
    As Envy runs a bit warm, I have it on a Cooler Master pad
    Keyboard
    Logitech diNovo Media Desktop Laser (bluetooth)
    Mouse
    Logitech MX1000 Laser (Bluetooth)
    Internet Speed
    50 MB VDSL
    Browser
    Maxthon 3.5.2., IE11
    Antivirus
    Windows Defender 4.3.9431.0
    Other Info
    Windows in English, additional user accounts in Finnish, German and Swedish.
Idk much about it, I just noticed it while using TCPView to check if I was part of a botnet because my Router Log reported DDoS attacks from my own IP, I did notice one thing but I'm not 100% sure why it's there.

View attachment 38562

That's different to what I was talking about as that looks like you've actually installed Akamai NetSession Download Manager software. It may well be legitimate, however I wouldn't be too happy having that running on my computer, as according to Wikipedia it uses your computer as a peer-to-peer network to distribute their files.

It's pretty shocking if as Kari says Microsoft, Adobe, etc. get users to install this 'Download Manager' to download content and essentially turn their users computers into p2p file servers.

Personally I would un-install it, however I've just noticed that you posted about it previously, but was unable to get rid of it. I don't know what to suggest as I've never had it installed, so I'd just be doing the same as you and Googling un-install instructions.

Somehow I did, can't figure out how to remove it, really a pain in the butt, I click on it and it says application not found.
q0qg.png
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Looks like the registry entry for it is borked. You could do a registry search for Akamai NetSession Interface Control Process and delete entries. Backup (export) registry first.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Pro 64-bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer V3 771G-6443
    CPU
    i5-3230m
    Motherboard
    Acer VA70_HC (U3E1)
    Memory
    8GB DDR3 PC3-12800 (800 MHz)
    Graphics Card(s)
    HD4000 + GeForce GT 730M
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    17" Generic PnP Display on Intel HD Graphics 4000
    Screen Resolution
    1600x900 pixels
    Hard Drives
    Samsung SSD 850 EVO 250 GB
    ADATA SSD SP900 128GB
    PSU
    90 watt brick
    Mouse
    Bluetooth
    Antivirus
    Comodo
    Other Info
    Asus RT-AC56R dual-band WRT router (Merlin firmware). Intel 7260.HMWWB.R dual-band ac wireless adapter.
Looks like the registry entry for it is borked. You could do a registry search for Akamai NetSession Interface Control Process and delete entries. Backup (export) registry first.

How do I back it up first? By just going to file then export, then it's backed up?
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
In regedit top menu: File > Export.

Then to search and delete Edit > Find. Keep hitting F3 to find all instances of the search string. Be very careful not to delete anything other than Keys that have "Akamai NetSession Interface Control Process" in them.

If something bad should happen, reboot safe mode and import your registry backup.

 

My Computer

System One

  • OS
    Windows 8.1 Pro 64-bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer V3 771G-6443
    CPU
    i5-3230m
    Motherboard
    Acer VA70_HC (U3E1)
    Memory
    8GB DDR3 PC3-12800 (800 MHz)
    Graphics Card(s)
    HD4000 + GeForce GT 730M
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    17" Generic PnP Display on Intel HD Graphics 4000
    Screen Resolution
    1600x900 pixels
    Hard Drives
    Samsung SSD 850 EVO 250 GB
    ADATA SSD SP900 128GB
    PSU
    90 watt brick
    Mouse
    Bluetooth
    Antivirus
    Comodo
    Other Info
    Asus RT-AC56R dual-band WRT router (Merlin firmware). Intel 7260.HMWWB.R dual-band ac wireless adapter.
Appreciate it, and so I should delete the highlighted ones below or all?

xdfo.png
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Back
Top