Windows 8 and 8.1 Forums


possible Hijack/virus..

  1. #11


    Well i tried to look through them quickly, they all seem to be in system32 folder.. (svchosts.exe)

    I also haven't allowed them to connect though.. maybe I should let it connect and see if I notice anything..

    Click image for larger version

      My System SpecsSystem Spec

  2. #12


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    Quote Originally Posted by brooksndun View Post
    Well i tried to look through them quickly, they all seem to be in system32 folder.. (svchosts.exe)

    I also haven't allowed them to connect though.. maybe I should let it connect and see if I notice anything..

    Click image for larger version
    You may get a better idea using task manager too. If concerned with Virus, run more scans as i mentioned in post #3. Those 2 services are legit, EdgeCast and Akamai. How they were installed probably from some software you have, do not think Firefox, just because use Firefox see it happening then possibly.
      My System SpecsSystem Spec

  3. #13


    I definitely only see it when I open firefox and browse..
      My System SpecsSystem Spec

  4. #14


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    Quote Originally Posted by brooksndun View Post
    I definitely only see it when I open firefox and browse..
    Again as listed in post # 3 go through Firefox's Addon list and extension list, see what is there and activated. We are guessing if it's legit or browser hijack, usually with these get redirected to other webpages and changes your default home page. Try running firefox with a add ons disabled for awhile on Help menu bar in Firefox. Not a malware expert, but not sure, do more scans with MRT and Malwarebytes, whatever Anti-Virus you have.
      My System SpecsSystem Spec

  5. #15


    Trnava
    Posts : 683
    Win 8.1.1 Pro x64


    Quote Originally Posted by brooksndun View Post
    As you can see from my pictures, I have Svchost.exe already allowed by default windows firewall rules..

    so why is svchost.exe trying to connect more? I know this is a red flag.. especially the ports its trying to connect to..
    No, you have allowed svchost only TCP Out via port 443 and UDP via specific ports.
    You need to add TCP Out via 80 and UDP In/Out all, or at least range 49152-65535.
      My System SpecsSystem Spec

  6. #16


    Quote Originally Posted by TairikuOkami View Post
    Quote Originally Posted by brooksndun View Post
    As you can see from my pictures, I have Svchost.exe already allowed by default windows firewall rules..

    so why is svchost.exe trying to connect more? I know this is a red flag.. especially the ports its trying to connect to..
    No, you have allowed svchost only TCP Out via port 443 and UDP via specific ports.
    You need to add TCP Out via 80 and UDP In/Out all, or at least range 49152-65535
    .
    --- Ok yes, Unless I messed something up, why doesn't the windows firewall naturally allow those ports for svchost.exe?? thats all i've been trying to ask..

    I will reset my firewall again and see if it has a rule for svchost.exe on those ports you mentioned from the default, which is what I"m trying to say..

    why wouldn't windows have those ports open from the default windows firewall rules..

    for everything else, I will create rules for programs I want going in and out etc.. but Svchost.exe is windows process and they should have already opened what they needed from default firewall rules..

    am i crazy? that is logical right?
      My System SpecsSystem Spec

  7. #17


    Trnava
    Posts : 683
    Win 8.1.1 Pro x64


    By default Windows Firewall does not even block outbound connections.
    You are using Windows Firewall Control addon, which added that option.
      My System SpecsSystem Spec

  8. #18


    Ok they are all here.. as you can see windows default firewall rules does have all the proper Svchost.exe ports it should...

    So once I re-enable all these, maybe that notification asking to connect will go away from my firewall..


    Click image for larger version
      My System SpecsSystem Spec

  9. #19


    N.Y.
    Posts : 2,214
    Windows 10 Pro 64bit


    Quick question, do you know why have those two software's on PC, Akamai, EdgeCast, as weren't these ones in question or no ?
      My System SpecsSystem Spec

  10. #20


    I have also checked the IP address: 93.184.215.200 and it is considered as a safe IP address according to: Trend Micro Site Safety Center

    The issue that you are encountering might be caused by a mis-configuration in your Windows Firewall or a new software application that you recently installed.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
possible Hijack/virus..
Related Threads
I've been cleaning up a badly infected Windows 8 computer. So far I've done scans with MBAM Pro and Hitman Pro. Both found a mix of pups and more serious malware (including one rootkit), and were able to remove all detected items. I've run Ccleaner and also manually emptied the temp folders. ...
IE App Hijack in Browsers & Mail
www.flv-org/lp/flv/update/index.html?ref=swmms&site_id=277077 has hijacked the app with this "Message from webpage" Warning!!! Your FlashPlayer Version is outdated, have Security Risks. Please Update Now! The problem is that none of the commands on this page will work other than OK (I assume)...
Read more at: Chrome to warn of possible settings hijack | ZDNet
Solved Trouble with browser hijack in General Support
I have a problem with a program QVo6 that has hijacked my browser along with Globososo. Anybody know how to get rid of, I have tried a few things and removed all registry items with name. plus run a couple of malware programs. iknownuffin70
Read more at source: Microsoft issues fix for IE flaw that could allow PC hijack | Security & Privacy - CNET News
Eight Forums Android App Eight Forums IOS App Follow us on Facebook