Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 x64 CryptSvc under Svchost uploading data

29 Apr 2015   #21
SomeUserName

Windows 7 Ultimate 64Bit (SP1)
 
 

OK so it has been a while now on this and since setting it to Not allow remote connection I have been unable to see any more erratic activity as before. So what now? Re-enable it and if it has erratic activity like that again does that mean someone is trying to access my machine? Someone trying to access my my machine would be an INCOMING connection and show as yellow on the network meter would it not?


My System SpecsSystem Spec
.
29 Apr 2015   #22
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If it was my computer I would not activate it. You found the problem and then fixed the problem. I would leave it fixed. I would NOT allow AVG to have remote access to my computers.
My System SpecsSystem Spec
29 Apr 2015   #23
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Disable RDP?

Quote   Quote: Originally Posted by Layback Bear View Post
If it was my computer I would not activate it. You found the problem and then fixed the problem. I would leave it fixed. I would NOT allow AVG to have remove access to my computers.

Agreed. Leave it disabled and only enable it on a when needed basis.
My System SpecsSystem Spec
.

29 Apr 2015   #24
SomeUserName

Windows 7 Ultimate 64Bit (SP1)
 
 

So its AVG that does all that weird uploading?
My System SpecsSystem Spec
29 Apr 2015   #25
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Don't know that it's AVG. Looking at your AVG settings you've got them set correctly. That IP Address resolves to somewhere in Vietnam.

Windows 7 x64 CryptSvc under Svchost uploading data-ipnetinfo.jpg

Also read the article here: Remote Desktop (RDP) Hacking 101: I can see your desktop from here!

What firewall do you use?


My System SpecsSystem Spec
29 Apr 2015   #26
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Good find Chris. Hanoi is scary.
It's hard for me to believe that AVG is using Hanoi.
Their must be some other bad thing in this system.
The thing I would do if found something in my computer from Hanoi.

I would suggest with a clean computer changing ALL passwords for everything. I would also suggest to notify all banks and credit card companies that your computer has been compromised.

At that point I wouldn't take any chances. I would do a Clean Install.
My System SpecsSystem Spec
09 May 2015   #27
SomeUserName

Windows 7 Ultimate 64Bit (SP1)
 
 

Edit: Deleted/canceled post
My System SpecsSystem Spec
10 May 2015   #28
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay so I know you deleted your post but what would be really interesting is to get the process name from the process PID you gave. The ip address from your deleted post resolves to an OVH server and OVH have faced criticism for allowing malware and hackers to use their servers. Personally I run Peerblock and all OVH server ip address ranges are blocked. There's no good reason for your machine to be connecting to any OVH server.
My System SpecsSystem Spec
10 May 2015   #29
SomeUserName

Windows 7 Ultimate 64Bit (SP1)
 
 

Did you get my entire post in a reply email? It had the netstat -ano results in it. I thought I had RDP disabled but I must have renabled it to see if it would happen again after a long time of no activity. I guess I forgot to disable it again. Once I had RDP disabled again I deleted that post.

If you got my full reply in an email is the IP you are talking about now the one I said was in Quebec Canada? If so The process associated with 4488 PID was svchost and the crptsvc process was under that host.

Definitely RDP related.
My System SpecsSystem Spec
10 May 2015   #30
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Seems like you've nailed it. If disabling RDP does the trick then I wouldn't worry about it. As far as disabling cryptsvc sevice is concerned - it's not a good idea if you need to keep windows updates working.

Also I got the email notification and details you posted were contained in the email.
My System SpecsSystem Spec
Reply

 Windows 7 x64 CryptSvc under Svchost uploading data




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Mystery uploading of data
Hi all, I've noticed that my PC is uploading data to somewhere when it shouldn't be, yesterday it was about 110MB, but other days it has been over 100MB an hour. Could someone please guide me on how to find out what is going on with the PC and where the data is going? Thanks Stu
System Security
uploading photos to web with Windows 7
I have a toshiba satellite laptop running windows 7 after enjoying XP for several years... My problem centers around photos. I cannot right click on a photo(on the web or in an email) and find 'save as' and send it to my picture folder I also cannot upload pictures to the web... id pictures on...
Browsers & Mail
Error - CryptSvc prevents system standby - Urgent!
Hello everyone, When I run the command: powercfg -requests I notice there is a SERVICE named CryptSvc preventing my laptop from going to standby. I have looked up on how to disable it using OVERRIDE command to no avail. If anyone have experience on this, please advise. Thank you very...
General Discussion
svchost.exe file in the /windows directory not system32
Anyone else able to help on this? My issue is pretty much the same.... I have a svchost.exe file in the /windows directory (not system32, where it SHOULD be). All the usual virus/malware cleaning programs can't get rid of it (I've run Hitman Pro, Malware Bytes, and TDSS Killer). Malware Bytes...
System Security
Uploading XP files to Windows 7
I downloaded some files from XP to a thumb drive & now can't get them uploaded from the thumbdrive to Windows 7 files. Appreciate instructions how to do it. Thanks Dorothy
Software
Windows 7 uploading issues
Hey guys, I hope you can offer me some advice. I have had Windows 7 for about a month and I ran into a problem a couple of days ago. I ended up getting the "Bankerfox" virus and just finally got it removed. However ever since this issue I can't upload anything to any website, including...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App