Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Possible strange network activity in Process Hacker?

19 Jan 2014   #1

Windows 7 Home Premium x64
 
 
Possible strange network activity in Process Hacker?

I use Process Hacker as a task manager replacement and I sometimes glance at the “Network” tab. Last week when I was looking at the “Network” tab, I saw a weird website under the “Local Address” column that I’ve never seen before: traffic.acwebconnecting [dot]com

Possible strange network activity in Process Hacker?-process-hacker-pic.png

Honestly, I cannot recall if that “traffic.acwebconnecting [dot]” com was always there or not. I only noticed it in Process Hacker last week.

Anyway, I did some research on acwebconnecting and I found out that they are supposedly a legitimate company. But there are two things that concern about this acwebconnecting website.

1. The website “traffic.acwebconnecting [dot] com” is listed as an entry in the MVPS hosts file.
2. I looked up acwebconnecting on URLVoid and found out that there are several dodgy websites that share acwebconnecting’s IP Address.

Find websites hosted in IP address 91.208.175.119 - Browsing page 1

I became worried about this so I ran numerous virus scans but they didn’t detect anything suspicious. The scanners I ran were Norton, Malwarebytes, Emsisoft, HitmanPro, Comodo Cleaning Essentials, and TDSKiller.

Ironically, I have not been experiencing any freezes, crashes, or any other problems that are potentially caused by viruses. My internet speed has also been fine as well.

A few more important points:
1. I don’t think acwebconnecting is phoning home. I’ve never seen any of the acwebconnecting processes connect to the web. Then again, I am a novice when it comes to understanding networking.
2. I recently installed Winpcap as a requirement for another program (could Winpcap be causing the problem?). I uninstalled Winpcap but that didn't help.
3. I ran some of the virus scanners in Safe Mode but they still didn’t find anything.

Is this acwebconnecting [dot]com a normal thing or do I have a potential problem?

Any help or advice will be appreciated!

Thanks.




My System SpecsSystem Spec
.

20 Jan 2014   #2

Microsoft Windows 7 Home Basic 64-bit SP1
 
 

Try this:

RogueKiller Download

Please select all options to and scan and delete everything it finds. Also, please upload the logs. They are usually found on the desktop.

Also, run this

AdwCleaner Download

Scan and press the Clean button. It will restart your computer immediately. Also post the AdwCleaner logs. They are usually found in C:\AdwCleaner.

Finally, run this

Junkware Removal Tool Download

It will open a CMD window telling you to press any key to continue. Save all work before continuing. Also, post the log. The JRT logs are usually found on the desktop.

Try these and post back the results.
My System SpecsSystem Spec
20 Jan 2014   #3

Windows 7 Home Premium
 
 
What it might be

It might just be some recently installed software or a browser toolbar that either transmits usage statistics or displays adverts. Check any recently installed items and maybe disable them one by one to see if the problem vanishes.

I see that every instance is running under svchost.exe and that would indicate that a service has been installed by third party software.

Suggest that you don't run Rogue Killer and let it delete everything as it's far too aggressive. Better to scan only then post the results for an expert to look at.

EDIT:

You might want to take a look at the Forum Rules in particular item no.14
My System SpecsSystem Spec
.


26 Jan 2014   #4

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Callender View Post
It might just be some recently installed software or a browser toolbar that either transmits usage statistics or displays adverts. Check any recently installed items and maybe disable them one by one to see if the problem vanishes.

I see that every instance is running under svchost.exe and that would indicate that a service has been installed by third party software.

Suggest that you don't run Rogue Killer and let it delete everything as it's far too aggressive. Better to scan only then post the results for an expert to look at.
I did install some stuff within the last month but I'm positive that those programs did not contain any toolbars. I have also not been experiencing any problems with adware. But then again, there is also the possibility that the programs could be phoning home as well. I did try to uninstall a few suspect programs but the "traffic.acwebconnecting" still persisted.
My System SpecsSystem Spec
26 Jan 2014   #5

Windows 7 Home Premium x64
 
 
Update

Sorry for the very late reply. I've been busy all week.

Anyway, I decided to give RogueKiller and AdwCleaner a try and it found some stuff. Though, for the things that were found by both programs, I don't think they're malicious. Then again, I'm not an malware expert.

I'll upload the RogueKiller logs and AdwCleaner if requested.

At this point, I'm beginning to think that I'm overreacting to this issue. This "acwebconnecting" could just be some harmless thing.

Though, I'm still curious on why it is listed as a Local Address on my computer? (At least according to Process Hacker).
My System SpecsSystem Spec
27 Jan 2014   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Your question has been answered by a Malware expert on another forum.


Is your Anti-virus program Norton?
My System SpecsSystem Spec
27 Jan 2014   #7

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
Your question has been answered by a Malware expert on another forum.


Is your Anti-virus program Norton?
Yes, my Anti-virus is Norton.

I don't think Norton is causing this "traffic.acwebconnecting" thing to happen as there are other processes that have it too (as seen in the picture).

By the way, I am very sorry for posting this question at another forum. I promise that I won't do something like this again.

Though, I do appreciate the suggestions that I received thus far, so thank you all for your input.

PS: Since I asked this question at other forum, the mods can close this topic if they want to.
My System SpecsSystem Spec
27 Jan 2014   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It's up to you to either continue here or go back to Bleeping. Let us know.
My System SpecsSystem Spec
27 Jan 2014   #9

Windows 7 Home Premium x64
 
 

After thinking about it, I think I'll stick with Bleeping. This forum has been of some help but I think it's more convenient for me to stick with Bleeping.

I'm going to mark this thread as solved and close it.

Once again, thank you all for the suggestions.

Though of course, if I have any future problems, I'll be sure to come here first.
My System SpecsSystem Spec
17 Mar 2014   #10

 

Quote   Quote: Originally Posted by ultimatedorkboy View Post
I saw a weird website under the “Local Address” column that I’ve never seen before: traffic.acwebconnecting [dot]com
Hi Ultimatedorkboy,

Somewhat old thread but it doesn't look like you got an answer here or @ Bleeping... You'll see this occur when you have blocked an internet address using your Hosts file

For example Spybot Search and Destroy might add XYZ.com to the Hosts file redirecting Adware domains to 127.0.0.1 for completely blocking any connection to that address. However, sometime later when Process Hacker attempts to lookup the DNS hostname for 127.0.0.1, Windows will resolve the 127.0.0.1 hostname using the last entry in your hosts file (e.g. XYZ.com) instead of localhost.

Quote   Quote: Originally Posted by ultimatedorkboy View Post
Is this acwebconnecting [dot]com a normal thing or do I have a potential problem?
Depends if you intended to block the address or are having issues connecting to an address?

-dmex (Process Hacker developer)
My System SpecsSystem Spec
Reply

 Possible strange network activity in Process Hacker?




Thread Tools



Similar help and support threads for2: Possible strange network activity in Process Hacker?
Thread Forum
Strange symptoms of Win 7. Possible infection or hacker??? General Discussion
BOOT process - strange lag before F8 Performance & Maintenance
I have a strange process System Security
Strange Disk Activity General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:20 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33