Possible strange network activity in Process Hacker?

I use Process Hacker as a task manager replacement and I sometimes glance at the “Network” tab. Last week when I was looking at the “Network” tab, I saw a weird website under the “Local Address” column that I’ve never seen before: traffic.acwebconnecting [dot]com



Honestly, I cannot recall if that “traffic.acwebconnecting [dot]” com was always there or not. I only noticed it in Process Hacker last week.

Anyway, I did some research on acwebconnecting and I found out that they are supposedly a legitimate company. But there are two things that concern about this acwebconnecting website.

1. The website “traffic.acwebconnecting [dot] com” is listed as an entry in the MVPS hosts file.
2. I looked up acwebconnecting on URLVoid and found out that there are several dodgy websites that share acwebconnecting’s IP Address.

Find websites hosted in IP address 91.208.175.119 - Browsing page 1

I became worried about this so I ran numerous virus scans but they didn’t detect anything suspicious. The scanners I ran were Norton, Malwarebytes, Emsisoft, HitmanPro, Comodo Cleaning Essentials, and TDSKiller.

Ironically, I have not been experiencing any freezes, crashes, or any other problems that are potentially caused by viruses. My internet speed has also been fine as well.

A few more important points:
1. I don’t think acwebconnecting is phoning home. I’ve never seen any of the acwebconnecting processes connect to the web. Then again, I am a novice when it comes to understanding networking.
2. I recently installed Winpcap as a requirement for another program (could Winpcap be causing the problem?). I uninstalled Winpcap but that didn't help.
3. I ran some of the virus scanners in Safe Mode but they still didn’t find anything.

Is this acwebconnecting [dot]com a normal thing or do I have a potential problem?

Any help or advice will be appreciated!

Thanks.

Try this:

RogueKiller Download

Please select all options to and scan and delete everything it finds. Also, please upload the logs. They are usually found on the desktop.

Also, run this

AdwCleaner Download

Scan and press the Clean button. It will restart your computer immediately. Also post the AdwCleaner logs. They are usually found in C:\AdwCleaner.

Finally, run this

Junkware Removal Tool Download

It will open a CMD window telling you to press any key to continue. Save all work before continuing. Also, post the log. The JRT logs are usually found on the desktop.

Try these and post back the results.

It might just be some recently installed software or a browser toolbar that either transmits usage statistics or displays adverts. Check any recently installed items and maybe disable them one by one to see if the problem vanishes.

I see that every instance is running under svchost.exe and that would indicate that a service has been installed by third party software.

Suggest that you don't run Rogue Killer and let it delete everything as it's far too aggressive. Better to scan only then post the results for an expert to look at.

EDIT:

You might want to take a look at the Forum Rules in particular item no.14

Sorry for the very late reply. I've been busy all week.

Anyway, I decided to give RogueKiller and AdwCleaner a try and it found some stuff. Though, for the things that were found by both programs, I don't think they're malicious. Then again, I'm not an malware expert.

I'll upload the RogueKiller logs and AdwCleaner if requested.

At this point, I'm beginning to think that I'm overreacting to this issue. This "acwebconnecting" could just be some harmless thing.

Though, I'm still curious on why it is listed as a Local Address on my computer? (At least according to Process Hacker).

Your question has been answered by a Malware expert on another forum.


Is your Anti-virus program Norton?

It's up to you to either continue here or go back to Bleeping. Let us know.