Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Should I get suspicious?

11 Mar 2009   #1
limneos

Windows 7 RC 7100 32bit/64bit
 
 
Should I get suspicious?

I'm getting this every once in a while in Resource Monitor - Network . It happens a little while after I open an IE window.

Open the image and you'll understand what I mean. Is this normal???




Attached Thumbnails
Should I get suspicious?-untitled.png  
My System SpecsSystem Spec
.
11 Mar 2009   #2
limneos

Windows 7 RC 7100 32bit/64bit
 
 

I re-routed the domain mail.you-know-who.com in hosts file to 127.0.0.1 and now this is where it points


Attached Thumbnails
Should I get suspicious?-untitled2.png  
My System SpecsSystem Spec
12 Mar 2009   #3
win7

Windows 7 Enterprise SP1 x64 Windows 8 Enterprise RTM x64
 
 

Interesting, yet another reason not to use IE... i wonder what its sending...??
My System SpecsSystem Spec
.

12 Mar 2009   #4
YupYup

Win 7
 
 

BTW Port 12080 is used in the IE connection settings for Avast Webshield .
My System SpecsSystem Spec
12 Mar 2009   #5
Lordbob75

Windows 7 Ultimate x64, Mint 9
 
 

<.<
>.>
This explains a lot actually......

~Lordbob
My System SpecsSystem Spec
12 Mar 2009   #6
limneos

Windows 7 RC 7100 32bit/64bit
 
 

Quote   Quote: Originally Posted by YupYup View Post
BTW Port 12080 is used in the IE connection settings for Avast Webshield .
yes, indeed that's in the second screenshot. But what about the first? Used port 443...and not only. I checked the mail.m$.com sniff and it uses random target ports everytime
My System SpecsSystem Spec
12 Mar 2009   #7
YupYup

Win 7
 
 

Quote   Quote: Originally Posted by limneos View Post
yes, indeed that's in the second screenshot. But what about the first? Used port 443...and not only. I checked the mail.m$.com sniff and it uses random target ports everytime
port 443 is SSl so that would lead us too https://mail.microsoft.com

and the other ports are common to LDAP so it's likely it is being used to send performance data to microsoft.
My System SpecsSystem Spec
12 Mar 2009   #8
limneos

Windows 7 RC 7100 32bit/64bit
 
 

With whose permission?
I can only think of the "Help windows to get better" option under Action Center
My System SpecsSystem Spec
12 Mar 2009   #9
YupYup

Win 7
 
 

Quote   Quote: Originally Posted by limneos View Post
With whose permission?
I can only think of the "Help windows to get better" option under Action Center
It was only a guess as to what it is being used for, but after more consideration i would have to say signing in to live would be a more rational explanation.
My System SpecsSystem Spec
12 Mar 2009   #10
garysgold

Vista Ult 64 bit Seven Ult RTM x64
 
 

I thought it was common knowledge that the beta is sending info to MS. Part of the EULA

Quote:
4. INTERNET-BASED SERVICES. Microsoft provides Internet-based services with the software. It may change or cancel them at any time.
a. Consent for Internet-Based Services. Because this software is a pre-release version, we have turned on some internet-based features by default to obtain feedback about them.
It does say you can turn it all off further down.


Gary
My System SpecsSystem Spec
Reply

 Should I get suspicious?




Thread Tools




Similar help and support threads
Thread Forum
Suspicious E-Mail
I got a very suspicious e-mail. It's in my spam, fortunately but I was wondering if anyone knows anything about this phishing attempt?
Chillout Room
Suspicious IE pop-up message
When I tried to open a link from a Google search I got this pop-up message (see attachment). It seems the original link was broken and instead of showing a 404 message the link was hijacked and redirected to I tried to close it by clicking the Windows button but that opened another...
System Security
Two suspicious processes
I tried googling them with no results. A log of my whole startup is included as an attachment. The two suspicious processes are: Yes HKLM:Run x0ux9jD C:\Users\Gummi\AppData\Local\Temp\UmVQd.exe and Yes HKCU:Run ykfXkcM C:\Users\Gummi\AppData\Local\Temp\UmVQd.exe
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:09.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App