Hidden process since last Windows update

[Read Only]

This is a thread addressed to security experts willing to help.

Ever since I installed the latest windows security updates, my firewall is detecting a hidden process acting as a medium when I try to go online with some applications. I call it hidden process because my firewall is unable to tell the app name and its location, which is quite unusual.

If I refuse internet access to that hidden process, then certain applications fail to go online.

This is quite worrying because it happens with an encrypted sandbox and encrypted openoffice documents. So since the latest windows update, both virtualbox and openoffice can no longer go online without that hidden process acting as a medium.

Could somebody give me indications about how I could identify that process? My system is Win 7 x64 SP1 up to date and nothing was detected by a full scan from a leading antivirus software.

 

[McSeven]

Maybe Microsoft's Process Explorer can help you.

Process Explorer

 

[Read Only]

I wish it was that easy, but I wouldn't need to post about it then.

The process is completely hidden to regular tools, it is probably located in the RAM and encrypted. I will need something a lot more advanced to identify it.

 

[Tookeri]

Does the firewall log not even show a Process ID?

 

[Read Only]

Log of the process

U/D#
U-44941

Date
25/11/14,19:13:07

Rule
APP: Blocked

Type
EXE

Address/Application
?

Compliment
UNKNOWN

 

[Tookeri]

And if you compare that to a log entry for another not "hidden" file, can you see the PID?

Don't know what firewall you have but Windows Firewall that I use shows a blocked connection like this:

 

[Read Only]

I have a very basic firewall, no it does not show process id unfortunately, but it does its firewall job with high reliability, and unlike other "advanced" firewalls such as comodo, it has never failed preventing an app going online.

 

[Tookeri]

Then IMHO it's not a good firewall. Detailed logs are as important as the functionality in my world, especially for firewalls.

I suggest you scan with other products, for example Malwarebytes | Free Anti-Malware Detection & Removal Software and the more aggressive https://security.symantec.com/nbrt/npe.aspx

   Warning

Norton Power Eraser is known for showing many false positives!

 

[Read Only]

I doubt anything an antivir is going to help, I have already tried that, first I'm going to uninstall the windows security updates one by one to identify the one that is inserting the hidden process, then I'll look for a security expert site.

Thank guys see you.

 

[1PW]

Hello Read Only:

I would be appropriately surprised if any of your computer's hidden Internet activities could elude monitoring by https://www.wireshark.org.

Good hunting.