Task manager tries to connect to the internet

... Making the Web accessible to all.

HTMLHelp.com | HTML Reference | CSS Reference | FAQs | Validator

Forums | Rules | Members | Search | Help

Task manager tries to connect to the internet

pandy	Dec 24 2023, 07:40 PM Post #1
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	Why? I've used TinyWall for several years, but haven't really looked at all the features. I found it can show all connections it has blocked the last 5 minutes. Taskmgr.exe has been blocked more than a hundred times - in 5 minutes. Why does it try to get out at all? Obviously it doesn't hurt anything that it's blocked, not that I've noticed anyway. Note, TinyWall isn't a firewall in the usual sense. It sits on top Windows firewall and works by simply blocking all connections except those you OK. So when you first install it there's some fiddling. I think it's great, even if you have to remember to OK all new programs, but that's quickly done. I suppose it can be used as the only FW, but I keep the Windows one running. If anyone wants to try it, please note it doesn't work together with other firewall software, just the Windows one. This is only the top of the list. You can see it's just 2 or 3 seconds between tries. I don't know what the System process is about either. I didn't have to OK any system processes when I installed TinyWall, so it must have a built in whitelist.

Replies

Christian J	Dec 25 2023, 06:15 AM Post #2
. Group: WDG Moderators Posts: 9,672 Joined: 10-August 06 Member No.: 7	Maybe its telemetry, but the IP 91.92.240.95 (91.92.240.0 - 91.92.240.255) seems to belong to the (hosting?) company Limenet, not Microsoft. Have you been running Task manager at these times? Is it possible to tell if it's running in the background (without using Task Managare itself)?

pandy	Dec 25 2023, 08:20 AM Post #3
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	I don't know. But it's the same now and I don't have Task manager running. Yeah, Limenet is odd. I don't know exactly what it is. But I found the IP is on some blacklists, seems connected to spam. Can't link with query string, you need to paste the IP in: 91.92.240.95 . https://whatismyipaddress.com/blacklist-check

pandy	Dec 25 2023, 08:33 AM Post #4
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	I have 16 copies of taskmgr.exe. One of them is in a program directory which is maybe suspicious. Of course nothing stops people from naming their programs anything, but would a sensible person choose that name? How many copies do you have? I expected to find just one! I scanned the one in the program directory with Defender that didn't find anything wrong with it.

Christian J	Dec 27 2023, 09:28 AM Post #5
. Group: WDG Moderators Posts: 9,672 Joined: 10-August 06 Member No.: 7	QUOTE(pandy @ Dec 25 2023, 02:33 PM) I have 16 copies of taskmgr.exe. One of them is in a program directory which is maybe suspicious. Which program's directory? Is that program trustworthy? QUOTE Of course nothing stops people from naming their programs anything, but would a sensible person choose that name? Malware may disguise itself as wellknown programs. QUOTE How many copies do you have? I expected to find just one! I only have one, in the Windows\System32 directory.

pandy	Dec 27 2023, 10:45 AM Post #6
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	QUOTE(Christian J @ Dec 27 2023, 03:28 PM) Which program's directory? Is that program trustworthy? Yes, very. QUOTE QUOTE Of course nothing stops people from naming their programs anything, but would a sensible person choose that name? Malware may disguise itself as wellknown programs. That's why I worry. At first I was just curious about what Task Manager was up to. But anyhow, TinyWall stops them from getting out. QUOTE QUOTE How many copies do you have? I expected to find just one! I only have one, in the Windows\System32 directory. Attached a list of mine (except the big one). The big one had also placed itself in AppData\Roaming, so there are 12 others. They have different sizes and all are pretty new. I find that strange. The one in System32 is the real thing and should be as old as the computer. Then again, MS might have updated it, of course. As you can see there are also a couple of taskmgr.exe-****.pf and I have 156 copies of taskmgr.exe.mui. At the bottom of the list there are 6 copies of taskmgr.exe.mun . Anyway, I've found that the only one that tries to get out is the one in AppData\Roaming. I'll do some deleting and see what happens. Sigh.

pandy	Dec 27 2023, 10:50 AM Post #7
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	That went well.

pandy	Dec 27 2023, 11:04 AM Post #8
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	On the Details tab in Task Manger I see 6 Taskmgr.exe processes. 1 is the real thing. All the others come form those two big files, the one in the program directory and the one in Roaming. So I guess it would be safe to kill those processes. I was unsure about if task manger showed itself, so to speak. Here goes nothing.

pandy	Dec 27 2023, 11:13 AM Post #9
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	Gaah! Now it couldn't be deleted because it was open in Windows Explorer. So command line. No go! "The process cannot access the file because it is being used by another process." OK! UnLockIt fixed it. Both gone. I'll reboot and see if they come back again.

pandy	Dec 27 2023, 11:40 AM Post #10
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6	Nope. Didn't come back. But the mystery continues. All the others are gone too from TinyWalls list of blocked programs. It only blocks two System processes now. Nothing else. Still have 14 copies though.

Posts in this topic

pandy Task manager tries to connect to the internet Dec 24 2023, 07:40 PM

Christian J Maybe its telemetry, but the IP 91.92.240.95 (91.9... Dec 25 2023, 06:15 AM

pandy I don't know. But it's the same now and I ... Dec 25 2023, 08:20 AM

pandy I have 16 copies of taskmgr.exe. One of them is in... Dec 25 2023, 08:33 AM

pandy OK. The one in the program directory is different ... Dec 25 2023, 08:59 AM

pandy Fynny thing. When I googled LkIropI.exe there was ... Dec 25 2023, 09:04 AM

Christian J I have 16 copies of taskmgr.exe. One of them is i... Dec 27 2023, 09:28 AM

pandy Which program's directory? Is that program tr... Dec 27 2023, 10:45 AM

pandy That went well. :wacko: Dec 27 2023, 10:50 AM

pandy On the Details tab in Task Manger I see 6 Taskmgr.... Dec 27 2023, 11:04 AM

pandy Gaah! Now it couldn't be deleted because i... Dec 27 2023, 11:13 AM

pandy Nope. Didn't come back. But the mystery contin... Dec 27 2023, 11:40 AM

Christian J That went well. :wacko: You can't see wh... Dec 27 2023, 12:18 PM

pandy Nope. I don't know how to do that. I know ther... Dec 27 2023, 01:53 PM

pandy I saved a zipped up copy of the one in Roaming, bu... Dec 27 2023, 07:11 PM

pandy Tried ClamWin that didn't find anything. Then... Dec 27 2023, 10:21 PM

pandy I downloadef a free version of one of the software... Dec 27 2023, 11:06 PM

pandy It was pretty fast. I set it to scan everything - ... Dec 28 2023, 10:38 AM

pandy That was quickly done. The only possible one is al... Dec 28 2023, 11:25 AM

Christian J https://www.f-secure.com/v-descs/trojan-js-cryxos... Dec 28 2023, 01:03 PM

pandy [quote name='pandy' post='146867' date='Dec 28 20... Dec 28 2023, 10:35 PM

pandy Here we go again. Is this really a legit warning f... Jan 10 2024, 08:08 AM

pandy Gaah! Now image uploads don't work again... Jan 10 2024, 08:11 AM

Christian J [quote name='Christian J' post='146853' date='Dec... Dec 27 2023, 12:17 PM

Christian J Yeah, Limenet is odd. I don't know exactly wh... Dec 27 2023, 09:27 AM

Christian J Never heard that Firefox displays virus warnings (... Jan 10 2024, 08:25 AM

pandy Never heard that Firefox displays virus warnings ... Jan 10 2024, 09:01 AM

pandy Got the menu! Jan 10 2024, 09:07 AM

Christian J Never heard that Firefox displays virus warnings... Jan 10 2024, 09:14 AM

pandy But how does it work? If it's just a URL the b... Jan 10 2024, 11:05 AM

Christian J But how does it work? If it's just a URL the ... Jan 10 2024, 01:09 PM

pandy But I did, just before this started. I googled som... Jan 10 2024, 07:39 PM

pandy My computer oddities continues. I'm short of s... Jan 12 2024, 05:57 PM

pandy OK. I discovered that if I move the files out of t... Jan 12 2024, 06:16 PM

pandy This is nuts. I've been deleting like crazy. I... Jan 12 2024, 08:49 PM

Christian J So I searched C for .pdf. And found a shitload in... Jan 13 2024, 07:39 AM

Christian J BTW, have you checked if Disk Cleanup or similar r... Jan 13 2024, 10:08 AM

pandy I'm scared of automatic cleanup. I deleted the... Jan 13 2024, 11:51 AM

pandy Oh yes. I had 5 files. Fetched mail and now I have... Jan 13 2024, 12:16 PM

Christian J I'm scared of automatic cleanup. Why? I coul... Jan 13 2024, 01:22 PM

pandy [quote name='pandy' post='146910' date='Jan 13 20... Jan 13 2024, 02:16 PM

pandy The plot thickens. I didn't get many more file... Jan 14 2024, 07:50 AM

Christian J When I started email today I once again got a lot... Jan 14 2024, 07:56 AM

pandy But it hasn't done that in a long time. It di... Jan 14 2024, 08:51 AM

pandy Forgot to say. I had hopes at first after installi... Jan 14 2024, 08:57 AM

pandy Found a tip about ProcessExplorer in a thread abou... Jan 14 2024, 09:11 AM

pandy Nah. It just lists active processes and tells you ... Jan 14 2024, 09:20 AM

pandy I caught it. :shades: I used another Sysinternal... Jan 14 2024, 10:39 AM

pandy I emptied the folder and now 4 new files are creat... Jan 14 2024, 10:47 AM

Christian J The right field that's partly hidden in the f... Jan 14 2024, 12:35 PM

pandy The sync part seems related to the problem anyway. Jan 14 2024, 01:22 PM

Christian J Maybe some process is gathering suitable files for... Jan 14 2024, 03:00 PM

pandy Yes, that's what I was touching on before. A t... Jan 14 2024, 03:59 PM

pandy My conclusion was wrong. Yesterday it didn't h... Jan 16 2024, 10:30 AM

Christian J Same time of day? Perhaps it tries to do it a cert... Jan 16 2024, 05:28 PM

pandy No, I don't think it was the same time. When s... Jan 16 2024, 07:56 PM

Christian J Glasswire keeps longer logs. Jan 17 2024, 01:50 PM

pandy OK. Can several firewalls run at the same time or ... Jan 17 2024, 05:29 PM

Christian J OK. Can several firewalls run at the same time or... Jan 17 2024, 06:44 PM

pandy So I can tun off some features? I'll try it ... Jan 17 2024, 10:14 PM

Christian J So I can tun off some features? I'll try it... Jan 18 2024, 07:29 AM

pandy Didn't know that. No. It was among recent... Jan 18 2024, 05:58 PM

Christian J Didn't know that. It's likely not perm... Jan 18 2024, 07:33 PM

pandy None? Don't you use your phone for anything? ... Jan 19 2024, 01:44 AM

Christian J None? Don't you use your phone for anything? ... Jan 19 2024, 08:13 AM

pandy Where do you find that list? I'm only aware of... Jan 19 2024, 09:53 PM

pandy Today systemprofile filled up again. I made a mis... Jan 20 2024, 05:52 AM

Christian J It's a freaking DHL logo. Maybe it comes fr... Jan 20 2024, 08:20 AM

pandy Maybe it comes from an email? Either an email tha... Jan 21 2024, 01:02 AM

Christian J Where do you find that list? I'm only aware o... Jan 20 2024, 08:18 AM

pandy Where do you find that list? I'm only aware ... Jan 21 2024, 12:59 AM

« Next Oldest · Off Topic · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

HTMLHelp.com | HTML Reference | CSS Reference | FAQs | Validator

Forums | Members | Search | Help