Task manager tries to connect to the internet |
Task manager tries to connect to the internet |
pandy |
Dec 24 2023, 07:40 PM
Post
#1
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,735 Joined: 9-August 06 Member No.: 6 |
Why?
I've used TinyWall for several years, but haven't really looked at all the features. I found it can show all connections it has blocked the last 5 minutes. Taskmgr.exe has been blocked more than a hundred times - in 5 minutes. Why does it try to get out at all? Obviously it doesn't hurt anything that it's blocked, not that I've noticed anyway. Note, TinyWall isn't a firewall in the usual sense. It sits on top Windows firewall and works by simply blocking all connections except those you OK. So when you first install it there's some fiddling. I think it's great, even if you have to remember to OK all new programs, but that's quickly done. I suppose it can be used as the only FW, but I keep the Windows one running. If anyone wants to try it, please note it doesn't work together with other firewall software, just the Windows one. This is only the top of the list. You can see it's just 2 or 3 seconds between tries. I don't know what the System process is about either. I didn't have to OK any system processes when I installed TinyWall, so it must have a built in whitelist. |
Christian J |
Jan 10 2024, 08:25 AM
Post
#2
|
. Group: WDG Moderators Posts: 9,679 Joined: 10-August 06 Member No.: 7 |
Never heard that Firefox displays virus warnings (and "via re-captcha-version-3-53.top"?). And even if it did, why would FF include a logo from Norton or other AV companies?
I can only assume that the false popup is meant to make you click on something, but why? To make you give the malware more permissions in FF? Or is the popup part of some kind of social engineering, eventually resulting in scam phone calls etc? That would explain the Swedish language. Oh, and I notice the Windows Defender icon in taskbar in the screenshot has a warning "X". |
pandy |
Jan 10 2024, 09:01 AM
Post
#3
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,735 Joined: 9-August 06 Member No.: 6 |
Never heard that Firefox displays virus warnings (and "via re-captcha-version-3-53.top"?). And even if it did, why would FF include a logo from Norton or other AV companies? It's added under Privacy & Security | Permissions | Notifications As you can see there is an older version too a bit down. They are both already blocked, and to block them is the only advice I find. I don't know if the option to remove the site would get rid of it or make it worse... QUOTE I can only assume that the false popup is meant to make you click on something, but why? To make you give the malware more permissions in FF? Or is the popup part of some kind of social engineering, eventually resulting in scam phone calls etc? That would explain the Swedish language. I have clicked. First time it was reflex. Then I couldn't resist. Nothing happens more than that the window closes. QUOTE Oh, and I notice the Windows Defender icon in taskbar in the screenshot has a warning "X". That's old. I haven't had time to go through that yet. None of them is called something that makes me think it's this. Oh, the notification window has a menu (three dots). When I click it I get several options, like disable notification from re-captcha...). I was going to make a screen cap but happened to click and the whole thing closed. Now I can't see it before it appears again. But that made it look somewhat legit. |
Christian J |
Jan 10 2024, 09:14 AM
Post
#4
|
. Group: WDG Moderators Posts: 9,679 Joined: 10-August 06 Member No.: 7 |
Never heard that Firefox displays virus warnings (and "via re-captcha-version-3-53.top"?). And even if it did, why would FF include a logo from Norton or other AV companies? It's added under Privacy & Security | Permissions | Notifications As you can see there is an older version too a bit down. Oh, it's a domain name. How did you manage to allow both of them? I assume you've read this (or similar): https://malwaretips.com/blogs/re-captha-version-3-35-top/ QUOTE I have clicked. First time it was reflex. Then I couldn't resist. Nothing happens more than that the window closes. According to the above link it's just notification spam, so disabling notifications from that URL should suffice. QUOTE QUOTE Oh, and I notice the Windows Defender icon in taskbar in the screenshot has a warning "X". That's old. I haven't had time to go through that yet. None of them is called something that makes me think it's this. I was thinking maybe Defender doesn't work. Perhaps that could make Windows vulnerable, or some malware has even managed to disable Defender. |
pandy |
Jan 10 2024, 11:05 AM
Post
#5
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,735 Joined: 9-August 06 Member No.: 6 |
But how does it work? If it's just a URL the browser must be an active part in it. How silly.
Anyway, the window must be from FF. I disabled notifications and that stopped the pest. So I figure the notification really was legit. Hadn't that URL been blocked, maybe it spawns ads on certain web sites or something? Maybe it has. How could I know? What I don't get is when I clicked "Remove it now" the window just closed. According to your find I can just delete the URLs. I'll do that. |
Christian J |
Jan 10 2024, 01:09 PM
Post
#6
|
. Group: WDG Moderators Posts: 9,679 Joined: 10-August 06 Member No.: 7 |
But how does it work? If it's just a URL the browser must be an active part in it. How silly. I guess that's how notifications work. If you allow notifications from a spam site, you'll get spam notifications... The fishy part is how they made you allow those notifications in the first place, without actually visiting the spam site. Maybe it can be done with framed pages. |
pandy |
Jan 10 2024, 07:39 PM
Post
#7
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,735 Joined: 9-August 06 Member No.: 6 |
But I did, just before this started. I googled something, clicked one one of the hits and came to a mock site with popups all over the place. I of course didn't click anything, but that's where I must have got it. So there must be another way to get infected then to OK one of those notification requests.
|
pandy |
Jan 12 2024, 05:57 PM
Post
#8
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,735 Joined: 9-August 06 Member No.: 6 |
My computer oddities continues. I'm short of space on C, I discovered. So I downloaded a program that searches a disk and lists files after size. It also has some other information, for example what file types takes up most space. Apart from some scattered stuff on the desktop I only have programs on C, but it says only 3.7% of the space is taken up by .exe files and 19,3% of PDF files! Ok, programs may come with PDFs, but they hardly take up more space than the programs themselves.
So I searched C for .pdf. And found a shitload in C:\Windows\System32\config\systemprofile . What files are supposed to be in that directory? I'll google, but maybe you know right off? It's crazy. There are oodles of PDF files with a few different file names but numbered from nothing to very high. The files with the same base name are all the same size. None can be opened. Well, what happens is the PDF program opens but no file is loaded. They are duplicated in the hundreds. I have for example #044838.pdf to #044838_642.pdf. But that one isn't the worst. There are several thousands of some of them. Some file names I recognize, among them what probably is a protocol form a condo board meeting, also duplicated in absurdum. There are also image that follow the same pattern. The images open in IrfanView when I click the files. But when I try to close the window again IV freezes. There are also text files, mails (.eml), .vcf and good knows what duplicated the same way. I don't see anything resembling system files, but I'm not sure. The content is hard to handle because the directory is so big - 99.8 GB of duplicated junk!!! It takes time for Explorer to sort them. Why has this happened? Is my computer taken over by gremlins? |
Christian J |
Jan 13 2024, 07:39 AM
Post
#9
|
. Group: WDG Moderators Posts: 9,679 Joined: 10-August 06 Member No.: 7 |
So I searched C for .pdf. And found a shitload in C:\Windows\System32\config\systemprofile . What files are supposed to be in that directory? I'll google, but maybe you know right off? I don't know, it seems to be used for all kinds of things. I seem to have lots of empty "tmp" directories, possibly caused by a Windows bug, but not a lot of disk usage: https://www.ghacks.net/2021/11/01/windows-1...em32-directory/ |
Lo-Fi Version | Time is now: 5th June 2024 - 07:48 AM |