 Task manager tries to connect to the internet |
| pandy |
 Dec 24 2023, 07:40 PM
Post
#1
|
|
🌟Computer says no🌟  Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6  |
Why?
I've used TinyWall for several years, but haven't really looked at all the features. I found it can show all connections it has blocked the last 5 minutes. Taskmgr.exe has been blocked more than a hundred times - in 5 minutes. Why does it try to get out at all? Obviously it doesn't hurt anything that it's blocked, not that I've noticed anyway. Note, TinyWall isn't a firewall in the usual sense. It sits on top Windows firewall and works by simply blocking all connections except those you OK. So when you first install it there's some fiddling. I think it's great, even if you have to remember to OK all new programs, but that's quickly done. I suppose it can be used as the only FW, but I keep the Windows one running. If anyone wants to try it, please note it doesn't work together with other firewall software, just the Windows one. This is only the top of the list. You can see it's just 2 or 3 seconds between tries.  I don't know what the System process is about either. I didn't have to OK any system processes when I installed TinyWall, so it must have a built in whitelist. |
  |
 
|
  |
Replies
| Christian J |
Jan 13 2024, 01:22 PM
Post
#2
|
|
. Group: WDG Moderators Posts: 9,673 Joined: 10-August 06 Member No.: 7 |
QUOTE(pandy @ Jan 13 2024, 05:51 PM)  I'm scared of automatic cleanup. Why? I could understand distrust in third-party cleanup software though. QUOTE There's also a folder called AppData in there with the subdirectories Local, LocalLow and Roaming. Do you have those? I have those as well. QUOTE(pandy @ Jan 13 2024, 06:16 PM) Oh yes. I had 5 files. Fetched mail and now I have 931 files. 🥶 Try your other email program as well, to see if both add files. If that's the case I would suspect a Windows bug (while if it's only one email program maybe the bug is in there, though that doesn't explain all the images and PDF files). I guess it could also be some buggy maintenance program doing this, such as third-party antivirus, indexing etc. |
|
|
|
| pandy |
Jan 13 2024, 02:16 PM
Post
#3
|
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6 |
QUOTE(Christian J @ Jan 13 2024, 07:22 PM) QUOTE(pandy @ Jan 13 2024, 05:51 PM) I'm scared of automatic cleanup. Why? I could understand distrust in third-party cleanup software though. Microsoft and I don't always agree and what should be done. The only cleanup program I've trusted was a freeware. But it want paid and became bulky. QUOTE QUOTE There's also a folder called AppData in there with the subdirectories Local, LocalLow and Roaming. Do you have those? I have those as well.Thank you. Then I can leave that at least. QUOTE Try your other email program as well, to see if both add files. If that's the case I would suspect a Windows bug (while if it's only one email program maybe the bug is in there, though that doesn't explain all the images and PDF files). I don't want to mess up my mail. OK, I could set it to leave the mail on the server, I guess. But it's so old now, Eudora, I'm afraid it'll mess up anyway. The one I used after that crashed beyond repair. I only have the mail. I'll update my current program, been meaning to anyway. If that doesn't help I'll contact the author. It's that kind of program. QUOTE I guess it could also be some buggy maintenance program doing this, such as third-party antivirus, indexing etc. I didn't use any third party AV until the previous hickup. And those run on demand, not in the background, and I have set them to only scan, not take any action. Maybe it is the email program anyway. The oldest file was from the beginning of 2023. Could be about then I updated it. I'll install the new version tomorrow. Today I deserve a night off.  |
|
|
|
| pandy |
Jan 14 2024, 07:50 AM
Post
#4
|
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6 |
The plot thickens. I didn't get many more files in the folder yesterday. Perhaps a hundred in total.
When I started email today I once again got a lot. So it seems to be mainly the first time email is active after a reboot. Only I don't turn the computer off, I just hibernate.  When I glanced through the files I saw at least three that aren't related to email. Notetab's two help files. But they at least exists on disk. The third was the most peculiar. An eBook (epub) with the author name misspelled. The file does exist but not under that name. The name can very well have been misspelled at some point, but I have corrected it and probably long ago. It could be I copied the file to another directory, renamed it, and deleted the original file. Notetab has moved around a bit too. Could these three be deleted files that the gremlin found? I certainly haven't sent or received any of them by email. But none of these three files is corrupt which they ought to be if they were deleted long ago. I've bought a license for the new version of the email program and am about to install it. Either this helps or not I'll contact the author. Maybe someone else have had the same problem. |
|
|
|
| Christian J |
Jan 14 2024, 07:56 AM
Post
#5
|
|
. Group: WDG Moderators Posts: 9,673 Joined: 10-August 06 Member No.: 7 |
QUOTE(pandy @ Jan 14 2024, 01:50 PM) When I started email today I once again got a lot. So it seems to be mainly the first time email is active after a reboot. Only I don't turn the computer off, I just hibernate. Maybe it happens when Windows updates force a reboot? |
|
|
|
| pandy |
Jan 14 2024, 08:51 AM
Post
#6
|
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6 |
But it hasn't done that in a long time.
It didn't help to update the email program. 1232 files. And it looks like the ones I last deleted is recreated. At least those three odd ones I mentioned. I don't think they were there yesterday though. I would have noticed. Especially the help files stand out. .chm files, the icon with the bright yellow question mark. And I sorted by file type when I looked through them. Now I see the email programs ini file is also copied. And I have a new ISO file. MNF43.ISO, 54 kB. That file doesn't exist elsewhere on my computer. Only here and in the backup of odd files I made yesterday.  |
|
|
|
| pandy |
Jan 14 2024, 08:57 AM
Post
#7
|
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,734 Joined: 9-August 06 Member No.: 6 |
Forgot to say. I had hopes at first after installing the new version of the email program. No new files. I both fetched and sent email to provoke it. Then I made a hard reboot. And then they came.
So it seems the bulk comes after windows has loaded AND the email program is active. But some minor activity can also happen after that. Could some kind of malware do this? With the purpose to slowly crash the computer? Or a spy program that's after email related stuff and needs to temporary store files somewhere but isn't so good at it and grabs some other files too? I'm thinking of that taskmanager.exe that TinyWall stopped from getting out. Some related program could still be active maybe. I have scanned with three different AV and they only find files I know is OK and have been around a long time. |
|
|
|
Posts in this topic
pandy Task manager tries to connect to the internet Dec 24 2023, 07:40 PM
Christian J Maybe its telemetry, but the IP 91.92.240.95 (91.9... Dec 25 2023, 06:15 AM
pandy I don't know. But it's the same now and I ... Dec 25 2023, 08:20 AM pandy I have 16 copies of taskmgr.exe. One of them is in... Dec 25 2023, 08:33 AM pandy OK. The one in the program directory is different ... Dec 25 2023, 08:59 AM pandy Fynny thing. When I googled LkIropI.exe there was ... Dec 25 2023, 09:04 AM Christian J
I have 16 copies of taskmgr.exe. One of them is i... Dec 27 2023, 09:28 AM pandy
Which program's directory? Is that program tr... Dec 27 2023, 10:45 AM pandy That went well. :wacko:
Dec 27 2023, 10:50 AM pandy On the Details tab in Task Manger I see 6 Taskmgr.... Dec 27 2023, 11:04 AM pandy Gaah! Now it couldn't be deleted because i... Dec 27 2023, 11:13 AM pandy Nope. Didn't come back. But the mystery contin... Dec 27 2023, 11:40 AM Christian J
That went well. :wacko:
You can't see wh... Dec 27 2023, 12:18 PM pandy Nope. I don't know how to do that. I know ther... Dec 27 2023, 01:53 PM pandy I saved a zipped up copy of the one in Roaming, bu... Dec 27 2023, 07:11 PM pandy Tried ClamWin that didn't find anything.
Then... Dec 27 2023, 10:21 PM pandy I downloadef a free version of one of the software... Dec 27 2023, 11:06 PM pandy It was pretty fast. I set it to scan everything - ... Dec 28 2023, 10:38 AM pandy That was quickly done. The only possible one is al... Dec 28 2023, 11:25 AM Christian J
https://www.f-secure.com/v-descs/trojan-js-cryxos... Dec 28 2023, 01:03 PM pandy
[quote name='pandy' post='146867' date='Dec 28 20... Dec 28 2023, 10:35 PM pandy Here we go again. Is this really a legit warning f... Jan 10 2024, 08:08 AM pandy Gaah! Now image uploads don't work again... Jan 10 2024, 08:11 AM Christian J
[quote name='Christian J' post='146853' date='Dec... Dec 27 2023, 12:17 PM Christian J
Yeah, Limenet is odd. I don't know exactly wh... Dec 27 2023, 09:27 AM Christian J Never heard that Firefox displays virus warnings (... Jan 10 2024, 08:25 AM pandy
Never heard that Firefox displays virus warnings ... Jan 10 2024, 09:01 AM pandy Got the menu!
Jan 10 2024, 09:07 AM Christian J
Never heard that Firefox displays virus warnings... Jan 10 2024, 09:14 AM pandy But how does it work? If it's just a URL the b... Jan 10 2024, 11:05 AM Christian J
But how does it work? If it's just a URL the ... Jan 10 2024, 01:09 PM pandy But I did, just before this started. I googled som... Jan 10 2024, 07:39 PM pandy My computer oddities continues. I'm short of s... Jan 12 2024, 05:57 PM pandy OK. I discovered that if I move the files out of t... Jan 12 2024, 06:16 PM pandy This is nuts. I've been deleting like crazy. I... Jan 12 2024, 08:49 PM Christian J
So I searched C for .pdf. And found a shitload in... Jan 13 2024, 07:39 AM Christian J BTW, have you checked if Disk Cleanup or similar r... Jan 13 2024, 10:08 AM pandy I'm scared of automatic cleanup. I deleted the... Jan 13 2024, 11:51 AM pandy Oh yes. I had 5 files. Fetched mail and now I have... Jan 13 2024, 12:16 PM pandy Found a tip about ProcessExplorer in a thread abou... Jan 14 2024, 09:11 AM pandy Nah. It just lists active processes and tells you ... Jan 14 2024, 09:20 AM pandy I caught it. :shades:
I used another Sysinternal... Jan 14 2024, 10:39 AM pandy I emptied the folder and now 4 new files are creat... Jan 14 2024, 10:47 AM Christian J
The right field that's partly hidden in the f... Jan 14 2024, 12:35 PM pandy The sync part seems related to the problem anyway. Jan 14 2024, 01:22 PM Christian J Maybe some process is gathering suitable files for... Jan 14 2024, 03:00 PM pandy Yes, that's what I was touching on before. A t... Jan 14 2024, 03:59 PM pandy My conclusion was wrong. Yesterday it didn't h... Jan 16 2024, 10:30 AM Christian J Same time of day? Perhaps it tries to do it a cert... Jan 16 2024, 05:28 PM pandy No, I don't think it was the same time. When s... Jan 16 2024, 07:56 PM Christian J Glasswire keeps longer logs. Jan 17 2024, 01:50 PM pandy OK. Can several firewalls run at the same time or ... Jan 17 2024, 05:29 PM Christian J
OK. Can several firewalls run at the same time or... Jan 17 2024, 06:44 PM pandy
So I can tun off some features? I'll try it ... Jan 17 2024, 10:14 PM Christian J
So I can tun off some features? I'll try it... Jan 18 2024, 07:29 AM pandy
Didn't know that.
No. It was among recent... Jan 18 2024, 05:58 PM Christian J
Didn't know that.
It's likely not perm... Jan 18 2024, 07:33 PM pandy None? Don't you use your phone for anything?
... Jan 19 2024, 01:44 AM Christian J
None? Don't you use your phone for anything?
... Jan 19 2024, 08:13 AM pandy Where do you find that list? I'm only aware of... Jan 19 2024, 09:53 PM pandy Today systemprofile filled up again.
I made a mis... Jan 20 2024, 05:52 AM Christian J
It's a freaking DHL logo.
Maybe it comes fr... Jan 20 2024, 08:20 AM pandy
Maybe it comes from an email? Either an email tha... Jan 21 2024, 01:02 AM Christian J
Where do you find that list? I'm only aware o... Jan 20 2024, 08:18 AM pandy
Where do you find that list? I'm only aware ... Jan 21 2024, 12:59 AM |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 25th May 2024 - 06:00 PM |
Invision Power Board
© 2024 IPS, Inc.
Licensed to: HTMLHelp.com, LLC