New
#1
Connections to 127.0.0.1 showing up in Process Monitor
All of my hosts file entries use 0.0.0.0.
I noticed strange network activity on my PC yesterday and checked process monitor. I saw a number of connections to 1-1ads.com, despite that site being present in my hosts file and in my routers URL block list.
The connections were showing against system processes, Corsairlink.exe and openvpn.exe. When I ran firefox connections to 1-1ads.com also showed against that.
I ran malwarebytes scan and a hitmanpro scan. I checked for unwanted applications having been installed.
I cleared my browser cache and cookies and flushed my DNS cache.
Malwarebytes and HitmanPro found nothing.
Rebooted and the connections disappeared.Then today I look at process monitor to see if they were present and instead I see a bunch of connections to 127.0.0.1 despite not specifying the loop back address anywhere. Again, on system programs and running applications.
A while ago I had a similar symptom with those processes showing connections to events.gfe.nvidia.com but I didn't think much of it other then it was unusual since that address is also blocked in my hosts file and router.
But now it's getting just a little too weird.
Anyone seen similar behavior? Should I be worried about it?