Page 2 of 5 FirstFirst 1234 ... LastLast

  1. Joined : Jun 2015
    Posts : 262
    windows 10 pro x64 stable build
       15 Sep 2016 #11

    Borg 386 said: View Post
    Process Explorer

    You can use Process Explorer to check running processes with the aid of VirusTotal.

    To do this, run the program, click on Options/VirusTotal.com/Check VirusTotal.com.

    Accept the terms, another column will appear with VirusTotal results listed.
    thanks for the tip. I guess it is like process hacker, but with VT?
      My System SpecsSystem Spec


  2. Joined : Jun 2015
    Posts : 262
    windows 10 pro x64 stable build
       15 Sep 2016 #12

    process hacker is not showing iexplore.exe, and internet explorer activity is not showing in KL network monitor.
      My System SpecsSystem Spec


  3. Joined : Sep 2016
    Posts : 24
    Windows 10 64 bit Home
       16 Sep 2016 #13

    shmu26 said: View Post
    process hacker is not showing iexplore.exe, and internet explorer activity is not showing in KL network monitor.
    It will only run for 3 minutes or so every few hours. If you can check the Network Traffic tab (not Network Activity) on Kaspersky Network Monitor at the end of the day I'd appreciate it, thanks.
      My System SpecsSystem Spec


  4. Joined : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 11,393
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       16 Sep 2016 #14

    shmu26 said: View Post
    thanks for the tip. I guess it is like process hacker, but with VT?
    I have used process hacker briefly & I am not familiar with it's full array of functions. However I do know from experience that Process Explorer is capable of many, many functions. There is a guide here:

    SysInternals Pro: Understanding Process Explorer

    Also, you may wish to have a look at this tool.

    TCPView for Windows

    TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
      My System SpecsSystem Spec


  5. Joined : Sep 2016
    Posts : 24
    Windows 10 64 bit Home
       16 Sep 2016 #15

    Borg 386 said: View Post
    With all the unwanted additions to your system, your easiest option would be to do a system restore. Find your restore point & go to the 2nd or 3rd one past the point the programs were installed. I say 2nd or 3rd because some malware embeds itself into the 1st restore point available & using that 1st point sometimes doesn't get rid of the PUP's/Malware.

    System Restore Windows 10 - Windows 10 Forums

    If this is not an option for you, AdwCleaner is good at ferreting out adware. Run it as admin & quarantine everything it finds.

    AdwCleaner Download

    You may also have to reset your browsers also after the rollback/scan if the problem persists.
    OK, I neglected to run AdwCleaner, have now done so and pretty shocked to see a huge number of files and registry keys from the Lavasoft Web Companion including LavasoftTcpService flagged by AdwCleaner, I thought Lavasoft were meant to be the good guys. All now deleted and cleaned after a reboot. I did disable IE's internet connection so I may reenable and see what happens. On a side note I just tried updating itunes and it failed maybe due to IE not having net access?
      My System SpecsSystem Spec


  6. Joined : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 11,393
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       16 Sep 2016 #16

    tacos team said: View Post
    I thought Lavasoft were meant to be the good guys. All now deleted and cleaned after a reboot. I did disable IE's internet connection so I may reenable and see what happens. On a side note I just tried updating itunes and it failed maybe due to IE not having net access?
    Lavasoft was good at one point until they started adding PUP's & other additions. I ran their software about 8 years back & it was a good choice at the time. As of late, not so much.

    You may have to reset your browsers to get rid of all the additions the software probably added.

    As I mentioned earlier, if you could roll back to 2 or 3 points past where all the problems started, that would be the easiest option. You may still have to reset your browsers though. I have no experience with iTunes so I cannot say if disabling IE is the cause of it. If the iTunes relies on an IE connection to function, then that is likely the cause.

    Another tool you could run to make sure nothing is left over is JRT. Run as admin & read the documentation. Please note on this tool, you do not have a choice as to what it removed, it is a one click removes all tool.

    Junkware Removal Tool Download
      My System SpecsSystem Spec


  7. Joined : Sep 2016
    Posts : 24
    Windows 10 64 bit Home
       17 Sep 2016 #17

    Borg, thanks for your reply. I had a look on the Lavasoft forums and it seems there are plenty of people unhappy with the behaviour of their web companion, including inability to remove it using normal methods, the fact it removes remembered tabs in firefox etc. How ironic that a company people once trusted to fight adware looks like its become a purveyor of it. I am still unsure if it was linked to the internet explorer background process as I haven't unblocked it yet. I did try and update itunes again and that worked, so wasn't a related issue.
      My System SpecsSystem Spec


  8. Joined : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 11,393
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       17 Sep 2016 #18

    tacos team said: View Post
    Borg, thanks for your reply. I had a look on the Lavasoft forums and it seems there are plenty of people unhappy with the behaviour of their web companion, including inability to remove it using normal methods, the fact it removes remembered tabs in firefox etc. How ironic that a company people once trusted to fight adware looks like its become a purveyor of it. I am still unsure if it was linked to the internet explorer background process as I haven't unblocked it yet. I did try and update itunes again and that worked, so wasn't a related issue.
    Good to hear it's working again.

    That's happening to a lot of companies. They need to generate money, so they go to allowing certain ads/programs. The legitimate ones will give you the option to opt out of any PUP's, some will try to sneak them in. It is no longer safe to just use the regular install when putting a new program on your PC. It's a good idea to go to custom install (if they give you that option) and there you usually find several surprise PUP's that would have installed with standard install.

    Sign of the times unfortunately.

    Have a look at this article & what happens when you d/l from a file hosting site. Not all do this, but a high majority of them try to sneak something in.

    Heres What Happens When You Install the Top 10 Download.com Apps

    If you haven't uninstalled Lavasoft yet, there is a uninstaller that does a good job of removing everything associated with a program, even the registry keys. It's Revo Uninstaller, read the documentation well since removing the wrong reg keys can hose your system. If you use the advanced option, which would be good choice removing everything. Make sure to only remove the bolded back reg keys. I've put a link to a tutorial here also. It's for the pro version but it applies to the free version as well.

    Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems


    Revo Uninstaller Pro Online User's Manual

    Another thing you might consider, d/l CCleaner & let it scan your system for orphan files & then do a reg scan. It give you the option to back up the reg keys about to be deleted, put them in an easily accessible place in case removing one breaks something. It may clean out the leftovers & restore your browser.

    CCleaner - Free Download - Piriform

    If your browser isn't connecting, you may wish to consider resetting your browser.
      My System SpecsSystem Spec


  9. Joined : Sep 2016
    Posts : 24
    Windows 10 64 bit Home
       22 Sep 2016 #19

    Thanks Borg for your further comments. I took the risk of enabling internet explorer again today but required permission to access from Kaspersky and unfortunately it seems I am still infected- I blocked an encrypted connection that was being made to vast.ssp.optimatic.com and then checked Network Monitor which showed hundreds of connections being made so I immediately blocked all connections, and then checked process explorer. The second most high cpu usage was interstatnogui.exe which looked like it was attempting to relaunch connections. Doing a search it appears interstat aka inetstat is a known adware program, and checking the install date of the exe it coincided precisely with when I installed the stereo mix plus. It is surprising that neither malwarebytes, adwcleaner, or kaspersky with pup detection spotted this?

    How to remove Inetstat or Interstart (Removal Guide)

    https://www.virustotal.com/en-gb/url...7d02/analysis/
    Last edited by tacos team; 22 Sep 2016 at 12:01.
      My System SpecsSystem Spec


  10. Joined : Sep 2016
    Posts : 24
    Windows 10 64 bit Home
       22 Sep 2016 #20

    Found this discussion below on freefixer, it seems someone noticed the exact same behaviour with chrome then internet explorer launching a large number of connections in the background

    What is interstatnogui.exe?

    A number of companies including Dr Web, Sophos, Google and Fortinet recognise the url connected to it as a malware site, four recognise the original filename UserMon.exe as Malware/PUP, but only one this filename in particular. Is there any way apart from contacting all these companies separately to alert AV makers to this?
      My System SpecsSystem Spec


 
Page 2 of 5 FirstFirst 1234 ... LastLast


Similar Threads
Thread Forum
W10 64-bit installing 32-bit software by default?
Hi there, I have upgraded my W7 64-bit to W10-64bit some time ago and been testing W10 since then. I had some random crashes and BSODs which I could not find the reason why as my W7 was running pristine. Last week I had a crash for Visual...
Software and Apps
BSOD when installing software
Hello, Recently i upgraded my windows 8 laptop to windows 10. Now when i want to install vmware player 7 i get a BSOD. When i look at the dump files i see only the ntoskernel marked red. How can i fix this. I have added the zip file as in...
BSOD Crashes and Debugging
Chrome keeps freezing since installing W10
My Chrome has been acting, really, really weird since I updated to W10 a few weeks ago. I've reinstalled the browser multiple times with no sign of improvement. There are NO issues on any other browser (Edge, Firefox & Opera) Let me give you a...
Browsers and Email
Anyone had issues with this software when installing Win 10?
Anyone had issues with this software when installing Win 10? Office 2007 This game - Battlefield Bad Company 2 FTP
Software and Apps
Get Windows 10: Microsoft's hidden roadmap for the biggest software up
Get Windows 10: Microsoft's hidden roadmap for the biggest software upgrade in history | ZDNet The above is a few paragraphs down into Ed Bott's article, but for me is the real purpose of letting us know what's next.
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:14.
Find Us
Twitter Facebook Google+



Windows 10 Forums