New
#11
process hacker is not showing iexplore.exe, and internet explorer activity is not showing in KL network monitor.
I have used process hacker briefly & I am not familiar with it's full array of functions. However I do know from experience that Process Explorer is capable of many, many functions. There is a guide here:
SysInternals Pro: Understanding Process Explorer
Also, you may wish to have a look at this tool.
TCPView for Windows
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
OK, I neglected to run AdwCleaner, have now done so and pretty shocked to see a huge number of files and registry keys from the Lavasoft Web Companion including LavasoftTcpService flagged by AdwCleaner, I thought Lavasoft were meant to be the good guys. All now deleted and cleaned after a reboot. I did disable IE's internet connection so I may reenable and see what happens. On a side note I just tried updating itunes and it failed maybe due to IE not having net access?
Lavasoft was good at one point until they started adding PUP's & other additions. I ran their software about 8 years back & it was a good choice at the time. As of late, not so much.
You may have to reset your browsers to get rid of all the additions the software probably added.
As I mentioned earlier, if you could roll back to 2 or 3 points past where all the problems started, that would be the easiest option. You may still have to reset your browsers though. I have no experience with iTunes so I cannot say if disabling IE is the cause of it. If the iTunes relies on an IE connection to function, then that is likely the cause.
Another tool you could run to make sure nothing is left over is JRT. Run as admin & read the documentation. Please note on this tool, you do not have a choice as to what it removed, it is a one click removes all tool.
Junkware Removal Tool Download
Borg, thanks for your reply. I had a look on the Lavasoft forums and it seems there are plenty of people unhappy with the behaviour of their web companion, including inability to remove it using normal methods, the fact it removes remembered tabs in firefox etc. How ironic that a company people once trusted to fight adware looks like its become a purveyor of it. I am still unsure if it was linked to the internet explorer background process as I haven't unblocked it yet. I did try and update itunes again and that worked, so wasn't a related issue.
Good to hear it's working again.
That's happening to a lot of companies. They need to generate money, so they go to allowing certain ads/programs. The legitimate ones will give you the option to opt out of any PUP's, some will try to sneak them in. It is no longer safe to just use the regular install when putting a new program on your PC. It's a good idea to go to custom install (if they give you that option) and there you usually find several surprise PUP's that would have installed with standard install.
Sign of the times unfortunately.
Have a look at this article & what happens when you d/l from a file hosting site. Not all do this, but a high majority of them try to sneak something in.
Heres What Happens When You Install the Top 10 Download.com Apps
If you haven't uninstalled Lavasoft yet, there is a uninstaller that does a good job of removing everything associated with a program, even the registry keys. It's Revo Uninstaller, read the documentation well since removing the wrong reg keys can hose your system. If you use the advanced option, which would be good choice removing everything. Make sure to only remove the bolded back reg keys. I've put a link to a tutorial here also. It's for the pro version but it applies to the free version as well.
Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems
Revo Uninstaller Pro Online User's Manual
Another thing you might consider, d/l CCleaner & let it scan your system for orphan files & then do a reg scan. It give you the option to back up the reg keys about to be deleted, put them in an easily accessible place in case removing one breaks something. It may clean out the leftovers & restore your browser.
CCleaner - Free Download - Piriform
If your browser isn't connecting, you may wish to consider resetting your browser.
Thanks Borg for your further comments. I took the risk of enabling internet explorer again today but required permission to access from Kaspersky and unfortunately it seems I am still infected- I blocked an encrypted connection that was being made to vast.ssp.optimatic.com and then checked Network Monitor which showed hundreds of connections being made so I immediately blocked all connections, and then checked process explorer. The second most high cpu usage was interstatnogui.exe which looked like it was attempting to relaunch connections. Doing a search it appears interstat aka inetstat is a known adware program, and checking the install date of the exe it coincided precisely with when I installed the stereo mix plus. It is surprising that neither malwarebytes, adwcleaner, or kaspersky with pup detection spotted this?
How to remove Inetstat or Interstart (Removal Guide)
https://www.virustotal.com/en-gb/url...7d02/analysis/
Last edited by tacos team; 22 Sep 2016 at 12:01.
Found this discussion below on freefixer, it seems someone noticed the exact same behaviour with chrome then internet explorer launching a large number of connections in the background
What is interstatnogui.exe?
A number of companies including Dr Web, Sophos, Google and Fortinet recognise the url connected to it as a malware site, four recognise the original filename UserMon.exe as Malware/PUP, but only one this filename in particular. Is there any way apart from contacting all these companies separately to alert AV makers to this?