Windows 10: SppExtComObj.Exe Solved

Page 1 of 6 123 ... LastLast
  1.    24 Aug 2016 #1

    SppExtComObj.Exe


    Hi There,
    My Malwarebytes (recently installed) has been blocking an outbound connection to a website 94.242.206.249 using the process SppExtComObj.Exe.
    I have searched and it seems that this file is a valid process.
    The file version is dated 30.10.15, 10.0.10586.10.
    Is this something I should be worried about?
    Thanks for any help
    Paul
      My ComputerSystem Spec


  2. Posts : 12,192
    W10Prox64
       24 Aug 2016 #2

    stevenson53 said: View Post
    Hi There,
    My Malwarebytes (recently installed) has been blocking an outbound connection to a website 94.242.206.249 using the process SppExtComObj.Exe.
    I have searched and it seems that this file is a valid process.
    The file version is dated 30.10.15, 10.0.10586.10.
    Is this something I should be worried about?
    Thanks for any help
    Paul
    Hi Paul,
    SppExtComObj.Exe is a KMS Connection Broker (Key Management Services by MS).

    It's trying to connect to a non-MS server:
    This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: this output has been filtered.

    % Information related to '94.242.206.0 - 94.242.206.255'

    % Abuse contact for '94.242.206.0 - 94.242.206.255' is 'abuse@as5577.net'

    inetnum: 94.242.206.0 - 94.242.206.255
    netname: IPSERVER
    descr: IPSERVER WORLD LTD
    country: LU
    remarks: abuse-mailbox: abuse@ipserver.su
    admin-c: ON929-RIPE
    tech-c: ON929-RIPE
    status: ASSIGNED PA
    mnt-by: ROOT-MNT
    created: 2015-05-28T11:12:52Z
    last-modified: 2015-05-28T11:12:52Z
    source: RIPE

    person: Oleg Nikol'skiy
    address: British Virgin Islands, Road Town, Tortola, Drake Chambers
    phone: +18552100465
    nic-hdl: ON929-RIPE
    mnt-by: IPSERVER-MNT
    created: 2015-05-28T11:11:09Z
    last-modified: 2015-05-28T11:11:09Z
    source: RIPE # Filtered

    % Information related to '94.242.192.0/18AS5577'

    route: 94.242.192.0/18
    descr: root SA (Hosting, Dedicated Servers and Domain Names | root S.A.)
    origin: AS5577
    mnt-by: ROOT-MNT
    created: 2009-10-19T07:44:58Z
    last-modified: 2016-07-05T12:21:50Z
    source: RIPE # Filtered

    % This query was served by the RIPE Database Query Service version 1.87.4 (DB-1)
    MBAM is correct to block this. If you are using illegal software, I suggest you remove it, then run a custom full scan with MBAM.
      My ComputerSystem Spec

  3.    25 Aug 2016 #3

    Thank you for your quick response and I hope nothing is illegal on my machine! I will do a full check with MBAM to make sure all is well and will permanently block this site.
    Thanks!



    simrick said: View Post
    Hi Paul,
    SppExtComObj.Exe is a KMS Connection Broker (Key Management Services by MS).

    It's trying to connect to a non-MS server:


    MBAM is correct to block this. If you are using illegal software, I suggest you remove it, then run a custom full scan with MBAM.
      My ComputerSystem Spec


  4. Posts : 12,192
    W10Prox64
       25 Aug 2016 #4

    stevenson53 said: View Post
    Thank you for your quick response and I hope nothing is illegal on my machine! I will do a full check with MBAM to make sure all is well and will permanently block this site.
    Thanks!
    Sounds good. Let us know if it finds anything.
      My ComputerSystem Spec

  5.    26 Aug 2016 #5

    simrick said: View Post
    Sounds good. Let us know if it finds anything.
    I'm a bit paranoid due to getting a Crypto locker a few months back (I clicked on a bad email drrr and the backup was connected double drrr and it cost me plenty to get the files back that I lost), so ran the following:
    - MBAM
    - Spybot
    - Sophus
    - ESET
    - SFC /scannow
    - Panda
    - CCleaner

    Ok some things were found but all seemed to be low risk stuff, missing links, cookies etc but, the website block now doesn't come up so maybe I got it.

    I have a feeling that I really should rebuild this computer from scratch, painful as that will be.

    Paul
      My ComputerSystem Spec


  6. Posts : 12,192
    W10Prox64
       26 Aug 2016 #6

    stevenson53 said: View Post
    I'm a bit paranoid due to getting a Crypto locker a few months back (I clicked on a bad email drrr and the backup was connected double drrr and it cost me plenty to get the files back that I lost), so ran the following:
    - MBAM
    - Spybot
    - Sophus
    - ESET
    - SFC /scannow
    - Panda
    - CCleaner

    Ok some things were found but all seemed to be low risk stuff, missing links, cookies etc but, the website block now doesn't come up so maybe I got it.

    I have a feeling that I really should rebuild this computer from scratch, painful as that will be.

    Paul
    Oh dear - I am sorry to hear that. Those are all good programs to run (although I would use SuperAntiSpyware Free over Spybot). I assume now you have only ONE active anti-virus running on the machine?

    You might want to add these:
    RKILL

    TDSSKiller (Kaspersky-onetime run for rootkits)
    Make sure to tick all the boxes and let the computer reboot so it can run the scan fully.

    RKILL (again) Because everything RKILL does is undone by a reboot.

    ADWCleaner (will reboot to clean)
    Feel free to post the log after you run it and I'll have a looksee for what's leftover. Usually these crypto malware are easy to clean or even remove themselves after they've delivered their payload.

    RKILL again

    JRT

    Note: RKILL will put a log on your desktop called rkill.txt, and will overwrite it each time you run the scan, so if you want to keep them, rename them rkill01.txt, rkill02.txt, etc.

    For future protection against these encryption nasties (and a lot of others), I would make the following recommendations:

    One good active anti-virus (ESET is excellent, if you can afford it - usually on sale at Newegg on a regular basis)
    MBAM (free or pro)
    MBAE (free)
    CryptoPrevent Free
    SuperAntiSpyware Free

    A file backup system which uses "versioning".
    Alternating backups: 2 drives, one disconnected at all times, and rotate them on a regular basis.

    Note: MBAM have an anti-encryption BETA right now, which will eventually be rolled into their paid version of MBAM Pro.

    Of course, nothing beats common sense. But, if you were using, say, gmail, and collecting your emails online using your browser (and not an email client), a lot of this stuff would never even reach your inbox, and if it did, it would likely be flagged. (Not to plug gmail, but they have pretty aggressive email scanning, and ferret out quite a bit, and warn you with other stuff.)

    Depending on the infection you had (if you know the name, or can provide all scan logs), I could research it to see if it warrants a clean install.
      My ComputerSystem Spec

  7.    26 Aug 2016 #7

    simrick said: View Post
    Oh dear - I am sorry to hear that. Those are all good programs to run (although I would use SuperAntiSpyware Free over Spybot). I assume now you have only ONE active anti-virus running on the machine?

    You might want to add these:
    RKILL

    TDSSKiller (Kaspersky-onetime run for rootkits)
    Make sure to tick all the boxes and let the computer reboot so it can run the scan fully.

    RKILL (again) Because everything RKILL does is undone by a reboot.

    ADWCleaner (will reboot to clean)
    Feel free to post the log after you run it and I'll have a looksee for what's leftover. Usually these crypto malware are easy to clean or even remove themselves after they've delivered their payload.

    RKILL again

    JRTt

    Note: RKILL will put a log on your desktop called rkill.txt, and will overwrite it each time you run the scan, so if you want to keep them, rename them rkill01.txt, rkill02.txt, etc.

    For future protection against these encryption nasties (and a lot of others), I would make the following recommendations:

    One good active anti-virus (ESET is excellent, if you can afford it - usually on sale at Newegg on a regular basis)
    MBAM (free or pro)
    MBAE (free)
    CryptoPrevent Free
    SuperAntiSpyware Free

    A file backup system which uses "versioning".
    Alternating backups: 2 drives, one disconnected at all times, and rotate them on a regular basis.

    Note: MBAM have an anti-encryption BETA right now, which will eventually be rolled into their paid version of MBAM Pro.

    Of course, nothing beats common sense. But, if you were using, say, gmail, and collecting your emails online using your browser (and not an email client), a lot of this stuff would never even reach your inbox, and if it did, it would likely be flagged. (Not to plug gmail, but they have pretty aggressive email scanning, and ferret out quite a bit, and warn you with other stuff.)

    Depending on the infection you had (if you know the name, or can provide all scan logs), I could research it to see if it warrants a clean install.
    Thanks again and you are being a big help. The cryptolocker cost me US$1200 in ransom and computer expert help and a full week of down time. I didn't know anything about Bitcoin, I do now!
    I have paid for ESET and also run MBAM free and their BETA anti encryption program.
    i will give the other suggested programs a go too although it might take a few days to do it all.
    i have been using Second Copy 8 for backup. I like it because it's simple and saves the files in their normal format so that I can get at them easily. Since the cyptolocker, I have 3 backups, 2 daily that I rotate and a master weekend one which backups both my data disk and an OS image. I work from home BTW. I have been having problems with this program recently as well as other weird things. Do you know another good easy to use backup software which saves files as they are. I have a lot of very big Outlook files and even if I don't open them, they get backed up anyway because outlook loads them and this is seen as a changed file by SC8.
    My current thought is to uninstall SC8 and some other troublesome programs, then do a Windows 10 repai install, run all the scans, then reload the problem programs. I expect that it hasn't helped messing with the registry lol.
    Your thoughts please?
    thanks again!
      My ComputerSystem Spec


  8. Posts : 12,192
    W10Prox64
       26 Aug 2016 #8

    stevenson53 said: View Post
    Thanks again and you are being a big help. The cryptolocker cost me US$1200 in ransom and computer expert help and a full week of down time. I didn't know anything about Bitcoin, I do now!
    Ouch! You're lucky you got your files back - some of these creeps take the money and run.

    stevenson53 said: View Post
    I have paid for ESET and also run MBAM free and their BETA anti encryption program.
    Great. When they roll that into their paid version, it may be worth looking at a subscription.

    stevenson53 said: View Post
    i will give the other suggested programs a go too although it might take a few days to do it all.
    No problem. Actually, they all run pretty quickly. But, no rush.

    stevenson53 said: View Post
    i have been using Second Copy 8 for backup. I like it because it's simple and saves the files in their normal format so that I can get at them easily. Since the cyptolocker, I have 3 backups, 2 daily that I rotate and a master weekend one which backups both my data disk and an OS image. I work from home BTW.
    That sounds like a good setup.

    stevenson53 said: View Post
    I have been having problems with this program recently as well as other weird things. Do you know another good easy to use backup software which saves files as they are. I have a lot of very big Outlook files and even if I don't open them, they get backed up anyway because outlook loads them and this is seen as a changed file by SC8.
    My current thought is to uninstall SC8 and some other troublesome programs, then do a Windows 10 repai install, run all the scans, then reload the problem programs. I expect that it hasn't helped messing with the registry lol.
    Your thoughts please?
    thanks again!
    Hmmm... I am not familiar with Second Copy 8 - have never used it. I do know that Macrium Reflect Free allows you to mount the images and even extract specific files from the images (just did this on a system I was working on that wouldn't boot). I personally have 2 backup schemes in addition to my Operating System backup, (for which I use Macrium): CrashPlan and Robocopy. CrashPlan compresses and provides versioning, while Robocopy is basically a copy function (so data is in original state). But, you really could do everything with Macrium, and backups would be smaller since they're compressed, and can be verified as they're made. Really, since you can extract files from the images, it makes things quite nice. You can also set it up for incremental and differential images, although I don't do that - I always make full images (makes life easier if I have to restore).

    Here's some info on it:
    Solved Tell your backup software, win Macrium Reflect Home license! - Windows 10 Forums

    To get started with system imaging, see these tutorials:

      My ComputerSystem Spec


  9. Posts : 12,192
    W10Prox64
       26 Aug 2016 #9

    Was it really Cryptolocker that you had? or Torrentlocker? or something else? Because Cryptolocker was taken down, and a possible decryption scheme was released (for free). Torrentlocker made copies of your data, encrypted it, and then deleted the original, so many people got their data back by using recovery software or ShadowExplorer. Just curious - not that it makes any difference now...
      My ComputerSystem Spec

  10.    26 Aug 2016 #10

    simrick said: View Post
    Ouch! You're lucky you got your files back - some of these creeps take the money and run.


    Great. When they roll that into their paid version, it may be worth looking at a subscription.



    No problem. Actually, they all run pretty quickly. But, no rush.



    That sounds like a good setup.



    Hmmm... I am not familiar with Second Copy 8 - have never used it. I do know that Macrium Reflect Free allows you to mount the images and even extract specific files from the images (just did this on a system I was working on that wouldn't boot). I personally have 2 backup schemes in addition to my Operating System backup, (for which I use Macrium): CrashPlan and Robocopy. CrashPlan compresses and provides versioning, while Robocopy is basically a copy function (so data is in original state). But, you really could do everything with Macrium, and backups would be smaller since they're compressed, and can be verified as they're made. Really, since you can extract files from the images, it makes things quite nice. You can also set it up for incremental and differential images, although I don't do that - I always make full images (makes life easier if I have to restore).

    Here's some info on it:
    Solved Tell your backup software, win Macrium Reflect Home license! - Windows 10 Forums

    To get started with system imaging, see these tutorials:

    I already use macrium for the weekly OS disk image although I use SC8 for backing up the weekly data disk. In fact I restored the operating system 2 weeks ago from a macrium image and that worked well. As for the data file backup, I just like to see the actual files are there. I'll have a look at robocopy and see what that's all about thanks.
      My ComputerSystem Spec


 
Page 1 of 6 123 ... LastLast

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:02.
Find Us