Excessive sessions open immediately after boot


  1. MSRadell
    Posts : 140
    Microsoft Windows 10x64 Pro build 19044.1949
       New #1

    Excessive sessions open immediately after boot


    I've been having problems with Internet speed variations recently. Today I had a Tech from my ISP here to look at the problem and he discovered that immediately after boot I have over 50 active sessions open on my PC, even before I open a browser window. This machine has Norton Security installed and active and I've recently run Norton Eraser As Well as Malwarebytes and neither of them have found anything significant while scanning.

    Any idea what could because of these sessions to open?
      My Computer
    Quote Quote

  3. simrick
    Posts : 16,325
    W10Prox64
       New #2

    MSRadell said:
    I've been having problems with Internet speed variations recently. Today I had a Tech from my ISP here to look at the problem and he discovered that immediately after boot I have over 50 active sessions open on my PC, even before I open a browser window. This machine has Norton Security installed and active and I've recently run Norton Eraser As Well as Malwarebytes and neither of them have found anything significant while scanning.

    Any idea what could because of these sessions to open?
    Hi.
    I see you've got a post over at Bleeping Computer on this as well.

    Excessive active internet sessions can be caused by torrenting programs and botnets (clickfraud/DDoS attacks, etc.). I have also seen this when someone has gotten into a system with a lot of storage, and put their illegal stuff on it, selling it to customers and then linking to the compromised computer after the sale, for the download. And, just because you've got Norton running doesn't mean you're safe.

    You could try Wireshark if you want to sniff your packets, for more information.

    I would run RKILL, JRT, then an ESET Online Scan for starters, and see what comes up, while you're waiting for BC to answer. You'll need to disable Norton when running ESET.

    EDIT: Have you noticed high activity on your CPU lately?
      My Computer
    Quote Quote

  4. MSRadell
    Posts : 140
    Microsoft Windows 10x64 Pro build 19044.1949
    Thread Starter
       New #3

    Thanks, I've run the 1st 2 already and they didn't find anything I'm working on running ESET right now.
      My Computer
    Quote Quote

  6. MSRadell
    Posts : 140
    Microsoft Windows 10x64 Pro build 19044.1949
    Thread Starter
       New #4

    I went ahead and ran Wireshark today after none of the other troubleshooting tools found anything. I'm attaching a copy of a Wireshark file to see if anybody can see anything interesting in it.
    Excessive sessions open immediately after boot Attached Files
      My Computer
    Quote Quote

  7. simrick
    Posts : 16,325
    W10Prox64
       New #5

    MSRadell said:
    I went ahead and ran Wireshark today after none of the other troubleshooting tools found anything. I'm attaching a copy of a Wireshark file to see if anybody can see anything interesting in it.
    Yeah, I can't really do much with the PDF. I think you need to be in the program to do the evaluating, using the various filters available. Have a look here:
    Capturing network communication packets with Wireshark Utility | Symantec Connect
    They have a wireshark tutorial video on there.

    Did the ESET scan find anything?
      My Computer
    Quote Quote

  8. MSRadell
    Posts : 140
    Microsoft Windows 10x64 Pro build 19044.1949
    Thread Starter
       New #6

    simrick said:

    Did the ESET scan find anything?
    No It Didn't.
      My Computer
    Quote Quote

  9. pete1208
    Posts : 48
    Win 10
       New #7

    Have you reviewed your startup programs in task manager? Sounds like a virus, etc... to me
      My Computer
    Quote Quote

  10. MSRadell
    Posts : 140
    Microsoft Windows 10x64 Pro build 19044.1949
    Thread Starter
       New #8

    Following up with some of the information I collect on Wireshark I thought a lot of communications to the IP address of 204.79.197.213. A search came back showing that's a MS site. I created a firewall rule to block all communications to and from that site and suddenly everything seems to be working fine! I'm running Windows 10x64 Pro, and to the best of my knowledge have all of the MS data transfer stuff turned off but obviously something is still functioning.
      My Computer
    Quote Quote

  12. simrick
    Posts : 16,325
    W10Prox64
       New #9

    MSRadell said:
    No It Didn't.
    Good. If ESET didn't find anything, then you can be pretty sure there's no virus lurking.

    MSRadell said:
    Following up with some of the information I collect on Wireshark I thought a lot of communications to the IP address of 204.79.197.213. A search came back showing that's a MS site. I created a firewall rule to block all communications to and from that site and suddenly everything seems to be working fine! I'm running Windows 10x64 Pro, and to the best of my knowledge have all of the MS data transfer stuff turned off but obviously something is still functioning.
    Interesting. I hope that's not your OneDrive sync.
      My Computer
    Quote Quote

  13. MSRadell
    Posts : 140
    Microsoft Windows 10x64 Pro build 19044.1949
    Thread Starter
       New #10

    Actually after doing some more research that's the homepage for Bing, don't know why it was trying to communicate because I don't use it at all and have it turned off! Just more MS BS.
      My Computer
    Quote Quote

 

  Related Discussions
Hi there AFAIK RDP can only connect to a single computer unless you start fiddling with ports etc -- Is this in fact true or is essentially RDP only available for a single computer at a time. On a Linux box here I'm using a product KRDC which...
Hi I've a Sony Viao laptop i5-3230M, 8GB RAM which originally came with Win7 pre-installed. I took the plunge to upgrade to Windows 10 Home (currently version 1903 (OS Build 10.0.18362.900) whilst it was available. Since then, 'cold' boot times of...
My wife uses Firefox 70.0.1 (64 bits) on Windows 10. She insists on never closing the browser, because she doesn't use bookmarks. She's already had 90 tabs open at the same time :eek:. Last time I accidentally closed her browser, and I...
For some reason Microsoft Edge immediately closes down every time i open it. I've tried sfc /scannow and I've deleted the Microsoft Edge folder in C:/Users/"username"/AppData/Local/Packages and then entering the command in PowerShell to reset but...
Excessive TCP connections open
in Network and Sharing

I recently noticed that even immediately after rebooting my system (Windows 10x64 Pro) but I have around 200 TCP connections open before I even begin opening Internet Explorer, Outlook etc. I'm attaching a file taken with TCPviewer immediately...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:13.
Find Us




Windows 10 Forums