Unknown network process issue

[rudrax]

I have nothing visible thing accessing the web but sometimes (not always), the data counter keeps on running. I have windows update set to manual. I make sure that no app accesses the web automatically. Windows apps all are uninstalled. Then what is it that accessing the web?

With the help of a utility named ProcNetMonitor I have found out the process but yet can't understand it.

Any help will be appreciated.

[SlimRock]

if you are on Windows 8, in that case Windows Smartscreen might be the culprit. Smartscreen interacts with MS servers with applications Hash data.

For More info Visit : http://log.nadim.cc/?p=78

Turn it off and Check|

Edited September 1, 2013 by slimrock

[rudrax]

Smart screen is turned off already. That's not it.

[unknownasphyxiated]

http://whatismyipaddress.com/ip/182.19.89.106

[Kalju]

This is IP Tracing and IP Tracking - I think, You dont need it, but decide for yourself.

[SnakeMasteR]

You could do a memory analysis with Volatility, then it's easier to find out which connection and process relates to which Process ID.

[unknown] doesn't help much and Volatility might reveal that important info for you (maybe the process is [unknown] for a reason). :)

Here is an example for SpyEye. Memory Imaging utilities.

The best is to create a dump with less as possible running active processes and internet connections, so it's easier later to find the culprit(s).

[emerglines]

Use this command line in CMD "ipconfig /all & netstat -ao & tasklist", and put the result in a log file and upload it to see whats wrong :)

[mazigh]

I have nothing visible thing accessing the web but sometimes (not always), the data counter keeps on running. I have windows update set to manual. I make sure that no app accesses the web automatically. Windows apps all are uninstalled. Then what is it that accessing the web?

With the help of a utility named ProcNetMonitor I have found out the process but yet can't understand it.

Any help will be appreciated.

I think it's your ISP (Vodafone INDIA) Spying on you :P, check this: http://www.utrace.de/?query=182.19.89.106, it's not only you!, Recently I've noticed that my ISP is doing the same using svchost.exe process, I deleted the "Allow" of the process using Interactive mode of my firewall :P

Edited September 1, 2013 by mazigh

[rudrax]

Use this command line in CMD "ipconfig /all & netstat -ao & tasklist", and put the result in a log file and upload it to see whats wrong :)

Content of the log

Edited September 2, 2013 by rudrax

[emerglines]

Please remove your log from here, and see this article if you are welling to block that IP address or all the IP range include the address you get curious about :

http://www.serverintellect.com/support/windowsserversecurity/ipsec-blockip.aspx

Note: make sure to config this correctly cause its an advanced option in windows 7 or windows 8 ( i don't know if still IPSEC existe into win 8 )

if you don't know how to do that, just use this software http://www.peerblock.com/ and this is how to block IP adresses http://www.peerblock.com/userguide/how_to_use/htu-usinglists

Edited September 2, 2013 by emerglines