locked
Resource monitor network showing potential unwanted connection RRS feed

  • Question

  • I've scanned my computer for malware and viruses.  Why is this address, www.8minutedating.com, associated with anything?  There should be no association between them.  I have used TCPView and wireshark to see any address that is associated with it, but am at a lose what to do next or if I need to worry.  Even if I shut down boinc there are still connections to that address.  Am I just paranoid?  Thanks for any advice.

    Image         PID    Address                            Send(B/sec)

    boinc.exe   5792  www.8minutedating.com  4,439

    boincmgr.exe  4944  www.8minutedating.com  259

    firfox.exe  1348  www.8minutedating.com  11

    Saturday, May 12, 2012 12:14 AM

All replies

  • If you are looking at a trace and see a resolved name, this is because there was some name resolution traffic that associated that name to the address.  I would look at any traffic with this name in the summary:

    Summary.Contains("8minutedating")

    Then verify this traffic is in fact resoving the ip address to this name. 

    Paul

    • Proposed as answer by Paul E Long Tuesday, May 15, 2012 4:01 PM
    Monday, May 14, 2012 4:23 PM
  • I sorry I am not sure I understand where to look for that in the traffic.  Can you give a few more details?
    Monday, June 4, 2012 11:23 PM
  • Once you do the above filter, see if there is any traffic from DNS or NBTNS.  If so, this is what is causing these addresses to be resolved to friendly names.

    When Network Monitor sees name resolution traffic, it records it and uses it to display the freindly resolved name instead of the hardware address.  Assuming this is the case, you can determine if these responses are correct and from a machine you expect.  For NBTNS, there's usually a WINS server invovled and perhaps it has stale or incorrect information.  If there's DNS traffic, then your DNS server is return the request.

    Thanks,

    Paul

    Tuesday, June 5, 2012 1:31 PM