Can anyone tell me why the hell does Windows 8.1 upload shit to China?
Does Microsoft have servers there?
>>55081084
nice malware you have
>>55081139
But all system processes and files show as legit using md5 checksum
>>55081084
Just because a server is in China doesnt automatically mean its malware. Any of the ips in your list could be malware. Check the content of the requests with wireshark.
>>55081084
>Does Microsoft have servers there?
do you really think international technology conglomerate Microsoft doesn't have a single server in the world's most populous country?
>>55081164
Nope, try again.
>>55081084
Is there a freeware or open source alternative to Glassfire?
>>55081243
>using common sense
where do you think you are
just block the microsoft IPs
>>55081251
ok i checked again using md5 and everything turns ok but for some reason one of the svchosts.exe shows in red
how do i target that one without killing the bunch of them?
>>55081272
pirate it
>>55081286
a Microsoft thread
It's a common practice for viruses to embed themselves as svchost, looks like you've got one. Backup your important shit and nuke the system drive, then do a fresh install. Nothing else to do with regards to Windows infections.
>>55081341
what program is this?
>>55081084
thats a malware
you installed it when installing glasswire
>>55081480
System Explorer. It checks everything using md5.
>>55081525
Actually it looks like he installed it 11/8/2015
>>55081341
svchost is just a container that runs services (aka "background programs"), go to your task manager, find that process, then right click and do this. It should highlight it in the list of services on the next tab, you can track down the actual executable from there.
This is really really fucking basic shit.
>>55081547
date is probably spoofed
>>55081557
Or, if you don't see that option, it could literally be just a program named "svchost.exe", pick 'open file location' and handle things from there, assuming it's malware pretending to be a legitimate system component.
>>55081557
i see nothing unusual there
>>55081601
are system files are actually checked using md5 here >>55081341
should i just add that chinese IP to the hosts file?
>>55081557
Which Windows 7 skin is that?
>>55081633
113.107.166.147 doesn't point to any website or known service, looks pretty shady in my opinion. If it's legit malware and not some P2P/torrent connection, then whatever is on your computer could just remove it from the hosts file.
I mean you have nothing to lose by doing it, but I'd investigate a bit further, like for instance with Wireshark, as someone previously pointed it out.
Use an anti virus scanner, idiot.
>>55081752
The only one worth using. Get 2.0b.
http://zainadeel.deviantart.com/art/Blend-2-0-for-Windows-7-191678865
>>55081762
>and not some P2P/torrent connection
These are legit (md5 checked) windows services that are uploading shit to that ip
i dont know whats going on anymore
I already ran Malwarebytes and Spyhunter Portable scanner in deep mode and nothing is found.
What should I use to find that shit?
Maybe its not a virus or anything but just Windows doing their botnet shit and selling shit to the data to the chinks
>>55081633
>nothing unusual about a 32 bit svchost in 64 bit Windows that was installed months after Windows
Ok.
>>55081849
What's the actual service sending data to it? Can you get like a process ID or something from GlassWire? The fact that "something" is connected to "somewhere" is not much to go on.
I know this sounds paranoid, but...is there anything to vouch for the integrity of System Explorer itself?
>>55081882
There's virustotal. It's also running on Windows, so unless you take everything apart with a disassembler and fifty security audits, you can never really be sure.
>>55081882
Nope. Stupid cucks in here honestly believe that anything a program running ON an operating system can do could possibly uncover a proper rootkit / malware.
A software rootkit is invisible to the host OS itself. Only way to verify it is by booting a different OS and verifying the integrity of the entire boot path from there.
However, the only way to eliminate a hardware rootkit is to replace the hardware.
>>55081084
Do you run any servers on Windows?
If you do, it could just be a simple port scan.
>>55081871
>What's the actual service sending data to it
>>55082002
i dont other than KMSpico which didn't actually work but was to lazy to remove that.
i forgott to mention that i got my pc taken away from the police and when they returned it after months they somehow froze the bios making it unable to access. Before that shit happened it booted to windows pretty fast but now it wait on the bios screen like 30 seconds before continuing. When i try to access it using DEL and just freezes and than i have to force restart it. Now i cant even reformat my drive and install a new OS. Resetting the BIOS didn't work either.
Maybe there is a link here in between? But still im from europe and here im dealing with some strange chink shit
>>55082072
>i forgott to mention that i got my pc taken away from the police and when they returned it after months they somehow froze the bios making it unable to access. Before that shit happened it booted to windows pretty fast but now it wait on the bios screen like 30 seconds before continuing.
HOLY SHIT dude your hardware is bugged
have you at least tried clearing the CMOS?
>>55081871
>What's the actual service sending data to it
no way to find out
>>55082072
>i forgott to mention that i got my pc taken away from the police
...why?
>>55082099
>have you at least tried clearing the CMOS
could you tell me how to do that? And also with reset, i actually mean i just took the battery on the mother board out for some minutes. Is there a better way?
>>55082103
>windows
>can't even find out which service is sending data to china
NSA/microsoft, not even once
>>55082072
>i forgott to mention that i got my pc taken away from the police and when they returned it after months they somehow froze the bios
This fucking thread.
>>55082121
i think it was unrelated and the only strange shit i see on my system is that weird chinese ip connecting with legit windows processes
>>55082072
>But still im from europe
Which gestapo country are you from so I can avoid ever traveling there?
>>55082143
im just curious why did the police take your computer. what did you do?
>>55082143
>legit Windows process
>>55082072
Just take your whole motherboard and throw it in the garbage. Or submerge it in acid. That computer is far beyond saving.
>>55082154
hate speech on /b/
>>55082182
OP HERE
Anyone knows how to reset or update the firmware on Motherboard F1A55-M LE - ASUS?
>>55082277
Yes, I do.
MICROWAVE RADIATION UNTIL THE FIRE CONSUMES THE CMOS!
>>55082277
Just go to a hardware store and get a hacksaw. Not even joking. Chinese malware is the least of your concerns.
>>55082304
but then where to get dem money to buy a new one
>>55082277
I know updating your computer is hard these days. Dont give up on yourself. Just hang in there! Youll understand the game soon enough. I believe in you, anon-kun
>>55082366
yeah but what do when my bios is inaccessible?
>>55082366
>unbreakable
You are such a fucking faggot, holy shit.
>>55082407
>bios
>inaccessible
then you throw away your motherboard
>>55082122
you turn off the computer, take out the CMOS battery(pic related), leave it for like 5 minutes and put it back in
>>55082407
>>55082409
you need to know my last name or it wont make sense
>>55082418
already did that, didn't change anything like i said here >>55082122
>>55082418
He did that already. Although you might have to short two pins on certain ASUS motherboards in addition to taking the battery out.
>>55082366
>2016
>WinRAR
>>55082513
what else would i use ?
>>55081084
>Windows 8.1
lol
>>55082517
7zip
>>55083246
looks shit, slow
>>55082182
What did you say?
>>55081084
The Apple MacBook Pro with Retina Display doesn't have this problem.
>>55083863
Yea, but you get aids and muslim bombings instead.
>>55081849
>SpyHunter
I think I found the malware.
>>55081164
Your running the md5 of the file on the hard drive. The process is running from memory. You must also check that the process in memory matches the file on the hard drive
>>55084944
but you must also make sure your view of the memory is not being altered
and that your program is running as expected
and that no processes are being hidden from it
and that no code is being hidden from the kernel
etc.
>>55086772
True, but I haven't personally dealt with those situations so I can't speak to them
