Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by elzach

  1. Thanks so much for following up. Yes, for sure the ISP modem/router is causing this connection. When I connected to my phone's hotspot data connection, this internet gateway didn't appear at all. I am not "distributing" anything from my network. The only things I can think of are: a) I have a movie and IPTV projector using the modem wifi, and b) IF I were providing my computer as a VPN Gate server, then HCDN might be needed? If I connect directly to the ISP modem, I get the "internet gateway" connection as per my second post, which I can't delete or disable.
  2. No I don't. Btw, VPN Gate does have a function for providing your own computer as a vpn server, but it needs to be manually activated with 2-3 clicks on the client. This is what I tried to attach yesterday. I deleted all these settings permissions. I have since disabled VPN Gate client manager, but "HCDN" keeps reappearing.
  3. Hi Ritchie, It's not exactly "two routers", not is it a "bridge". The original ISP modem is a fiber optic connection modem/router, with lousy reach. I've had an external router simply connected to its LAN. It gives me the same speeds, but better coverage around the apartment. I've been in this location for 2 months and I didn't notice these "internet gateways" before. I noticed them for the first time when I got that warning from Immunet about a malicious connection. Btw, even a system restore didn't get rid of these gateways. So they may had been there all along. Truth is sfc.exe has done this before on a few occasions, basically going beserk. I'll upgrade my system in April and install an updated version. Btw, how to delete existing attachments? I'd like to post a new one here.
  4. Thanks Ritchie and sorry for the delay in replying. Since last week I have been connected to an external router that has been connected to that modem/router. It shows me an "internet gateway", but "disabled". I may have disabled it myself. Under Properties and Settings, it shows that it's using something called "HCDN". There is very little info out there on what that is, other than "Content Delivery Network" used with P2P operation. This is becoming even more strange. However, again, this gateway is disabled and doesn't affect my internet connection at all. At first I was actually afraid that the modem/router might have been infected. I ran AV and MBAM on my phone, which was connected to the router wifi at the time, they found nothing. Of course Android is a different "animal". Yes I checked with Device Manager, nothing out of the ordinary. I don't have a scheduled scan running. I usually do a flash scan after I boot up.
  5. Thank you both so much. (btw, I intentionally left the entire screenshots, so you can see that I was doing something innocuous like searching on Bing. Plus notice that I had not actually visited that site, it was still in preview mode. Doesn't Bing check what kind of sites go through?). But unfortunately it looks like there is much more to this than meets the eye: a) Just now, when I connected to that modem/router (after 2-3 days), and while having open only Yahoo Mail and this site, sfc.exe went crazy, got stuck at 50% of CPU, PLUS the tray icon froze (see attached). Left-clicking or right-clicking on it did nothing. Disconnecting and connecting to another wifi network did nothing (at least within 1-2 minutes), sfc was still frozen. I had to restart computer. b) Since I'm curious (as you can see) about my network connections, while I was connected to that "Internet Gateway", I clicked on Properties. And in Settings I see the attached. VPN Gate is a vpn that I use sometimes, but I never gave permission for this. I had deleted these settings before, but they come back every time that "Internet Gateway" connection comes up. As far as VPNs Rob, I understand what you're saying and the risks. But here in China we are lucky to find any vpn that actually works, whether it drops the connections or not.
  6. Yesterday while I was searching on bing.com (I'm in China, that's why), I got the attached detections. A few seconds later I also noticed this new "internet gateway" (see attached), which wasn't there before. When it was installed, I'm not sure. I disconnected right away, shut off computer and ran MBAM and SAS in safe mode, and Immunet. Nothing was reported. It turns out that "internet gateway" only runs when I'm connected on my ISP's modem/router. Also, I cannot delete it or disable it. Since then I've been connected to my phone's data connection (of which luckily I have a few GBs). Any suggestions?
  7. I'm running v 5.0.2 on XP SP3. It's probably been the same since I installed Immunet a year ago, that I've noticed general custom scans take a long time, plus they hog CPU resources. I just scanned an external HDD folder of 110 GB (about 90,000 files), with both "scan archive" and "scan packed files" enabled. It took 44 minutes, or about 40 MB per second. All along, CPU usage ranged from 20 to 90%(!). So if people want to scan a 1 Terabyte HDD, which is common these days, they can go take a shower, shave, have breakfast, come back to their computer and it will still be scanning (for 6.5 hours to be exact). I'd be curious to see other members' scan speeds. Please post your results mentioning version and OS.
  8. Ritchie, something very weird happened a few minutes ago. I turned on my laptop and sfc.exe went to 99% of CPU and stayed there. The whole computer became unresponsive (frying my hard drive at the same time). After 2 minutes of waiting I powered off the laptop. I restarted it and it seems to be ok now. The only change in settings that I did prior to that was to hide the tray icon. I wonder if you or anyone else had this kind of (scary) experience. Normally I see sfc.exe taking 15-25% of CPU on boot up (doing what I have no idea since I have Clam AV disabled) and then after 10 seconds going back down to 0%.
  9. Here's what's caused all of this: simple negligence. "Patches published months before the massive hack began apparently weren't applied before the hack." https://www.cnet.com/news/equifax-blames-months-old-web-server-flaw-for-hack/ Time for the credit reporting bureaus to be regulated. 40 State AG offices are on them right now. It's unconscionable that they are NOT regulated, given that they hold the "holy grail" of personal data.
  10. Thanks Ritchie and Rob. That's a great tip, hiding tray icon basically stops iptray.exe. About the sfc.exe text documents Ritchie, it actually keeps the last 5 days of it, I have 10 of them now, each about 50 MB each, which for a text document is massive (on Word that would be hundreds of pages). Here's a tiny portion of the contents there: "(35252984, +0 ms) Sep 16 18:21:58 [1068]: lookup_ipl_ip_recurse(): port match at 0A837400: src: 0-0, dst: 80-80 on src: 4411, dst: 80 (35253062, +78 ms) Sep 16 18:21:58 [1068]: main(): found class:disp 0:1 (35253062, +0 ms) Sep 16 18:21:58 [1068]: lookup_ipl_ip_recurse(): transport layer present 0A8373D0 (35253062, +0 ms) Sep 16 18:21:58 [1068]: lookup_ipl_ip_recurse(): protocol match: query / node: 6 / 6 (35253062, +0 ms) Sep 16 18:21:58 [1068]: lookup_ipl_ip_recurse(): port match at 0A8373D0: src: 0-0, dst: 80-80 on src: 4411, dst: 80 (35253062, +0 ms) Sep 16 18:21:58 [1068]: main(): found class:disp 0:1 (35253062, +0 ms) Sep 16 18:21:58 [1100]: sha256_file: hashing 0 bytes (35253078, +16 ms) Sep 16 18:21:58 [1104]: sha256_file: hashing 0 bytes (35253078, +0 ms) Sep 16 18:21:58 [1108]: sha256_file: hashing 0 bytes (35253078, +0 ms) Sep 16 18:21:58 [1044]: sha256_file: hashing 0 bytes (35253078, +0 ms) Sep 16 18:21:58 [1100]: sha256_file: hashing 0 bytes (35253109, +31 ms) Sep 16 18:21:58 [1044]: sha256_file: hashing 0 bytes (35253109, +0 ms) Sep 16 18:21:58 [1108]: sha256_file: hashing 0 bytes (35253125, +16 ms) Sep 16 18:21:58 [1104]: sha256_file: hashing 0 bytes (35253140, +15 ms) Sep 16 18:21:58 [1044]: sha256_file: hashing 0 bytes (35253140, +0 ms) Sep 16 18:21:58 [1108]: sha256_file: hashing 0 bytes (35253140, +0 ms) Sep 16 18:21:58 [1076]: lookup_ipl_ip(): traversing to the right of tree: ca6c1798 (35253140, +0 ms) Sep 16 18:21:58 [1076]: lookup_ipl_ip_recurse(): ip:src:dst / node ip / implicit cidr: ca6c1798:4412:80 / 80000000 / 1 (35253140, +0 ms) Sep 16 18:21:58 [1076]: lookup_ipl_ip_recurse(): ip:src:dst / node ip / implicit cidr: ca6c1798:4412:80 / c0000000 / 4 (35253140, +0 ms) Sep 16 18:21:58 [1076]: lookup_ipl_ip_recurse(): ip:src:dst / node ip / implicit cidr: ca6c1798:4412:80 / c0000000 / 4"
  11. Ritchie, I just enabled Gaming Mode, that takes care of it for now. Btw, I noticed that the Immunet folder is massive, 1.2 GB! Should I delete the Clamav folder (about 550 MB), since I've disabled ClamAV detection? I also noticed that sfc.exe creates text documents every day of 50 MB each (which is quite a feat) and saves the last 5 in its version folder. What are these about?
  12. I had the same question. The only solution for the moment is to enable "Gaming Mode", or Settings -> Notification Settings -> Gaming Mode on.
  13. No I didn't update. How to disable that pop up notification?
  14. Cannot update any way (Win XP). The notification pops up every 10 min it seems.
  15. Hi Ritchie, thanks for the feedback. A few things: Yes, I did try to run Immunet in Safe Mode, it was basically disabled. My Win Firewall does NOT have any exceptions for Immunet, including sfc and freshclam. I never tried Immunet 3, I actually came here from Panda Free, they FORCED the upgrade to latest version on us and I didn't appreciate that. They installed an upgrade executable which tried to install upon shut down of computer. In probably 20 years of using computers I don't think I ever saw this kind of practice. And brw, there are many complaints about their latest version (which might explain the forced upgrade, since no one would install it by choice!). Now, a couple of new things: I just did a FULL SCAN, it took about 1.5 hours to scan 80 GB of data, all along running the CPU to 40%-70%. Which means that if you got 1 TB of data, you're looking at a full day's scan! Also, more importantly, it found a false positive: Netfilter2.sys in Windows\system32\drivers\netfilter2.sys Without this, the virtual network adapter of many VPN programs cannot run. I restored it from quarantine and my vpn woks fine again. Where do we report false positives?
  16. Hi Ritchie, thanks. I just confirmed, CANNOT do a scan on "safe mode with networking", even though I had wifi on and brought up my browser. I saw sfc.exe was not running. Can you bring this up with Immunet support? I think it's a major design flaw. So far Immunet is running smoothly since I disabled ClamAV. I may enable it again in the near future to see how freshclam.exe behaves. Forgot to ask, should I add an exception on Win firewall?
  17. Thanks Ritchie. No I'm not using any other security app, only Malwarebytes that I run occasionally and the Windows firewall (could that play a role?). Yes I did disable ClamAV auto updates also. So I understand 100%, that means I only don't have offline protection, as in let's say connecting a usb drive with unknown contents while offline, correct? Btw, if I connect a USB drive while online, there is protection, right? Another unrelated question, I noticed I can't run a scan in safe mode, that's to be expected right? I thought it may act like Panda, which does allow that. Thanks again.
  18. I installed the latest version 5.0.2 on Win XP SP3 last Saturday. Everything was running smoothly, except for sfc.exe getting up to 500 MB of ram on boot up, but after a couple of minutes it would drop to 30 MB. Just today freshclam.exe and freshclamwrap.exe reared their ugly heads. A few questions: A. Isn't it strange that I noticed them 6 days after installing, that they didn't come up before? B. Freshclam.exe was running at constant 50% of CPU, overheating my laptop, for about 15-20 minutes. It then died down on its own and sfc.exe ran at 50% of CPU for about 1 minute. Then back to normal. I disabled ClamAV engine. Should I also disable Auto definition updates? Any suggestions? Is this a known issue on Win XP? Thanks!
  • Create New...