Jump to content

Windows 10 Hidden Unknown Background App


giganut

Recommended Posts

Hello, I have what I believe to be a problem. On all my Windows 10 machines I have discovered a Hidden Unknown Background Process running at all times. This Unknown Process is not visible in the normal task manager, it's only visible in third party tools like cports and other networking tools. Dose any one know what this is, or if it's a problem or not. Sometimes the Unknown Process will launch many other Unknown Processes making windows 10 slow to react. Below is a list of hosts the Unknown Process is sending requests back and forth to.

w7chmnV.png

Not everything in the list below was coming from this Unknown Process but a lot of it was, I just copied out my block list from my host file and posted it, so some of the list may have been coming from other possesses but most of them are from this Unknown Background application in windows 10.

sirius.mwbsys.com
sirius-prod.elasticbeanstalk.com
prev.cloud.avg.com
v10.vortex-win.data.microsoft.com
v10.vortex-win.data.metron.live.com.nsatc.net
vortex.data.glbdns2.microsoft.com
VORTEX-cy2.metron.live.com.nsatc.net
tools.l.google.com
sns.dns.icann.org
settings-win.data.microsoft.com
OneSettings-bn2.metron.live.com.nsatc.net
stats.mbamupdates.com
Collection-Balancer-1322209416.us-east-1.elb.amazonaws.com
data-cdn.mbamupdates.com
vip0x062.ssl.hwcdn.net
prisoner.iana.org
settings.data.glbdns2.microsoft.com
ieonlinews.microsoft.com
ocsp2.globalsign.com
crl.usertrust.com
live.com
ns1.msft.net
rns02.charter.com
rns01.charter.com
akamaitechnologies.com
Vortex-db5.metron.live.com.nsatc.net
prev.explabs.net
vip098.ssl.hwcdn.net
ns1.gts.cz
ocsp.verisign.com
ocsp-ds.ws.symantec.com.edgekey.net
e8218.dscb1.akamaiedge.net
ns1.edgecastcdn.net
av.download.avg.com
aa.avg.com
aa.avg.com.edgesuite.net
a1019.g2.akamai.net
amazonaws.com
avg.cz
dm2306-a.1drv.com
av.update.avg.com
update.avg.com.edgekey.net
e11023.a.akamaiedge.net
s3-1.amazonaws.com
yk-in-f108.1e100.net
yv-in-f136.1e100.net
yx-in-f102.1e100.net
yv-in-f113.1e100.net
yv-in-f95.1e100.net
ns1.google.com
ns2.google.com
ns3.google.com
ns4.google.com
ec2-52-25-54-181.us-west-2.compute.amazonaws.com
ec2-52-35-210-189.us-west-2.compute.amazonaws.com
a23-61-187-27.deploy.static.akamaitechnologies.com
a104-79-133-115.deploy.static.akamaitechnologies.com
a104-91-166-96.deploy.static.akamaitechnologies.com
a104-91-166-96.deploy.static.akamaitechnologies.com    
a184-31-193-149.deploy.static.akamaitechnologies.com
c6945.sgvps.net
atl14s21-in-f6.1e100.net
yx-in-f156.1e100.net
yv-in-f102.1e100.net
yx-in-f101.1e100.net
yw-in-f95.1e100.net
a23-61-75-27.deploy.static.akamaitechnologies.com
xx-fbcdn-shv-01-ord1.fbcdn.net
a104-91-166-91.deploy.static.akamaitechnologies.com
a23-64-112-45.deploy.static.akamaitechnologies.com
a104-91-166-90.deploy.static.akamaitechnologies.com
a104-91-166-113.deploy.static.akamaitechnologies.com
a104-91-166-83.deploy.static.akamaitechnologies.com
mq-cov-osm-dtc-mapquest-a.evip.aol.com
ec2-54-175-215-216.compute-1.amazonaws.com
a23-64-126-247.deploy.static.akamaitechnologies.com
a-0001.a-msedge.net
coral.wiktel.com
71.10.216.1 : rns01.charter.com
ec2-23-23-131-45.compute-1.amazonaws.com
ec2-23-21-130-13.compute-1.amazonaws.com
ec2-52-11-75-113.us-west-2.compute.amazonaws.com
token.r53-2.services.mozilla.com
clients.l.google.com
youtube-ui.l.google.com
ec2-54-152-180-212.compute-1.amazonaws.com
www-google-analytics.l.google.com
a104-91-212-129.deploy.static.akamaitechnologies.com
a104-91-230-199.deploy.static.akamaitechnologies.com
a104-91-166-234.deploy.static.akamaitechnologies.com
a104-91-166-82.deploy.static.akamaitechnologies.com
a104-91-166-80.deploy.static.akamaitechnologies.com
a104-91-192-31.deploy.static.akamaitechnologies.com
ec2-50-17-192-248.compute-1.amazonaws.com
yv-in-f91.1e100.net
ec2-52-88-115-84.us-west-2.compute.amazonaws.com
ghs-vip-any-c46.ghs-ssl.googlehosted.com
den03s10-in-f36.1e100.net
yw-in-f190.1e100.net
ec2-54-209-5-173.compute-1.amazonaws.com
ec2-52-27-138-29.us-west-2.compute.amazonaws.com
yw-in-f113.1e100.net
a104-91-166-104.deploy.static.akamaitechnologies.com
166-22.amazon.com
a104-91-230-198.deploy.static.akamaitechnologies.com
ec2-50-16-234-116.compute-1.amazonaws.com
crl.comodoca.com
messengerskydrive.com
a23-64-119-117.deploy.static.akamaitechnologies.com
a72-246-104-169.deploy.akamaitechnologies.com
yx-in-f95.1e100.net
yv-in-f94.1e100.net
qh-in-f106.1e100.net
18-127-232-198.static.unitasglobal.net
120.0.0.1 d1-3-0-0-19.a01.nycmny03.us.ce.verio.net
120.0.0.1 ec2-54-183-163-208.us-west-1.compute.amazonaws.com
120.0.0.1 ya-in-f139.1e100.net
120.0.0.1 ya-in-f94.1e100.net
120.0.0.1 ec2-52-25-54-181.us-west-2.compute.amazonaws.com
120.0.0.1 ql-in-f105.1e100.net
120.0.0.1 a23-61-75-27.deploy.static.akamaitechnologies.com
server-52-84-7-171.ord54.r.cloudfront.net
ya-in-f94.1e100.net
94.31.29.154.IPYX-077437-ZYO.above.net
yx-in-f94.1e100.net
5b.89.7e4b.ip4.static.sl-reverse.com

 

I would like to add that I can't find this application at this time on my machine. I also can't kill it and when it's tampered with it seem to go into a protection mode and go's dormant for some time and then relaunches it's self.

 

q5JIcJj.png

 

I'm not sure and I could be wrong but it seems to send information about the websites I'm looking at at the time.

Link to comment
Share on other sites

Hello giganut, I don't see anything apparently malicious with your Hosts files but you do have a lot of listings for Akamai Technologies which is a business orientated cloud based Content Delivery Network (CDN) service primarily used by web site & software developers. Did you install and are currently using this service?

 

Sometimes mission critical, legitimate applications will use hidden processes to keep them from outside manipulation by other programs. Or, as you fear, it could also be a malware infection. That's why I was curious about the Akamai CDN service.

 

Here is the End-User FAQ/Customer Support page for Akamai that you may want to take a look at. https://www.akamai.com/us/en/support/end-user-faq.jsp

Cheers, Ritchie...

Link to comment
Share on other sites

Ok, I did some research on the web concerning Akamai. it appears that Microsoft uses Akamai's servers for updating and other purposes to reduce the workload on Microsoft's own servers. So in actuality this is a legit program that Windows 10 utilizes from time to time. Although Akamai claims it only uses the necessary ports during low system & bandwidth usage other users have reported reduced system performance when the CDN service is connected to their servers.

I had to really scour the internet for any relevant answers to your situation so that begs the question, why is Microsoft so secretive (or at the very least, not very transparent [no pun intended]) when it comes to using this hidden service? Is Microsoft using this not just for updates but for data mining as well? I did read a CNET article a while back that claims that Win 10 actually spies on it's users and sends that meta data back to Microsoft, using this same service I would venture to guess. With what you've shown me I would have to concur with the CNET article. If that's truly the case then, what's Microsoft doing with all that data it's collecting? Answer is: who knows! Just another reason I don't plan to upgrade to Win 10 any time soon!

 

Regards, Ritchie...

Link to comment
Share on other sites

  • 3 weeks later...

I did some other research about the Akamai & Microsoft relationship. Windows experts agree that it is "not recommended" that a Win 10 user attempt to block, disable or uninstall this Akamai CDN service. This could have undesirable consequences as sometimes Microsoft may use this service for important updates, such as security patches, OS improvements or bug fixes. Win 10 users really have no choice but to keep this service enabled so it would seem.

 

 

Best wishes, Ritchie...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...