giganut Posted January 16, 2016 Report Share Posted January 16, 2016 Hello, I have what I believe to be a problem. On all my Windows 10 machines I have discovered a Hidden Unknown Background Process running at all times. This Unknown Process is not visible in the normal task manager, it's only visible in third party tools like cports and other networking tools. Dose any one know what this is, or if it's a problem or not. Sometimes the Unknown Process will launch many other Unknown Processes making windows 10 slow to react. Below is a list of hosts the Unknown Process is sending requests back and forth to.Not everything in the list below was coming from this Unknown Process but a lot of it was, I just copied out my block list from my host file and posted it, so some of the list may have been coming from other possesses but most of them are from this Unknown Background application in windows 10. sirius.mwbsys.com sirius-prod.elasticbeanstalk.com prev.cloud.avg.com v10.vortex-win.data.microsoft.com v10.vortex-win.data.metron.live.com.nsatc.net vortex.data.glbdns2.microsoft.com VORTEX-cy2.metron.live.com.nsatc.net tools.l.google.com sns.dns.icann.org settings-win.data.microsoft.com OneSettings-bn2.metron.live.com.nsatc.net stats.mbamupdates.com Collection-Balancer-1322209416.us-east-1.elb.amazonaws.com data-cdn.mbamupdates.com vip0x062.ssl.hwcdn.net prisoner.iana.org settings.data.glbdns2.microsoft.com ieonlinews.microsoft.com ocsp2.globalsign.com crl.usertrust.com live.com ns1.msft.net rns02.charter.com rns01.charter.com akamaitechnologies.com Vortex-db5.metron.live.com.nsatc.net prev.explabs.net vip098.ssl.hwcdn.net ns1.gts.cz ocsp.verisign.com ocsp-ds.ws.symantec.com.edgekey.net e8218.dscb1.akamaiedge.net ns1.edgecastcdn.net av.download.avg.com aa.avg.com aa.avg.com.edgesuite.net a1019.g2.akamai.net amazonaws.com avg.cz dm2306-a.1drv.com av.update.avg.com update.avg.com.edgekey.net e11023.a.akamaiedge.net s3-1.amazonaws.com yk-in-f108.1e100.net yv-in-f136.1e100.net yx-in-f102.1e100.net yv-in-f113.1e100.net yv-in-f95.1e100.net ns1.google.com ns2.google.com ns3.google.com ns4.google.com ec2-52-25-54-181.us-west-2.compute.amazonaws.com ec2-52-35-210-189.us-west-2.compute.amazonaws.com a23-61-187-27.deploy.static.akamaitechnologies.com a104-79-133-115.deploy.static.akamaitechnologies.com a104-91-166-96.deploy.static.akamaitechnologies.com a104-91-166-96.deploy.static.akamaitechnologies.com a184-31-193-149.deploy.static.akamaitechnologies.com c6945.sgvps.net atl14s21-in-f6.1e100.net yx-in-f156.1e100.net yv-in-f102.1e100.net yx-in-f101.1e100.net yw-in-f95.1e100.net a23-61-75-27.deploy.static.akamaitechnologies.com xx-fbcdn-shv-01-ord1.fbcdn.net a104-91-166-91.deploy.static.akamaitechnologies.com a23-64-112-45.deploy.static.akamaitechnologies.com a104-91-166-90.deploy.static.akamaitechnologies.com a104-91-166-113.deploy.static.akamaitechnologies.com a104-91-166-83.deploy.static.akamaitechnologies.com mq-cov-osm-dtc-mapquest-a.evip.aol.com ec2-54-175-215-216.compute-1.amazonaws.com a23-64-126-247.deploy.static.akamaitechnologies.com a-0001.a-msedge.net coral.wiktel.com 71.10.216.1 : rns01.charter.com ec2-23-23-131-45.compute-1.amazonaws.com ec2-23-21-130-13.compute-1.amazonaws.com ec2-52-11-75-113.us-west-2.compute.amazonaws.com token.r53-2.services.mozilla.com clients.l.google.com youtube-ui.l.google.com ec2-54-152-180-212.compute-1.amazonaws.com www-google-analytics.l.google.com a104-91-212-129.deploy.static.akamaitechnologies.com a104-91-230-199.deploy.static.akamaitechnologies.com a104-91-166-234.deploy.static.akamaitechnologies.com a104-91-166-82.deploy.static.akamaitechnologies.com a104-91-166-80.deploy.static.akamaitechnologies.com a104-91-192-31.deploy.static.akamaitechnologies.com ec2-50-17-192-248.compute-1.amazonaws.com yv-in-f91.1e100.net ec2-52-88-115-84.us-west-2.compute.amazonaws.com ghs-vip-any-c46.ghs-ssl.googlehosted.com den03s10-in-f36.1e100.net yw-in-f190.1e100.net ec2-54-209-5-173.compute-1.amazonaws.com ec2-52-27-138-29.us-west-2.compute.amazonaws.com yw-in-f113.1e100.net a104-91-166-104.deploy.static.akamaitechnologies.com 166-22.amazon.com a104-91-230-198.deploy.static.akamaitechnologies.com ec2-50-16-234-116.compute-1.amazonaws.com crl.comodoca.com messengerskydrive.com a23-64-119-117.deploy.static.akamaitechnologies.com a72-246-104-169.deploy.akamaitechnologies.com yx-in-f95.1e100.net yv-in-f94.1e100.net qh-in-f106.1e100.net 18-127-232-198.static.unitasglobal.net 120.0.0.1 d1-3-0-0-19.a01.nycmny03.us.ce.verio.net 120.0.0.1 ec2-54-183-163-208.us-west-1.compute.amazonaws.com 120.0.0.1 ya-in-f139.1e100.net 120.0.0.1 ya-in-f94.1e100.net 120.0.0.1 ec2-52-25-54-181.us-west-2.compute.amazonaws.com 120.0.0.1 ql-in-f105.1e100.net 120.0.0.1 a23-61-75-27.deploy.static.akamaitechnologies.com server-52-84-7-171.ord54.r.cloudfront.net ya-in-f94.1e100.net 94.31.29.154.IPYX-077437-ZYO.above.net yx-in-f94.1e100.net 5b.89.7e4b.ip4.static.sl-reverse.com I would like to add that I can't find this application at this time on my machine. I also can't kill it and when it's tampered with it seem to go into a protection mode and go's dormant for some time and then relaunches it's self. I'm not sure and I could be wrong but it seems to send information about the websites I'm looking at at the time. Link to comment Share on other sites More sharing options...
ritchie58 Posted January 16, 2016 Report Share Posted January 16, 2016 Hello giganut, I don't see anything apparently malicious with your Hosts files but you do have a lot of listings for Akamai Technologies which is a business orientated cloud based Content Delivery Network (CDN) service primarily used by web site & software developers. Did you install and are currently using this service? Sometimes mission critical, legitimate applications will use hidden processes to keep them from outside manipulation by other programs. Or, as you fear, it could also be a malware infection. That's why I was curious about the Akamai CDN service. Here is the End-User FAQ/Customer Support page for Akamai that you may want to take a look at. https://www.akamai.com/us/en/support/end-user-faq.jspCheers, Ritchie... Link to comment Share on other sites More sharing options...
giganut Posted January 17, 2016 Author Report Share Posted January 17, 2016 Hello and thank you for your help, I'm not using any CDN services form any company. Thank you for your reply. Link to comment Share on other sites More sharing options...
ritchie58 Posted January 17, 2016 Report Share Posted January 17, 2016 Ok, I did some research on the web concerning Akamai. it appears that Microsoft uses Akamai's servers for updating and other purposes to reduce the workload on Microsoft's own servers. So in actuality this is a legit program that Windows 10 utilizes from time to time. Although Akamai claims it only uses the necessary ports during low system & bandwidth usage other users have reported reduced system performance when the CDN service is connected to their servers.I had to really scour the internet for any relevant answers to your situation so that begs the question, why is Microsoft so secretive (or at the very least, not very transparent [no pun intended]) when it comes to using this hidden service? Is Microsoft using this not just for updates but for data mining as well? I did read a CNET article a while back that claims that Win 10 actually spies on it's users and sends that meta data back to Microsoft, using this same service I would venture to guess. With what you've shown me I would have to concur with the CNET article. If that's truly the case then, what's Microsoft doing with all that data it's collecting? Answer is: who knows! Just another reason I don't plan to upgrade to Win 10 any time soon! Regards, Ritchie... Link to comment Share on other sites More sharing options...
ritchie58 Posted February 2, 2016 Report Share Posted February 2, 2016 I did some other research about the Akamai & Microsoft relationship. Windows experts agree that it is "not recommended" that a Win 10 user attempt to block, disable or uninstall this Akamai CDN service. This could have undesirable consequences as sometimes Microsoft may use this service for important updates, such as security patches, OS improvements or bug fixes. Win 10 users really have no choice but to keep this service enabled so it would seem. Best wishes, Ritchie... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.