Jump to content
Qu1ck

svchost.exe shows in 6 different locations

Recommended Posts

Well it kept connecting to 52.230.222.68 which is a suspicious IP according to the internet, so I blocked it through the firewall and now Windows is freezing for some time, and I see svchost.exe connecting to random IP addresses again.

Share this post


Link to post
Share on other sites

The most concerning to me are svchost.exe and also gdcagent.exe.

Share this post


Link to post
Share on other sites

After looking at the program itself, I think these have something to do with Chrome itself, the moment I close chrome, 2 svchost.exe connections dissappear. Really strange.

Share this post


Link to post
Share on other sites

Domain ID: 197784869_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2019-05-07T20:21:36Z
   Creation Date: 2005-08-18T02:10:45Z
   Registry Expiry Date: 2024-01-16T04:59:59Z
   Registrar: MarkMonitor Inc.
   Registrar IANA ID: 292
   Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
   Registrar Abuse Contact Phone: +1.2083895740
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Name Server: R1.AMAZONAWS.COM
   Name Server: R2.AMAZONAWS.COM
   Name Server: U1.AMAZONAWS.COM
   Name Server: U2.AMAZONAWS.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-08-01T02:41:40Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
 I've also found this after clicking on Whois on the GDCAgent.exe

Share this post


Link to post
Share on other sites

The genuine GDCAgent.exe file is a software component of GDCAgentSetupRed by Lenovo

The connections shown look rather normal. Let's go ahead though and run another antivirus scan to help ease your concerns

 

 

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

 

Share this post


Link to post
Share on other sites

Yes, I didn't think it would but I wanted you to see that as well.

Again, I think a good, better cleaning of your Google Chrome may help you feel better about how the system is working too.

 

 

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

  • Open Chrome and at the top right, click ellipse.png.2829aeeb2aea006bc956de077091and then More tools and then Extensions
  • Write down the list of Extensions installed.
  • Next, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
     
    • run_command.png
       
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png.00938ead26fa2bd

 

Restart your computer now and make sure there are no longer any redirects or other browser issues and let me know the results

Thanks

Ron

 

 

Share this post


Link to post
Share on other sites

Browser is not the issue, anyway, when I leave my computer open for some time, the screen blacks out and then returns to normal in a matter of a second, now, this has been happening for some time now and I’m wondering what could have caused it.

Share this post


Link to post
Share on other sites

Well not sure what issue you're having exactly then. None of the scans are finding any infection. We can run a couple of routines from Microsoft to verify OS files if you like.

 

Share this post


Link to post
Share on other sites

Yes I'd like to, thanks for the help by the way.

Share this post


Link to post
Share on other sites

I'd also like to add that for some reason Windows Defender is taking more CPU processing power and Memory than Chrome for some reason.

Here's the location of the file, it was changed 6 days ago I think C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe maybe that has to do something with anything?

Share this post


Link to post
Share on other sites


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.