Windows Resource Protection did not find any integrity violations. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. Now I have the Services behind svchost.exe. Svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Switch to Windows Powershell and checked out the results from when I ran the tasklist command. Unfortunately, it’s the ubiquitous svchost.exe The Command Line parameters (-k NetworkService) and Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains.Ĭhecked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains.ĭouble clicked the packets and scrolled down to find the Source Port numbers: ![]() Tasklist /svc /fi “imagename eq svchost.exe” Opened Windows Powershell as Admin and typed: Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). There are no suspicious add-ons to my browsers. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. This happens even when the browsers on my PC are closed. It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |