Process Hacker and Windows discussion

 
rossdorn
New User
Posts: 2
OS: Win 7 ulti 32

down.baidu2016.com

26 Aug 2016, 00:17

1. I used Process Hacker for the first time yesterday and when I got to "Network" I found about six connections to: down.baidu2016.com
Once I opened Firefox, I ended up with COUNTLESS connections to the same adress (Screenshots of both attached)

2. When I use Tools from the menu "Hidden Processes" I get this pop up (attachement)
Double clicking on the first one I get (attachment 520) the complete command line is:

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

If you need more information, just let me know.

What is this baidu, and what should I do about it?
And what are these two unknowable processes that running, and what do I do about them?

Thank you
Attachments
520.jpg
hidden processes.jpg
baidu.jpg
after opening Firefox
after starting the computer.jpg
after starting
 
User avatar
viksoftru
Member
Posts: 486
OS: Win7 (Live! DVD), BSD

Re: down.baidu2016.com

27 Aug 2016, 19:31

WhoIs for this host full report is:
WHOIS Source: RIPE NCC
IP Address: 185.59.220.83
Country: Germany
Network Name: CDN77-FRANKFURT-1
Owner Name: CDN77.com Frankfurt(Germany) POP
From IP: 185.59.220.0
To IP: 185.59.220.255
Allocated: Yes
Contact Name: Datacamp Ltd. technical staff
Address: DataCamp Limited, 207 Regent Street, London, United Kingdom
Email: support@cdn77.com
Abuse Email:
Phone:
Fax:

WHOIS Record:

inetnum: 185.59.220.0 - 185.59.220.255
netname: CDN77-FRANKFURT-1
descr: CDN77.com Frankfurt(Germany) POP
country: DE
admin-c: DLTS1-RIPE
tech-c: DLTS1-RIPE
status: ASSIGNED PA
mnt-by: DATACAMP-MNT
created: 2014-06-23T09:14:52Z
last-modified: 2014-06-23T09:40:34Z
source: RIPE

role: Datacamp Ltd. technical staff
address: DataCamp Limited
address: 207 Regent Street
address: London
address: United Kingdom
e-mail: support@cdn77.com
nic-hdl: DLTS1-RIPE
abuse-mailbox: support@cdn77.com
mnt-by: DATACAMP-MNT
tech-c: JP4750-RIPE
admin-c: JP4750-RIPE
created: 2014-06-23T09:09:30Z
last-modified: 2014-06-23T09:09:30Z
source: RIPE

route: 185.59.220.0/24
descr: CDN77 - Frankfurt POP
origin: AS60068
mnt-by: DATACAMP-MNT
created: 2014-06-18T14:11:11Z
last-modified: 2014-06-18T14:11:11Z
source: RIPE
other close (UNKNOWN) process (possible is virus), and block use firewall any connection up to host down.baidu2016.com . The go to https://www.z-oleg.com/secur/avz/download.php and download then run AVZ for check Your system for virus (please, carefully review the documentation AVZ - the author Oleg Zaitsev program not once warned on forum.ru-board.com that AVZ is not a antivirus, and specialized antivirus utility designed to help you troubleshoot system infection in difficult cases and erroneous use of its scripts can crap troubles).
 
Roman
New User
Posts: 2
OS: Windows 7 64bit
Location: Moldova

Re: down.baidu2016.com

28 Aug 2016, 22:30

I would also recommend a scan with MBAM, Dr Web CureIt and Hitman Pro.
 
rossdorn
New User
Posts: 2
OS: Win 7 ulti 32

Re: down.baidu2016.com

28 Aug 2016, 22:48

Thank you Roman, but if I were to write a list here of all the AV softwares I have been using in the past three days, that were recommended by others, I would exceed the limit of characters allowed for forum posts.
And, Mbam is the software I have installed...

Who is online

Users browsing this forum: No registered users and 3 guests