If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
I can confirm the new version of procmon 12/feb/2018 does work on my windows 7 system even when extracted.
So no it's not some kind of winrar system security bug or so Was getting a bit worried there ! LOL v3.50 it says (procmon). Bye, Skybuck. |
#12
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
Wow this tool has already proven usefull.
Apperently FireFox is infected with some kind of relic entertainment spy software. It's sending small little infos to reliclive.quazal.net. Not yet sure why.. might be facebook spyware/malware/adware related... or some kind of port scanner... weird. Will try to figure out what this is... if I don't succeed will post screenshot later on. Bye, Skybuck. |
#13
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
A quick check of firefox add-ons turns up nothing... kinda stupid idea anyway to allow "add-on" for something as important/privacy vunerable/targetable as webbrowser.
Anyway for what it's worth here is screenshot of sneak relic behaviour: http://www.skybuck.org/WeirdStuff.jpg Weird or what ? Bye, Skybuck |
#14
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
There is some weird **** on the firefox command line when it is started according to procmon, very weird:
" "C:\Tools\Firefox\version 35.0.1\firefox.exe" -contentproc --channel="1568.0.221971136\1769260587" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53 :400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1| 115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:5|174:1048576|1 75:100|176:5000|178:600|180:1|188:20|191:4|195:0|2 04:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40: 0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59: 0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74: 0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90: 1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0 |117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|1 40:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157 :0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0 |184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|1 97:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206 :0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332; *¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟ*᜵ ‐’․ ‧ ** ‹›⁁⁄⁒ ⅓ ⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶ ⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。 〔〕〳*ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝ ./。*�|155:4;high|192:38; {fa95922f-3225-43da-9da5-2b44fb1ea2c1}|" -schedulerPrefs 0001,2 -greomni "C:\Tools\Firefox\version 35.0.1\omni.ja" -appomni "C:\Tools\Firefox\version 35.0.1\browser\omni.ja" -appdir "C:\Tools\Firefox\version 35.0.1\browser" 1568 "\\.\pipe\gecko-crash-server-pipe.1568" tab " This seems like some shell code to me ?! Maybe my firefox command line has been hacked and injected with some crap ?! Hmm interesting ! Bye, Skybuck. |
#15
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
According to this guy on this link/forum:
https://bbs.archlinux.org/viewtopic.php?id=228084 This command line starts to show up when firefox starts opening sub processes/multi tab that kind of thing. However these guys seem unable to decode and understand it further. My hypothesis for now is that perhaps relic found a way to take over control of firefox when visiting there facebook page... and somehow these launch parameters are injected into firefox. Or I could be completely paranoid and this is actually "normal firefox" behaviour seems a bit dangerous though ! Bye, Skybuk |
#16
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
This is a bit suspicious not sure what this is:
http://www.skybuck.org/Suspicious.jpg When clicking on TCP receive and going to properties and then stack. There is this unknown frame. What are frames in this case ? Frames on the "computing stack" ? Or does it mean tcp/ip stack ? Or some other kind of stack ? hmmm... Seems like some kind of tcp/ip stack not sure. Date is also weird of this unknown from 1970 ? Huh ? Bug in windows ? Bug in tool ? Module hack ? Huh ? Hmm... Bye, Skybuck. |
#17
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does not focus on harddisk performance !
|
#18
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does not focus on harddisk performance !
|
#19
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
(Couldn't post this yesterday posting this today):
I tried to block this relic dns address in hosts files on windows/system32/drivers/etc. By copieing and pasting code/advise from somebody else. # relic coh tov 127.0.0.1 reliclive.quazal.net 127.0.0.1 cohlive.quazal.net 127.0.0.1 reliclive-1.quazel.net 127.0.0.1 reliclive.quazel.net 127.0.0.1 38.102.69.23 127.0.0.1 38.102.69.36 127.0.0.1 38.102.69.37 127.0.0.1 38.102.69.42 127.0.0.1 38.102.69.48 I think my firewall is disabled at the moment cause I slept my system and I also turn all that "junk" of for max performance in world of warships. Now my question is kind of does hosts file still block if firewall is off ? Or is hosts file only active/applied when firewall is on ? I would assume hosts file is active even if firewall is on because hosts file should be used by some kind of dns resolving component of windows... but I may be wrong. So why is this communication showing up in procmon ?! Really weird... is this some kind of loopback behaviour ? Also where is it coming from. Maybe when installing company of heroes tales of valor some kind of system modification was made so windows "phones" home to relic for some kind of reason. (I think installer of civilization 3 conquest does also something suspicious... cause windows blocks it or warns about it... but this... relic thing is somewhat of a new discovery for me ) Addition: Either procmon is recgonizing 127.0.0.1 as this dns address which seems unlikely. Or there is something more sinister going on. A wireshark capture may shine some more light on this so I am gonna do that next. Bye, Skybuck. |
#20
|
|||
|
|||
The Biggest Mistake in Windows 7 and such, Task manager does notfocus on harddisk performance !
Ok issued resolved.
I added this line to hosts to see what effect it would have: 127.0.0.1 testtesttest Nows procmon shows firefox is connecting to testtesttest. According to info from the web firefox connects to itself multiple times via 127.0.0.1. This is some odd behaviour to cope with ****ty firewalls like zone alarm and other crap from the 90's LOL. Bye, Skybuck =D |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Task Manager is acting up, how to repair? Windows 10 recovery optionsare overkill | RayLopez99 | Homebuilt PC's | 19 | June 15th 16 11:19 AM |
Windows Task Manager.......can someone advise on how to interpert the information? | RC | Homebuilt PC's | 7 | May 2nd 08 12:30 AM |
windows task manager | millt | General | 2 | July 15th 06 10:11 AM |
Windows Task Manager | Von Fourche | Dell Computers | 6 | January 3rd 06 08:06 PM |
task manager | John Johnson | Homebuilt PC's | 0 | November 1st 04 07:10 AM |