There is software called Process Hacker, the third tab is called Network and will show all connections in real time.
Right, I know the tool. But what is calling the domain? Who is making the connection? Which process? Sometimes the name of domain showed it is not the real one. If you run this, what is shown? Code: ping down.baidu2016.com cheers
Id like to see what you are seeing if possible. I don't know how anything could get through the HOSTS and IP Block
This is looking to me a case of solving the wrong name. It is quite common to happen, especially when it resolves to the first entry name in the HOSTS file. But it may be something more serious such as a rootkit, but I sincerely doubt that is the case. I really need to see the ping as above, and a list shown in which programs are supposedly communicating with servers reported. Also I suggest that instead of using Process Hacker to show the domains accessed to, do so to show the pure and simply IPs. Please post pics, logs, or the results of tests. cheers
something is trying but its not getting out. Thats not actually connecting. Something installed on that system is trying hard to get out, its jut not getting anywhere.
Right... and as I did not tell anything to get out, there is something there, that is not supposed to be there doing that. And that is what I am trying to get rid off. As Zemana ztells me, it is a company that hijacks browsers to aim specific ads at users. Which I have never noticed as my ABP for Ff works just fine ... If it was a little simpler to paste pictures herem, than uploading to another website I could also post the beginning of that same page and you would see, thet there are, immedately after starting the computer, already six other other connection to the same adress DO GET OUT!
Do Win 10 hosts file blocks to M$ servers actually work? iirc correctly, there's some backdoor workaround they added such that microsoft apps dont use the hosts file, is that still true?
A lot is hardcoded in several DLLs, so blocking via hosts file is futile. Rerouting IPs via systems IP tables seems to work properly (blocks even Skype for me).
