Hello,
The quick version of the question follows, the context is afterwards:
Is there a way in Windows 10, without touching to the registry, to find out that an application or process did run at a given, split-second, specific time, or did exchange data through the internet?
The context:
The quick version of the question follows, the context is afterwards:
Is there a way in Windows 10, without touching to the registry, to find out that an application or process did run at a given, split-second, specific time, or did exchange data through the internet?
The context:
- For about a week, I happen to have caught a malware which, every hour or so, triggers one pop-up fake ad on my screen, usually while browsing the internet (it probably detects that I'm using a browser), but independantly from it, because if I close the brower, the pop-up ad is still here. No matter what, it always stays on screen for just about five seconds before disappearing.
- Trying to root out this malware, I've gone through the obvious list of installed programs, used the typical malwarebyte/avast/etc., which were of zero help to find the culprit file. I suspect it may somehow have hidden itself within the windows files, in an innocent subfolder.
- I tried to open the task manager at the time of the pop-up, to detect which software or process was suddenly running or stopping, but I'm not quick enough to go through the entire list and check for such changes.
- This program must be exchanging data with a server somewhere (to get the fake ads from, which are often different and renewed), so if I could find out which softwares exchange data through this internet at any given time, it would help.
- I tried looking into the eventlog, and carefully through all windows subfolders, to try to find an event triggered roughly at a time where I noticed the pop-up appearing, but this was so far fruitless.
- It may also be possible that the malware starts with windows and runs the whole time, set to only send a pop up at given times, but even then I should be able to see it exchanging data with the internet at some point in the last week or so since the malware appeared. The problem is that when in the task manager I looked at the list of more than a hundred processes that used some internet , I didn't find any suspicious one, even after I carefully checked, hence my suspicion that it must be hidden in a legit, windows, process, maybe.
- I looked in msconfig at the softwares set to be launched at the start of the computer, but when I ranked them by company name, and looked at same one by one, they were all legit.
- I found online the description of a "WebHelper"/Utorrentie.exe a malware part of the µtorrent software, fitting the description of what I observe, and it would have made sense since I did use µtorrent at a recent point.
I carefully followed a detailed an seemingly sensible list of instructions to properly remove this part from µtorrent, and then properly uninstalled that software to be on the safe side, and deleted all of its files, but the problem keeps happening.
I was thinking that if indeed this was the cause of the problem, it modified a windows DLL file maybe??
Facebook
Twitter
Instagram