Windows update installed new network Connection

wildfirewildfire Member Posts: 654
Guys, I recently updated windows and after restart it has created a new Local area connection labeled "Microsoft TV/Video connection" I tried to disable it but it say I can't, I tried looking for the service its tied to and can'f find much. After googling I found its associated with a TV capture card or Web cam, I have neither of these installed on my PC, and no my Graphics card doesnt have capture.

Ipconfig yeilds this adapted to have an IP of 0.1.0.4, I also see packets coming through my Cisco Pix that have the source of my lan adapted and within that packet the source of above. Also I have a Mcaffee IPS which is reporting it as a violation constantly.

Does anyone know more about this? I hope its not another Microsoft are going to play big brother thing. Or could it be some sort of virus my zone alarm and mcaffee havent picked up.
Looking for CCIE lab study partnerts, in the UK or Online.

Comments

  • Silver BulletSilver Bullet Member Posts: 676
    Is it listed in Device Manager? If so can you uninstall the driver for it there?

    Does the route print command list any routes for this interface? If so, run netstat -a -o from a command prompt and see if you have any strange connections listening or established and note the PID from that connection. Then run tasklist /svc and find the PID that you noted from netstat to find out what service or services are using that connection and stop it using task manager. Then try removing/disabling the interface.

    The first I have heard of this. Let us know how it progresses.
  • wildfirewildfire Member Posts: 654
    route print reveals a default route to my ethernet interface. Aside from having lots of TCP and UDP connections I can only find one that looks consistant with this adapter, source port if 3434 (TCP) and the PID 5752

    The process associated is one of the svchost.exe with an appended description of Upnp so stopping one of the svchost causes all hell. this is annoying me now not being able to remove it, I want to know what its doing, I used a Sniffer session and noticed its just a load of hex code its sending.
    Looking for CCIE lab study partnerts, in the UK or Online.
  • Silver BulletSilver Bullet Member Posts: 676
    There are usually a few different svchosts running at the same time. You can make sure that you are stopping only the one that is associated with that adapter by enabling the view of the PID in the GUI task manager by clicking View>Select Columns. Then of course just put a check mark in PID(Process Identifier).

    Might want to make sure the PID hasn't changed and then try it again by stopping only that svchosts for that PID by right clicking and choosing end process tree.

    Or are you saying all kinda crazy stuff happened when you stopped only the svchost that was associated with that adapter?

    Also since you say that it appears to be UPnP then check the status of the Universal Plug and Play Device Host in Services. If it is set to Automatic and Started then Stop this Service and change it's Startup Type to either Manual or Disabled.

    Another thing you can look at is in the Registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run and see if it is starting from there. If so, remove it and restart your PC and see if it is running. If it is not then remove it.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    If you want to know what svchost is you can do this ..

    Open command prompt and type

    tasklist /svc >c:\taskList.txt

    Then browser to the text file in C drive and read.

    You should get something like ...
    svchost.exe 920 DcomLaunch, TermService
    svchost.exe 996 RpcSs
    MsMpEng.exe 1092 WinDefend
    svchost.exe 1132 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
    dmserver, ERSvc, EventSystem, helpsvc,
    lanmanserver, lanmanworkstation, Netman,
    Nla, RasMan, Schedule, seclogon, SENS,
    SharedAccess, ShellHWDetection, srservice,
    TapiSrv, Themes, TrkWks, W32Time, winmgmt,
    wscsvc, wuauserv, WZCSVC
    svchost.exe 1192 Dnscache
    svchost.exe 1280 LmHosts, RemoteRegistry, SSDPSRV, WebClient


    A favourite of mine when sorting systems is ProcessExplorer

    http://www.sysinternals.com/Utilities/ProcessExplorer.html
    www.supercross.com
    FIM website of the year 2007
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,675 Admin
    Are you sure that it wasn't there before you ran the update? Are you running Windows Media Center Edition? A network connection can be associated with software-only, so it's possible that it is spyware or a bot Trojan.
Sign In or Register to comment.