[BUG CONNECTION] Mysterious Windows "2166136261" app .exe logged - is it malware?

Hi, guys.

Today I was meeting with some friends on Zoom app when my internet connection gone.

The internet icon on Windows notification area started to alternate between connected and disconnected, but without no signal of internet through Google Chrome or any other app.

5 seconds after disconnection, Glasswire asked permission for the “first network activity” from an mysterious app called 2166136261 (this number is part of Fowler–Noll–Vo hash function). I decided to block.

Then I restarted my computer, tried a TP Link USB wifi dongle, restarted my Mikrotik, my ISP modem, no success at all. I started to feel afraid of some ransomware.

So I opened Glasswire to monitor any web acitivity trying to pass through my connection or app changes and staring that 2166136261 blocked I started to ask me what about to unblock that. And, WOW. Connection was back!

So I want to know WTF is that 2166136261. Some guess?

ADD: Zoom and Rainmeter apps updated after connection restore.

That’s very strange! I have never seen an app like that with Windows myself…

Perhaps this page can be helpful for you?
https://www.glasswire.com/processes/

I never, ever, run anything on my computer that is both unsigned and not scanned by VirusTotal. Maybe either/or, but never both.

I suggest running an on-demand malware scanner on your computer. That does sound suspicious!

My favorite scanners are HitmanPro and Malwarebytes. HitmanPro has a free trial, and Malwarebytes has a free version without real-time protection.

And the Emsisoft Emergency Kit is a free on-demand scanner that combines two scan engines, one proprietary, and one from Bitdefender.

2 Likes

Thank you for advices, @zzz00m!

I’ve always loved the security stack Windows Defender for scanning + Glasswire for monitoring and it proved so failproof. I was a big fan of Bitdefender, but my PC became so slow 6 years ago, so I decided not to install any other antivirus since that.

I’ve just tried this apps and none of them detected any security issue :thinking:

Malware Bytes (:heart: i love MB): 0 Detections
HitmanPro (I never tried it): 0 Detections
Emsisoft (awesome and new for me): 0 Detections

It was like a backdoor activity… well, still a mystery.

2 Likes

Your system is probably clean then. If you can locate that mystery process location on your hard drive, you can always upload it to the VirusTotal website for another check using their multiple scan engines.

BTW, have you enabled the VirusTotal scan option within GlassWire itself? Once you do that, any process that connects to the network has it’s file hash checked by VirusTotal, and the score remains visible in the GlassWire monitor. If the process is unknown to VirusTotal, you will need to upload it manually.