Mank
September 21, 2021, 4:08pm
1
Just an few minutes ago I received a GW alert that Windows Host process(Rundll32) was trying to connect to the internet to IP 52.35.59.213:80.
The IP resolves to “ec2-52-35-59-213.us-west-2.compute.amazonaws.com ”
I have never seen Rundll32 try to connect to the internet since I began using GW 2 years ago.
I was watching youtube videos using the chrome browser when this occurred.
I denied the connection until I could post here and see what might be triggering this.
Any ideas what might be causing this?
@Mank
https://www.glasswire.com/processes/
Interesting. Please check the page above for some ideas on how to check the file to make sure it’s safe.
Maybe some others can chime in if they see this file on their firewall yet or not.
1 Like
Thanks, I learn something new today.
Do you have any logitech kit on this machine for which you have installed some software (keyboard, mouse, speakers, etc).
S.
Mank
September 26, 2021, 8:45pm
5
Yes. I have a wireless Logitech Mouse connected to my PC via USB dongle. However, I have all the logitech software disabled and there are no processes associated with logitech running in memory. There are also no scheduled tasks that should be making a call/hook to rundll32.exe.
So I have no idea how this was initiated.
1 Like
Logitech software must be removed, not disabled.
Mank
September 27, 2021, 10:55pm
7
Anyone know if it could be some form of MS update mechanism that is attempting to keep the logitech software up to date?
It’s possible… I have seen Windows Update update different drivers that Microsoft itself doesn’t make.