Jump to content

Malware? As.eu.angsrvr.com


Recommended Posts

Hi all,

Whenever I start IE on Windows 10 I keep getting an eset popup that IE is setting up an outgoing, non-certified connection to as.eu.angsrvr.com.

I scanned the notebook with ESET Internet Security and Malwarebytes  and they both tell me the computer isn't infected with anything.

I tried to google the domain, but unfortunately I can't find a thrustworthy source which tells what the connection is about and how to remove it (if harmfull).

Is this a virus or malware? If yes, does anyone know how to remove it?

Thank you in advance.

Anton

 

 

Link to comment
Share on other sites

  • Administrators

Are you getting the pop-up only when launching IE or other browsers as well?

Please provide me with logs collected by ELC to start off.

Link to comment
Share on other sites

Appears to be an Amazon backbone server located in Ireland per Robtex:
 

Quote

ANALYSIS

As.eu.angsrvr.com is a CNAME to lb-adselect-1417292246.eu-west-1.elb.amazonaws.com. Lb-adselect-1417292246.eu-west-1.elb.amazonaws.com has eight IP numbers.

IP numbers

The IP numbers are 52.48.23.77, 52.48.187.226, 52.48.224.106, 52.49.106.168, 52.212.137.240, 52.214.89.34, 54.77.167.116 and 54.171.53.34. The PTRs of the IP numbers are ec2-52-48-23-77.eu-west-1.compute.amazonaws.com, ec2-52-48-187-226.eu-west-1.compute.amazonaws.com, ec2-52-48-224-106.eu-west-1.compute.amazonaws.com, ec2-52-49-106-168.eu-west-1.compute.amazonaws.com, ec2-52-212-137-240.eu-west-1.compute.amazonaws.com, ec2-52-214-89-34.eu-west-1.compute.amazonaws.com, ec2-54-77-167-116.eu-west-1.compute.amazonaws.com and ec2-54-171-53-34.eu-west-1.compute.amazonaws.com. The IP numbers are in Dublin, Ireland. They are hosted by Amazon EC2 DUB prefix.

Results found

Angsrvr.com.

If you are running the Eset firewall in Interactive mode, this connection is probably Microsoft dial-out activity from IE for "God only knows" what pupose; most likely telemetry.

Edited by itman
Link to comment
Share on other sites

1 hour ago, Antonh said:

But if it is Microsoft dial-out activity everyone should get it, right?

Please clarify what you mean. Are you referring to the fact that IE generates the outbound connection but other browsers do not?

Link to comment
Share on other sites

I thought you meant the dial-out activity was common behaviour of microsoft. But I guess its not. How do i get rid of it? And is it harmfull? 

Link to comment
Share on other sites

4 hours ago, Antonh said:

thought you meant the dial-out activity was common behaviour of microsoft. But I guess its not. How do i get rid of it? And is it harmfull? 

Let's start all over again.

Do you have the Eset firewall set to default settings? That is all outbound communication is allowed.

Link to comment
Share on other sites

5 hours ago, Antonh said:

Yes, I use the default settings

The Eset firewall by default allows all outbound connections. However, Eset monitors for connections to malicious domains and also that the certificates used by a domain name are valid.

Next time you receive the Eset popup upon starting IE, take a screen shot of it and post it. This way we can positively id what is going on.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...