- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
I installed OBS (streaming app for Twitch streaming).
I started using it without allowing network access to the obs-plugins\64bit\obs-browser-page.exe
Then enabled it. (related or not?)
Since then, I'm having my firewall notification popping every 10 seconds asking me to grant access to "SVChost" but without being able to determine which service is being attached to that process.
My computer firewall is set to "deny all outgoing access" and warn on each attempt of new process.
it tries to access :
34.104.35.123:80 (123.35.104.34.bc.googleusercontent.com)
and I can't accept or block in the firewall because it says "unable to detect the service, choose in the list".
This popup is annoying :/
I searched that IP and OBS on the net, and found that site :
https://any.run/report/9f0e9a4839e3...7e95be20/3622b845-755e-4a04-8e3a-7ec52d674b19
it's a computer analysis of application installation, checking file access, network access, etc. to determine if there are threats.
It lists that IP after installing OBS, thought it's not the same domain name (mine is googleusercontent, while on the report it's edge), but the report is old, it might have changed.
in the log, we can see different URL trying to download binary files.
one of the URL is http://edgedl.me.gvt1.com/edgedl/re....3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
All access to that IP are marked as "whitelisted", not a threat.
If I go to 34.104.35.123:80 in the browser, there's a google log message.
If I go to http://edgedl.me.gvt1.com/ (from the website log) is redirects to "google chrome download page".
Is OBS trying to install Google chrome silently ?
I'm not using Chrome on my computer.
OBS also updated/installed VCredist. could it be related to vc_redist instead ?
It seems it's doing few download requests, and it's also downloading/running "avg_secure_browser_setup.exe"
is that something needed to OBS ?
Maybe OBS is forcing users to download an install AVG without consent ???
OBS is closed, I rebooted, and I still have the firewall alerts.
I re-blocked OBS browser pluging, it still trigger the alerts.
I don't know which process to allow or deny to stop them.
BUT I also found this report :
https://any.run/report/e601c1d200be...4374382f/46394b76-fe32-41aa-9749-0e4d039b3bd3
it's not a tool I have, but it has that IP in the logs.
and it's marked as dangerous.
BUT I also found this site :
https://www.abuseipdb.com/check/34.104.35.123
Which seems to match the DNS name, and it's marked as threat.
My access is "outgoing" so it's not a remote trying to access my PC, but the PC trying to access the network. Could it be an exploit? an issue ?
My questions :
Is it safe, or is it a threat ?
Why would it be SVChost trying to download (and install?) it, and not OBS itself ?
Is there a way to block SVChost [OBS] ?
if I have to enable access, which "service" should I enable from the firewall list of detected service ?
Should I delete OBS ?
Restore a backup of my computer and never touch OBS and forget about streaming games to Twitch at all ?
I could add a Firewall rule to simply block remote access to 34.104.35.123 BUT it will not stop the process trying to connect, and it will just spam the CPU !
I'd prefer to know how to either stop the app from requesting access, or just allow it once and for all if it's not a threat, and it's effectively related to OBS, not a malware, etc.
Should I allow ALL svchost access to that IP ? for like 5 minutes if it needs to update or download something ?
Maybe it's even unrelated to OBS, and just random unfortunate timing ?
have I been infected ?
My antivirus is up to date and not finding an issue.
I removed OBS from my computer and rebooted. It's STILL happening !
I feel like having to restore an acronis backup of my computer... and never touch OBS ever again.
I give 1h or so, without any help I'll just recover my pc to an old backup.
I started using it without allowing network access to the obs-plugins\64bit\obs-browser-page.exe
Then enabled it. (related or not?)
Since then, I'm having my firewall notification popping every 10 seconds asking me to grant access to "SVChost" but without being able to determine which service is being attached to that process.
My computer firewall is set to "deny all outgoing access" and warn on each attempt of new process.
it tries to access :
34.104.35.123:80 (123.35.104.34.bc.googleusercontent.com)
and I can't accept or block in the firewall because it says "unable to detect the service, choose in the list".
EapHost
gpsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
ProfSvc
Schedule
SENS
ShellHWDetection
Themes
Winmgmt
gpsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
ProfSvc
Schedule
SENS
ShellHWDetection
Themes
Winmgmt
This popup is annoying :/
I searched that IP and OBS on the net, and found that site :
https://any.run/report/9f0e9a4839e3...7e95be20/3622b845-755e-4a04-8e3a-7ec52d674b19
it's a computer analysis of application installation, checking file access, network access, etc. to determine if there are threats.
It lists that IP after installing OBS, thought it's not the same domain name (mine is googleusercontent, while on the report it's edge), but the report is old, it might have changed.
in the log, we can see different URL trying to download binary files.
one of the URL is http://edgedl.me.gvt1.com/edgedl/re....3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
All access to that IP are marked as "whitelisted", not a threat.
If I go to 34.104.35.123:80 in the browser, there's a google log message.
If I go to http://edgedl.me.gvt1.com/ (from the website log) is redirects to "google chrome download page".
Is OBS trying to install Google chrome silently ?
I'm not using Chrome on my computer.
OBS also updated/installed VCredist. could it be related to vc_redist instead ?
It seems it's doing few download requests, and it's also downloading/running "avg_secure_browser_setup.exe"
is that something needed to OBS ?
Maybe OBS is forcing users to download an install AVG without consent ???
OBS is closed, I rebooted, and I still have the firewall alerts.
I re-blocked OBS browser pluging, it still trigger the alerts.
I don't know which process to allow or deny to stop them.
BUT I also found this report :
https://any.run/report/e601c1d200be...4374382f/46394b76-fe32-41aa-9749-0e4d039b3bd3
it's not a tool I have, but it has that IP in the logs.
and it's marked as dangerous.
BUT I also found this site :
https://www.abuseipdb.com/check/34.104.35.123
Which seems to match the DNS name, and it's marked as threat.
My access is "outgoing" so it's not a remote trying to access my PC, but the PC trying to access the network. Could it be an exploit? an issue ?
My questions :
Is it safe, or is it a threat ?
Why would it be SVChost trying to download (and install?) it, and not OBS itself ?
Is there a way to block SVChost [OBS] ?
if I have to enable access, which "service" should I enable from the firewall list of detected service ?
Should I delete OBS ?
Restore a backup of my computer and never touch OBS and forget about streaming games to Twitch at all ?
I could add a Firewall rule to simply block remote access to 34.104.35.123 BUT it will not stop the process trying to connect, and it will just spam the CPU !
I'd prefer to know how to either stop the app from requesting access, or just allow it once and for all if it's not a threat, and it's effectively related to OBS, not a malware, etc.
Should I allow ALL svchost access to that IP ? for like 5 minutes if it needs to update or download something ?
Maybe it's even unrelated to OBS, and just random unfortunate timing ?
have I been infected ?
My antivirus is up to date and not finding an issue.
I removed OBS from my computer and rebooted. It's STILL happening !
I feel like having to restore an acronis backup of my computer... and never touch OBS ever again.
I give 1h or so, without any help I'll just recover my pc to an old backup.
Last edited by Cyan,