Suspicious baidu connections

[rienna]

I decided to turn on my desktop which I forgot still had Baidu installed.
And guess what killswitch finds?
Dozens of mysterious connections to facebook.com and other servers that are preeetttty suspicious.
Unfortunately everytime I hit CRTL+ALT+PRINTSCREEN it would close them so I couldn't get a good screenshot. I did manage to get one of them copied at least that kept closing. It was.

hxxp://edge-star-shv-01-ord1.facebook.com/

And some other names.
These were produced by the so called "Baidu hips" service (Bhipsvc.dll or whatever. I turned it off out of disgust but if I can find a free video (Screen) recording software I might try to catch it in the act, preferably sometime when I'm not still feeling sick.

 

[Bryan Lam]

Is your Facebook Account connected to Baidu? Oh and try using Process Hacker

http://sourceforge.net/projects/processhacker/

Here is the dl link if you dont like source Forge. (I uploaded it For u)

https://userscloud.com/y9s4pof162n4

 

[viktik]

baidu antivirus is cloud based. so it will connect to its servers.
it needs to connect its update server.
URL protection will connect to its servers to check if a given URL is safe or not.

 

[Bryan Lam]

Does it really need to connect to facebook though? I mean its Antivirus. Unless its like Qihoo 360 which asks to connect to facebook i suspect something is up

 

[rienna]

Not that I'm aware of.
I never even signed onto facebook with that computer.
And I'm pretty sure said suspect servers have nothing to do with "URL protection" or its "Cloud protection".
Again I'll check it when I'm not feeling sick.

I merely fired up my desktop earlier because I found onedrive had backed up a spigot infection malwarebytes had not found on my laptop before, low-and behold it was my desktop which had uploaded a backup to my onedrive INCLUDING spigot (mind you fresh install of Windows, other than Windows update it's only been to Adblockplus.org, malwarebytes.org, and antivirus.baidu.com, iobit.com (I've had good results with their defragger and driver program though there may be better available) and of course comodo.com) . And I wanted to make sure no other problems were present, then I saw that.

Edit: And I never saw an option to "sign in" to my facebook on it either.

 

[jackuars]

but if I can find a free video (Screen) recording software I might try to catch it in the act, preferably sometime when I'm not still feeling sick.

If you need a basic freeware screen recorder then you can choose IceCream Screen Recorder
If you need an advanced freeware screen recorder then you may choose Active Presenter

 

[Ink]

I merely fired up my desktop earlier because I found onedrive had backed up a spigot infection malwarebytes had not found on my laptop before, low-and behold it was my desktop which had uploaded a backup to my onedrive INCLUDING spigot (mind you fresh install of Windows, other than Windows update it's only been to Adblockplus.org, malwarebytes.org, and antivirus.baidu.com, iobit.com (I've had good results with their defragger and driver program though there may be better available) and of course comodo.com) . And I wanted to make sure no other problems were present, then I saw that..

Spigot is bundled with some IObit software. Not sure how OneDrive could have backed up Spigot, unless you have extra folders synced with it.

 

[ivylamb]

If you need a basic freeware screen recorder then you can choose IceCream Screen Recorder
If you need an advanced freeware screen recorder then you may choose Active Presenter

Thanks for sharing such useful solution.