1
recently I've noticed my internet connection speed is low even my modem console was opening very slow , after troubleshooting using Wireshark I've found massive packets send to "sg.ilovewebgame.co.kr" i've found out orbit download manager is sending these packets , I'm using orbit for long time and many computers and I trust it but can't find out what is the problem , I have updated avast antivirus and malwarebytes but they don't find any virus or spyware .
here is the captured packet :
POST /member/login HTTP/1.1
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip, deflate
Referer: http://ssd.ilovewebgame.co.kr/member/login
Host: sg.ilovewebgame.co.kr
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
i found nothing on google about this site, How can i find out what is wrong with my orbit without reinstalling it ?
Siavash Ahmadpour
Posted 2013-01-02T16:25:23.357
Reputation: 57
Avast and MalwareBytes might not be catching it, but that url and this behavior sounds extremely suspicious. I would recommend killing the process at minimum until you can figure out what it's doing or why it's visiting a Korean website. Keep an eye on network activity in case another process starts to behave similarly. – Darth Android – 2013-01-02T17:50:52.727
i'm no more let orbit execute and blocked it using comodo , but there is something interesting in orbitdm.exe , it has digital signature that belong to "KORAM GAMES LIMITED" , that have website similar to above url,link is Koram Games, i'm continuing to find more information
– Siavash Ahmadpour – 2013-01-03T09:57:30.107