Jump to content



  • This topic is locked This topic is locked
6 replies to this topic

#1 Alpha32


    New Member

  • Members
  • Pip
  • 26 posts

Posted 22 November 2011 - 10:51 PM

I've just recently noticed Netsession_win.exe *32 (listed twice) on the task manager in processes and all the description says is Akamai NetSession and nothing more, after some searching I wasn't able to find a proper answer as to what it is, does and more importantly... where it came from.

I havn't downloaded anything that needed to be installed recently and this is the first time i've seen it in processes. I've done a quick scan and nothing came up. Is it a virus that wasn't detected or is it a legit program that just so happenily installs without your consent like a virus would do but not actually a virus?

There was a question on yahoo answers about it but each anwser was different as to watch it does and where it came from and of course how it because installed.

#2 CWB


    Forum Deity

  • Honorary Members
  • PipPipPipPipPipPip
  • 1,914 posts

Posted 23 November 2011 - 06:09 AM

heh ... yahoo answers .

a two minute google search of "Netsession_win.exe *32 malware" netted this (plus more sites/information) :

perhaps a couple of the others here can provide more information on this .

#3 aaHWJaa


    New Member

  • Members
  • Pip
  • 1 posts

Posted 23 April 2012 - 11:57 PM


I have been tracking UDP and TCP attacks on my Netgear DGN3500 ADSL modem which has a fixed IP address, these attacks are coming from all over the world and they are trying to use my IP address to do something that I did not approve.

During my investigations i found the following. These attack only occurred just after power up of my PC.
My modem has always been configured to report all attacks, and to send emails to me so that I would be alerted to them immediately.

I chased them down and found "Akamai" software running Netsession_win.exe, I did not install this and object to some other person and company using my PC to do their dirty deeds.

I believe that this software should be added to the Block site list so those future customers of Malwarebytes are protected for these types of attacks and misuse of their computers.

Also any person finding this should remove it immediately

#4 satovey


    New Member

  • Members
  • Pip
  • 1 posts

Posted 03 September 2012 - 01:57 PM

As far as I'm concerned netsession_win.exe is malware regardless of where it came from. I give the following reasons for my determination:

1. Installation without the users knowledge or consent.
2. Utilizing System resources including network bandwidth to upload data to the internet without users consent or knowledge.
3. Runs as a system user from a non admin User account.
4. Runs a service wide process from a non admin User account.
5. Expects users to be bound by their License agreement despite the fact that the user was not aware of the programs installation upon the users computer. This is in effect entering the user into a binding contract without the user being made aware of the terms of the contract. This is unconstitutional and any first year law student would be aware of it.

If it walks like a duck, and it quacks like a duck, and it looks like a duck, then it's a duck.
Even so, if it installs like male-ware, acts like male-ware, penalizes you like male-ware and sounds like male-ware, then it is male-ware.

This program should be uninstalled and the installation incident reported to your State Attorney General's office.

There is never a good reason for any company to silently install software on your computer without giving you full disclosure of the installation, what the installations purpose is for, and all the actions that the program will take.

Uploading data to the internet counts against your total monthly allotted bandwidth which you are paying your internet provider for. If to much data is uploaded because of amamai's netsession_win.exe, you will be the one paying for the cost of that extra bandwidth, not anamai, not adobe, not autocad, not any of the corporations who are using your bandwidth without your prior approval.

If a user installs a program like this and chooses to provide some of their upload bandwidth to the cache, that is not a problem. This program however, installs without the user knowing about it and then starts uploading content that the user did not previously approve.

If you think that this is not a big issue I must ask: share kiddy **** much? No? But then, when the police come knocking on your door they will only be concerned with the data that has been uploaded by your computer regardless of whether you knew about it or not. And if a program can start uploading content from your computer without you knowing that it is doing so, that same program can download content to your computer without you knowing that it is doing so.

Yep, this is a male-ware.

Scott A. Tovey

#5 daledoc1


    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,954 posts
  • Gender:Not Telling

Posted 03 September 2012 - 03:08 PM

Hello and welcome to MBAM forum, satovey: :)

Thanks for your detailed and informative post.
FYI, though, this topic actually dates back to November 2011.
So, I'm not sure the OP is anxiously awaiting a reply at this point in time. ;)

Enjoy your stay here!

Best regards,


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO; Sophos ES 10.3; SAS Free; CCleaner.

#6 TonyStewart


    New Member

  • Members
  • Pip
  • 3 posts

Posted 04 October 2012 - 06:06 PM

read ">" as next step ... the % variable allows it to work for any user using your system user path, whatever it is currently using. I use unhide all folders in Explorer so I can navigate there too.

> {copy this} %AppData%\..\Local\Akamai\readme.txt
> {run..or press} Win+r > {paste or Ctrl+v} > {enter}
> { or paste above into explorer address bar }
THIS will explain what netsession_win.exe - Akamai NetSession in notepad

In my case it was installed with AVANT BROWSER, (the orange A icon in systray by clock) which uses this as a download accelerator via the Akamai server to stream multiple paths in parallel for downloads from their server instead of 1 path, as I understand it.

from above readme file.. partial view... it also shows how to uninstall, but I dont mind it running. If you use AVANT for the last 10 years as I have, its open forums have no proven many reason to be suspicious as malware.. perhaps one might investigate if it is spyware like google for trend analysis to keep its servers up to date. but no spam.

  • 2]

    ``This file describes the Akamai NetSession Interface.

    The Akamai NetSession Interface is a download manager application. It was
    installed on your computer when you downloaded content that uses the service
    to provide secure, high integrity downloads of large files.

    The NetSession Interface supports downloading from a central source and between
    peers. When peer-downloading is enabled, your computer can serve as an upload
    source for other computers -- without adverse impacts to your computing.
    Peer-to-peer downloading can provide faster, more effective downloads.

    The NetSession Interface contains no adware or spyware, is safe and secure,
    uses minimal resources, and provides you the ability to manage and control its
    actions, including the ability to uninstall it if you do not want it on your

    How It Works

    The NetSession Interface does not have a noticeable desktop presence during
    downloads, since its work is integrated into the sites or applications that use
    the service.

    However, there are two interfaces you can use to manage downloads and the
    interface itself: admintool and a Control Panel extension...

    how to uninstall... read the readme.txt....

#7 TonyStewart


    New Member

  • Members
  • Pip
  • 3 posts

Posted 04 October 2012 - 06:15 PM

If this is malware then so are all the torrents to distribute Linux Distros and ASUS drivers to mention a few.
Say its not so.

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users