7 posts in this topic

I've just recently noticed Netsession_win.exe *32 (listed twice) on the task manager in processes and all the description says is Akamai NetSession and nothing more, after some searching I wasn't able to find a proper answer as to what it is, does and more importantly... where it came from.

I havn't downloaded anything that needed to be installed recently and this is the first time i've seen it in processes. I've done a quick scan and nothing came up. Is it a virus that wasn't detected or is it a legit program that just so happenily installs without your consent like a virus would do but not actually a virus?

There was a question on yahoo answers about it but each anwser was different as to watch it does and where it came from and of course how it because installed.

Share this post

Link to post
Share on other sites


I have been tracking UDP and TCP attacks on my Netgear DGN3500 ADSL modem which has a fixed IP address, these attacks are coming from all over the world and they are trying to use my IP address to do something that I did not approve.

During my investigations i found the following. These attack only occurred just after power up of my PC.

My modem has always been configured to report all attacks, and to send emails to me so that I would be alerted to them immediately.

I chased them down and found "Akamai" software running Netsession_win.exe, I did not install this and object to some other person and company using my PC to do their dirty deeds.

I believe that this software should be added to the Block site list so those future customers of Malwarebytes are protected for these types of attacks and misuse of their computers.

Also any person finding this should remove it immediately

Share this post

Link to post
Share on other sites

As far as I'm concerned netsession_win.exe is malware regardless of where it came from. I give the following reasons for my determination:

1. Installation without the users knowledge or consent.

2. Utilizing System resources including network bandwidth to upload data to the internet without users consent or knowledge.

3. Runs as a system user from a non admin User account.

4. Runs a service wide process from a non admin User account.

5. Expects users to be bound by their License agreement despite the fact that the user was not aware of the programs installation upon the users computer. This is in effect entering the user into a binding contract without the user being made aware of the terms of the contract. This is unconstitutional and any first year law student would be aware of it.

If it walks like a duck, and it quacks like a duck, and it looks like a duck, then it's a duck.

Even so, if it installs like male-ware, acts like male-ware, penalizes you like male-ware and sounds like male-ware, then it is male-ware.

This program should be uninstalled and the installation incident reported to your State Attorney General's office.

There is never a good reason for any company to silently install software on your computer without giving you full disclosure of the installation, what the installations purpose is for, and all the actions that the program will take.

Uploading data to the internet counts against your total monthly allotted bandwidth which you are paying your internet provider for. If to much data is uploaded because of amamai's netsession_win.exe, you will be the one paying for the cost of that extra bandwidth, not anamai, not adobe, not autocad, not any of the corporations who are using your bandwidth without your prior approval.

If a user installs a program like this and chooses to provide some of their upload bandwidth to the cache, that is not a problem. This program however, installs without the user knowing about it and then starts uploading content that the user did not previously approve.

If you think that this is not a big issue I must ask: share kiddy **** much? No? But then, when the police come knocking on your door they will only be concerned with the data that has been uploaded by your computer regardless of whether you knew about it or not. And if a program can start uploading content from your computer without you knowing that it is doing so, that same program can download content to your computer without you knowing that it is doing so.

Yep, this is a male-ware.

Scott A. Tovey

Share this post

Link to post
Share on other sites

Hello and welcome to MBAM forum, satovey: :)

Thanks for your detailed and informative post.

FYI, though, this topic actually dates back to November 2011.

So, I'm not sure the OP is anxiously awaiting a reply at this point in time. ;)

Enjoy your stay here!

Best regards,


Share this post

Link to post
Share on other sites


read ">" as next step ... the % variable allows it to work for any user using your system user path, whatever it is currently using. I use unhide all folders in Explorer so I can navigate there too.

> {copy this} %AppData%\..\Local\Akamai\readme.txt

> {run..or press} Win+r > {paste or Ctrl+v} > {enter}

> { or paste above into explorer address bar }

THIS will explain what netsession_win.exe - Akamai NetSession in notepad

In my case it was installed with AVANT BROWSER, (the orange A icon in systray by clock) which uses this as a download accelerator via the Akamai server to stream multiple paths in parallel for downloads from their server instead of 1 path, as I understand it.

from above readme file.. partial view... it also shows how to uninstall, but I dont mind it running. If you use AVANT for the last 10 years as I have, its open forums have no proven many reason to be suspicious as malware.. perhaps one might investigate if it is spyware like google for trend analysis to keep its servers up to date. but no spam.

  • 2]

    ``This file describes the Akamai NetSession Interface.

    The Akamai NetSession Interface is a download manager application. It was

    installed on your computer when you downloaded content that uses the service

    to provide secure, high integrity downloads of large files.

    The NetSession Interface supports downloading from a central source and between

    peers. When peer-downloading is enabled, your computer can serve as an upload

    source for other computers -- without adverse impacts to your computing.

    Peer-to-peer downloading can provide faster, more effective downloads.

    The NetSession Interface contains no adware or spyware, is safe and secure,

    uses minimal resources, and provides you the ability to manage and control its

    actions, including the ability to uninstall it if you do not want it on your



    How It Works


    The NetSession Interface does not have a noticeable desktop presence during

    downloads, since its work is integrated into the sites or applications that use

    the service.

    However, there are two interfaces you can use to manage downloads and the

    interface itself: admintool and a Control Panel extension...

    how to uninstall... read the readme.txt....

Share this post

Link to post
Share on other sites

If this is malware then so are all the torrents to distribute Linux Distros and ASUS drivers to mention a few.

Say its not so.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.