ashwebsv.exe Downloading?

Hi all.

Here’s my deal. I just switched from ZA/Norton to Comodo and Avast!. So far I’m pretty happy with them. Things seem to run smoothly now. (lots of problems with ZA)

I use NetLimiter since I share a connection with a few roomies. Gotta be fair. I noticed ashwebsv.exe is always up on NL signifying an connection to the net. This seems logical. BUT what I don’t understand is how how it could be downloading so much. In just 1 week it has downloaded exactly 496MBs and uploaded about 20MB. I went through my old Norton archives and found that in the few years that I had used NAV it hasn’t pulled even close to the 496MB that Avast has.

Is this normal? Are virus definition files and such really that large and are they really updated that frequently to justify about 500MB worth of updates? Or am I missing some important task Avast performs?

Thanks in advance.

I think a forum search for NetLimiter may return some hits as I vaguely remember something like this in the forums. If I remember rightly it may be that NetLimiter is counting twice, the localhost proxy of web shield and the actual downloaded content.

As far as I’m aware NAV doesn’t have an equivalent to web shield, so it wouldn’t be possiblt to make a direct comparison.

Since I don’t know how netlimiter works or at what point is monitors traffic I can’t say for sure if it is counting twice.

Thanks for the quick reply.

This is something that happens on its own. I’ve closed all netgoing progs and kept an eye on ashwebsv in NL while watching a movie. With nothing else working ashwebsv will start pulling someting at around 120kb/s for about 10 sec.
Just a little odd. I’d just like to know what my progs are doing.

*going to do a forum search

Ok, did a search and did some testing. In downloading a file through Firefox, it shows it connected through ashwebsv instead of firefox. So that explains the 500MB.
What I still would like to know is what it’s doing when I’m not using a browser or any other program that accesses the web.

Web Shield doesn’t initiate connections, but acts as a localhost proxy so that it can scan for infection before it gets on to your HDD (browser cache), your firewall should be able to identify the originating program, see image Outpost Pro log).

You are using a browser, firefox, is the browser that you initiated the download from. If you are getting download traffic and you are personally not using the internet then (something else is) you may have some malware downloading, but I somehow doubt that it would be downloading the huge amounts you mention.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.