A couple of days ago I noticed that Kaspersky's network activity viewer said that SiteAdvisor had uploaded 140 MB of data in a short period of time. Would this actually happen? I am attaching the display from Kaspersky.
30 Meg incoming, that I can understand if there's a SA update to download. But outgoing? Never seen that before, but then I don't run a graphical network traffic analyser. I'll ask about this, but the first thing anyone's going to say is that you've got two instances of SiteAdvisor in the display, and they'll want to see the logs just in case it's a rogue process, and so forth. I'm not sure where those logs would be if you haven't got McAfee installed.
A few questions, which the SA team would ask for : what OS have you got, and what version of SiteAdvisor? I assume that you're running SiteAdvisor alongside Kaspersky - any problems doing that?
We should not be uploading this much data. I'm also wondering what "SiteAdvisor" names points to ?
Could you please check file(s) location and signature,
I can't find a way to identify the file. However, I uninstalled SA to see what happened. I keep getting entries for network traffic for "SiteAdvisor" but with no data transferred. They are gone in the history the next day. I don't know if they are not kept because there was no activity or they never should have been there in the first place. I noticed that the files for SA were not removed from programs files (x86). I made a copy of them on another drive and thought I had deleted them from C. Today I noticed that they were still there. I tried to delete them but two, Mc\SA\saHook.dll and Mc\SA\x64\saHook.dll, were said to be in use by rundll32 and NvxdSync.exe which is an NVidia file. There were four such files in the NVidia directory. Three appeared to be associated with intalling and I deleted them so I guess it is the other one. I searched my registry for "SiteAdvisor" and found a few entries pointing to the SA directory. Kaspersky doesn't seem to provide the information as to what file is responsible for the network activity and I don't know how to find it.
I forgot that I had found "McAfee Application Cleanup Service". It was listed as automatic and was stopped. I started it and got a message that said it had started and stopped and then got another message saying something and then, "remoted access to the local computer has been broken". Then it was gone.