Rows and Rows of *2*download.net in Process Monitor?

Discussion in 'PC' started by dl65875, Apr 24, 2022.

  1. dl65875

    dl65875 Kapellmeister

    Joined:
    Nov 30, 2021
    Messages:
    169
    Likes Received:
    62
    So my laptop is again suffering with glitching audio from Kontakt..

    I opened Process Monitor and was scrolling and found row after row of:
    [​IMG]

    It seems to be connected to SYNSOPOS.EXE and Cubase12.exe
    I have the full legit Malware Bytes installed and that always flags any R2R keygen as Malware so I always exclude those keygens from Malware Bytes because they are supposedly safe.

    r2rdownload.net is blocked in my Hosts file and always has been.

    But here's what I do not understand,
    My Cubase Pro 12 is legit, Purchased and download direct from Steinberg's servers and authorised with Steinberg online...

    The only place I have ever DL'd things from R2R is from the sister site.

    Can anyone shed some light on this and if it is a problem or not?
    Could this be causing my glitching in Kontakt?

    Heres some more images, in Process Manager there are pages and pages of rows of this!
    [​IMG]

    [​IMG]
     
    • Interesting Interesting x 1
    • List
  2.  
  3. Quantised Noise

    Quantised Noise Producer

    Joined:
    Mar 12, 2018
    Messages:
    198
    Likes Received:
    88
    You're seeing an anomoly of windows's hostfile use

    I'll wager you have 'that' hostname in your hostfile as 127.0.0.1

    Well, Kontakt is built as a client/server process that uses UDP to 127.0.0.1 to communicate with the GUI from the sampler backend (it allows them to consolidate all of the sampler's RAM usage in one process, and not have multiple instances waste resources).

    Windows reverse-matches 127.0.0.1 to whichever is the first hostname mapped to that in your hosts, and r2r's installers/keygens always put 'that' hostname right at the start when they 'block' that host as part of their 'no to business warez' nonsense.

    So, any access to 127.0.0.1, which happens a lot from NI's plugins for the above reason, then shows as going to 'that' hostname, even though it isn't, really.

    edit: if you still don't believe what I've said above, you can install wireshark and setup a capture rule for the real IP for that hostname (it's in the 103.*.*.* netblock atm), and you'll see kontakt produces absolutely zero packets to that address
     
    Last edited: Apr 24, 2022
    • Like Like x 5
    • Agree Agree x 2
    • List
  4. dl65875

    dl65875 Kapellmeister

    Joined:
    Nov 30, 2021
    Messages:
    169
    Likes Received:
    62
    Hi Quantised Noise

    So its nothing to worry about then?
    Thanks for putting my mind at rest as I thought a sneaky malware had gotten past Malware Bytes. Phew...:winker:

    Great in one way but I was hoping it was causing the dropped notes in Kontakt.
     
  5. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,567
    Likes Received:
    3,334
    well, if that is true; can he change 127.0.0.1 to 0.0.0.0 and not see it looping back?
     
  6. Quantised Noise

    Quantised Noise Producer

    Joined:
    Mar 12, 2018
    Messages:
    198
    Likes Received:
    88
    In the host file? sure, could do that, it would then drop to the next 127.0.0.1 host for reporting those connections, which would almost certainly be the same hostname but with .org instead of .net, so you'd want to change that one too.

    One thing that stands out as 'odd' to me from the screenshots is the amount of trash connections that synsopos is doing, but I'm guessing your project has some not-yet-liberated-from-eLic steinberg vst loaded, and causing that.

    Kontakt *does* attempt a lot of connections to NI's hosts (auth.* and api.* usually, I've seen times when it's attempted thousands per second, but atm can't reproduce that) though, and if it's not firewalled but slow/unable to connect to them, that could conceivably cause it to be laggy. It's very poorly written, and a lot more effort seems to have been put into nonsense call-home stuff than making it fast.
     
    • Like Like x 2
    • Agree Agree x 1
    • List
  7. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,009
  8. dl65875

    dl65875 Kapellmeister

    Joined:
    Nov 30, 2021
    Messages:
    169
    Likes Received:
    62
    My Cubase Pro 12 is legit but the amount of calls it is making is well over the top.
    Huge numbers of legit users reporting all kinds of issues with Cubase Pro 12 on the Steinberg forum but Steinberg forum
    staff are either denying the issues and in some cases being rude to the posters.
     
  9. dl65875

    dl65875 Kapellmeister

    Joined:
    Nov 30, 2021
    Messages:
    169
    Likes Received:
    62
    Hi beat.

    This lap top is a pure DAW machine custom built and tweaked by Scan Computers specifically for audio.
    When I got it about a year or so ago, I also went through it and optimised it on a few things they missed.

    As I say. this machine has performed flawlessly until a week or so ago when these issues started.

    What I have done rather than continually typing things up for different people, is create a HD video
    showing the issue happening and the tweaks I made to try and cure it.

    It is uploading to youtube as I type this and when done I will create a thread for it.
     
    • Interesting Interesting x 1
    • List
  10. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,847
    Likes Received:
    4,021
    Location:
    AudioSexPro
    i see nothing here opening Cubase 12, last version R2R dropped. All clean.

    it is better to use 0.0.0.0 instead of the localhost.

    Well R2R foced us back in 2018 to block r2rdownload.net with localhost.
     
    Last edited: Apr 26, 2022
  11. dl65875

    dl65875 Kapellmeister

    Joined:
    Nov 30, 2021
    Messages:
    169
    Likes Received:
    62
    Hi ArticStorm

    How do I use 0.0.0.0 instead of the localhost ?

    At this stage anything is worth a try.
     
  12. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,847
    Likes Received:
    4,021
    Location:
    AudioSexPro
    In windows you can edit the host file, there you replace localhost ip to 0.0.0.0 and then you should be fine

    On windows 10, you can find the host file here: "c:\Windows\System32\drivers\etc\hosts"

    open inside notepad or anything where you can easily replace 127.0.0.1 with 0.0.0.0 - i have used akelpad, but notepad++ also works.

    But then older R2R releases wil complain. I have solved this by commenting out the host file passage the R2R installer is looking for. Its uncomment if i need to install an old R2R release.

    Hope this helps. :wink:
     
  13. naitguy

    naitguy Audiosexual

    Joined:
    Jan 9, 2017
    Messages:
    795
    Likes Received:
    571
    Location:
    Canada
    I love R2R for pretty much everything, but I think for Kontakt, I'll always do the vkDanilov portable version. If changing things in hosts file to 0.0.0.0 doesn't solve the problem, I'd say remove R2R Kontakt and replace with latest vkDanilov portable version and see if that works better for you. Just search sister site for Kontakt portable. Either way, hope you get it solved.
     
  14. orbitbooster

    orbitbooster Audiosexual

    Joined:
    Jan 8, 2018
    Messages:
    1,125
    Likes Received:
    626
    Right, I discovered that by chance, because usually I block with firewall all sw I don't want to be connected, and Kontakt crashed.
    So I created a rule allowing loopback only et voilĂ , working again.
     
Loading...
Loading...