Somethings got hold of my computer ...

[Spacehopper]

..... and I don't know what it is. For some time now I have been using been using netmeter to monitor traffic, upload and download speeds etc. Over the past 2 days it has shown that there is a constant upload at 4.7 Kbs and download at 5Kbs and I can't find out what it is. I have a firewall (Norton) as well as a hardware firewall built into the router. I have stopped as many processes running as possible but the activity is still there, I can only stop it by having Norton block all traffic. I've run Adaware and Spybot to no effect, my virus checker (AVG) runs every night. Obviously something has got onto my PC and has opened a hole through the firewalls but how can I find out what it is? I'm almost at the point of reformating and rebuilding.

BTW I am writing this on my laptop, traffic on the desktop is permanently blocked

Gareth

[Arthur Gerla]

Finding out which process is causing the traffic should narrow things down. Open a command prompt window and type

netstat /b

The output will be something like this:

Quote:

C:\Documents and Settings\Arthur>netstat /b

Active connections

Proto Local adress External adress Status PID
TCP PC-Arthur:1067 localhost:1068 ESTABLISHED 1220
[firefox.exe]

TCP PC-Arthur:1068 localhost:1067 ESTABLISHED 1220
[firefox.exe]

TCP PC-Arthur:1069 localhost:1070 ESTABLISHED 1220
[firefox.exe]

TCP PC-Arthur:1070 localhost:1069 ESTABLISHED 1220
[firefox.exe]

TCP PC-Arthur:1590 192.168.2.10:1026 ESTABLISHED 3100
[OUTLOOK.EXE]

TCP PC-Arthur:1593 192.168.2.10:1135 ESTABLISHED 3100
[OUTLOOK.EXE]

TCP PC-Arthur:1820 82.199.131.203:19931 ESTABLISHED 2312
[Skype.exe]

TCP PC-Arthur:2680 gerla.demon.nl:http ESTABLISHED 3708
[iexplore.exe]

TCP PC-Arthur:2835 a194-109-192-9.deploy.akamaitechnologies.com:http
ESTABLISHED 2128
[jusched.exe]

TCP PC-Arthur:3323 192.168.2.100:netbios-ssn ESTABLISHED 4
[System]

TCP PC-Arthur:2663 xs4all.nl:http TIME_WAIT 0
TCP PC-Arthur:2679 xs4all.nl:http TIME_WAIT 0

C:\Documents and Settings\Arthur>

This reveals the process for every active network connection on your system. As you can see I'm running firefox, outlook, skype and internet exploder. jusched.exe is the Java update scheduler.

Alternatively, install Currports from Nirsoft.

Good luck,

Arthur

[Air Guzzler]

I tried that arthur to see why mine was so slow it opens runs that fast i cannot see it then closes ?

[weazelz]

Quote:

Originally Posted by Air Guzzler

I tried that arthur to see why mine was so slow it opens runs that fast i cannot see it then closes ?

open a command prompt:

start->run->"cmd"

then run "netstat /b"

[TDonald]

My basic virus/spyware routine.....

Unplug network connection.
Remove, restart, then reinstall AVG, adaware and spybot.

Use your faithful laptop to locate updates for the above, and the remarkably funny sounding SuperAntiSpyware, Hijackthis and McAfee Stinger [standalone virus scanner]. All should be free and easy to find on google. Transfer over and install with a pendrive.

Restart in safemode [tap f8 when the manufacterers splash screen displays on reboot]. Scan with AVG, Stinger, AdAware, SB, SAS.

Reboot to normal windows.

Test to see if this has solved the problem.

If not, Hijackthis is fairly useful also, but can have some negative results. Run Hijack this, select scan and save logfile, save it to the pendrive. Use laptop to analyse logfile with hijackthis.de . This will suggest some potential nasty registry entries which can be removed with HJT. Now, if you remove something you shouldn't with HJT, you can cause some fairly catastrophic problems. If there's something you're unsure about, send me a PM.