Packets sent out about every two seconds? HELP!!!!

Packets sent out about every two seconds? HELP!!!!
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Packets sent out about every two seconds? HELP!!!! t.cruise 12-20-2006
Posted by t.cruise on December 20, 2006, 4:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I am using Windows XP. I have an icon in my System Notification Area for my
Local Area
Connection. I was also using Zone Alarm for a Firewall. Yesterday the icon
started
blinking every 2 seconds or so, the Status says that 2 packets are sent each
time this
happens, and no packets are received. This has never happened before, so anyone
who is
thinking of responding that this is normal behavior: It was never normal
behavior before
yesterday. I have not changed any settings, installed new software, opened email
attachments, or accepted anything from a web site. After scanning with my
antivirus, and
a few adware/spyware/malware utilities, checking MSCONFIG for new Startup items,
nothing
was found. I even did a system restore to 2 days prior, which did not fix the
problem.
All of my software which requires updates is set to manual. I do not use instant
messaging. I then downloaded E Trust EZ Armor Security suite from my Road
Runner site.
After updating the modules, I scanned with both the antivirus, and Pest Control,
and still
nothing was found. I am assuming that since this problem did not exist until
yesterday,
that my system is infected with a Trojan, or some spyware/adware/malware. Any
ideas how
to get rid of this annoying problem?

T.C.



Posted by David H. Lipman on December 20, 2006, 4:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| I am using Windows XP. I have an icon in my System Notification Area for my
Local Area
| Connection. I was also using Zone Alarm for a Firewall. Yesterday the icon
started
| blinking every 2 seconds or so, the Status says that 2 packets are sent each
time this
| happens, and no packets are received. This has never happened before, so
anyone who is
| thinking of responding that this is normal behavior: It was never normal
behavior before
| yesterday. I have not changed any settings, installed new software, opened
email
| attachments, or accepted anything from a web site. After scanning with my
antivirus, and
| a few adware/spyware/malware utilities, checking MSCONFIG for new Startup
items, nothing
| was found. I even did a system restore to 2 days prior, which did not fix the
problem.
| All of my software which requires updates is set to manual. I do not use
instant
| messaging. I then downloaded E Trust EZ Armor Security suite from my Road
Runner site.
| After updating the modules, I scanned with both the antivirus, and Pest
Control, and still
| nothing was found. I am assuming that since this problem did not exist until
yesterday,
| that my system is infected with a Trojan, or some spyware/adware/malware. Any
ideas how
| to get rid of this annoying problem?
|
| T.C.
|

In a Command Prompt, Execute; netstat -a

Copy and Paste the reesult in your reply.

Example ( from my PC )

netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP dlipman-1:loc-srv dlipman-1:0 LISTENING
TCP dlipman-1:blackjack dlipman-1:0 LISTENING
TCP dlipman-1:netbios-ssn dlipman-1:0 LISTENING
TCP dlipman-1:1033 DLIPMAN-2:netbios-ssn ESTABLISHED
TCP dlipman-1:1050 msnews.microsoft.com:nntp ESTABLISHED
TCP dlipman-1:1052 msnews.microsoft.com:nntp TIME_WAIT
UDP dlipman-1:loc-srv *:*
UDP dlipman-1:1026 *:*
UDP dlipman-1:1645 *:*
UDP dlipman-1:1646 *:*
UDP dlipman-1:1812 *:*
UDP dlipman-1:1813 *:*
UDP dlipman-1:iad2 *:*
UDP dlipman-1:iad3 *:*
UDP dlipman-1:netbios-ns *:*
UDP dlipman-1:netbios-dgm *:*
UDP dlipman-1:sytek *:*
UDP dlipman-1:IPsec_NAT-T *:*



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by t.cruise on December 20, 2006, 6:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> | I am using Windows XP. I have an icon in my System Notification Area for my
Local
Area
> | Connection. I was also using Zone Alarm for a Firewall. Yesterday the icon
started
> | blinking every 2 seconds or so, the Status says that 2 packets are sent each
time this
> | happens, and no packets are received. This has never happened before, so
anyone who
is
> | thinking of responding that this is normal behavior: It was never normal
behavior
before
> | yesterday. I have not changed any settings, installed new software, opened
email
> | attachments, or accepted anything from a web site. After scanning with my
antivirus,
and
> | a few adware/spyware/malware utilities, checking MSCONFIG for new Startup
items,
nothing
> | was found. I even did a system restore to 2 days prior, which did not fix
the
problem.
> | All of my software which requires updates is set to manual. I do not use
instant
> | messaging. I then downloaded E Trust EZ Armor Security suite from my Road
Runner
site.
> | After updating the modules, I scanned with both the antivirus, and Pest
Control, and
still
> | nothing was found. I am assuming that since this problem did not exist until
yesterday,
> | that my system is infected with a Trojan, or some spyware/adware/malware.
Any ideas
how
> | to get rid of this annoying problem?
> |
> | T.C.
> |
>
> In a Command Prompt, Execute; netstat -a
>
> Copy and Paste the reesult in your reply.
>
> Example ( from my PC )
>
> netstat -a
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP dlipman-1:loc-srv dlipman-1:0 LISTENING
> TCP dlipman-1:blackjack dlipman-1:0 LISTENING
> TCP dlipman-1:netbios-ssn dlipman-1:0 LISTENING
> TCP dlipman-1:1033 DLIPMAN-2:netbios-ssn ESTABLISHED
> TCP dlipman-1:1050 msnews.microsoft.com:nntp ESTABLISHED
> TCP dlipman-1:1052 msnews.microsoft.com:nntp TIME_WAIT
> UDP dlipman-1:loc-srv *:*
> UDP dlipman-1:1026 *:*
> UDP dlipman-1:1645 *:*
> UDP dlipman-1:1646 *:*
> UDP dlipman-1:1812 *:*
> UDP dlipman-1:1813 *:*
> UDP dlipman-1:iad2 *:*
> UDP dlipman-1:iad3 *:*
> UDP dlipman-1:netbios-ns *:*
> UDP dlipman-1:netbios-dgm *:*
> UDP dlipman-1:sytek *:*
> UDP dlipman-1:IPsec_NAT-T *:*
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Thank you. I hope that you can find something here...

Active Connections

Proto Local Address Foreign Address State
TCP Christopher:epmap Christopher:0 LISTENING
TCP Christopher:microsoft-ds Christopher:0 LISTENING
TCP Christopher:995 Christopher:0 LISTENING
TCP Christopher:1025 Christopher:0 LISTENING
TCP Christopher:1038 Christopher:0 LISTENING
TCP Christopher:1045 Christopher:0 LISTENING
TCP Christopher:1046 Christopher:0 LISTENING
TCP Christopher:1049 Christopher:0 LISTENING
TCP Christopher:1050 Christopher:0 LISTENING
TCP Christopher:1051 Christopher:0 LISTENING
TCP Christopher:netbios-ssn Christopher:0 LISTENING
TCP Christopher:1026 Christopher:0 LISTENING
TCP Christopher:1026 localhost:1038 ESTABLISHED
TCP Christopher:1026 localhost:1045 ESTABLISHED
TCP Christopher:1026 localhost:1049 ESTABLISHED
TCP Christopher:1027 Christopher:0 LISTENING
TCP Christopher:1027 localhost:1046 ESTABLISHED
TCP Christopher:1027 localhost:1050 ESTABLISHED
TCP Christopher:1038 localhost:1026 ESTABLISHED
TCP Christopher:1045 localhost:1026 ESTABLISHED
TCP Christopher:1046 localhost:1027 ESTABLISHED
TCP Christopher:1049 localhost:1026 ESTABLISHED
TCP Christopher:1050 localhost:1027 ESTABLISHED
UDP Christopher:microsoft-ds *:*
UDP Christopher:isakmp *:*
UDP Christopher:1036 *:*
UDP Christopher:1106 *:*
UDP Christopher:1133 *:*
UDP Christopher:ntp *:*
UDP Christopher:netbios-ns *:*
UDP Christopher:netbios-dgm *:*
UDP Christopher:ntp *:*

T.C.



Posted by David H. Lipman on December 20, 2006, 6:26 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


| Thank you. I hope that you can find something here...
|
| Active Connections
|
| Proto Local Address Foreign Address State
| TCP Christopher:epmap Christopher:0 LISTENING
| TCP Christopher:microsoft-ds Christopher:0 LISTENING
| TCP Christopher:995 Christopher:0 LISTENING
| TCP Christopher:1025 Christopher:0 LISTENING
| TCP Christopher:1038 Christopher:0 LISTENING
| TCP Christopher:1045 Christopher:0 LISTENING
| TCP Christopher:1046 Christopher:0 LISTENING
| TCP Christopher:1049 Christopher:0 LISTENING
| TCP Christopher:1050 Christopher:0 LISTENING
| TCP Christopher:1051 Christopher:0 LISTENING
| TCP Christopher:netbios-ssn Christopher:0 LISTENING
| TCP Christopher:1026 Christopher:0 LISTENING
| TCP Christopher:1026 localhost:1038 ESTABLISHED
| TCP Christopher:1026 localhost:1045 ESTABLISHED
| TCP Christopher:1026 localhost:1049 ESTABLISHED
| TCP Christopher:1027 Christopher:0 LISTENING
| TCP Christopher:1027 localhost:1046 ESTABLISHED
| TCP Christopher:1027 localhost:1050 ESTABLISHED
| TCP Christopher:1038 localhost:1026 ESTABLISHED
| TCP Christopher:1045 localhost:1026 ESTABLISHED
| TCP Christopher:1046 localhost:1027 ESTABLISHED
| TCP Christopher:1049 localhost:1026 ESTABLISHED
| TCP Christopher:1050 localhost:1027 ESTABLISHED
| UDP Christopher:microsoft-ds *:*
| UDP Christopher:isakmp *:*
| UDP Christopher:1036 *:*
| UDP Christopher:1106 *:*
| UDP Christopher:1133 *:*
| UDP Christopher:ntp *:*
| UDP Christopher:netbios-ns *:*
| UDP Christopher:netbios-dgm *:*
| UDP Christopher:ntp *:*
|
| T.C.
|


I don't see any abnormal connections to Internet entities.

Do you still see alot of activity ?

Are you sure these are SWENT not RECEIVED packets ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by t.cruise on December 20, 2006, 6:53 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
>
> | Thank you. I hope that you can find something here...
> |
> | Active Connections
> |
> | Proto Local Address Foreign Address State
> | TCP Christopher:epmap Christopher:0 LISTENING
> | TCP Christopher:microsoft-ds Christopher:0 LISTENING
> | TCP Christopher:995 Christopher:0 LISTENING
> | TCP Christopher:1025 Christopher:0 LISTENING
> | TCP Christopher:1038 Christopher:0 LISTENING
> | TCP Christopher:1045 Christopher:0 LISTENING
> | TCP Christopher:1046 Christopher:0 LISTENING
> | TCP Christopher:1049 Christopher:0 LISTENING
> | TCP Christopher:1050 Christopher:0 LISTENING
> | TCP Christopher:1051 Christopher:0 LISTENING
> | TCP Christopher:netbios-ssn Christopher:0 LISTENING
> | TCP Christopher:1026 Christopher:0 LISTENING
> | TCP Christopher:1026 localhost:1038 ESTABLISHED
> | TCP Christopher:1026 localhost:1045 ESTABLISHED
> | TCP Christopher:1026 localhost:1049 ESTABLISHED
> | TCP Christopher:1027 Christopher:0 LISTENING
> | TCP Christopher:1027 localhost:1046 ESTABLISHED
> | TCP Christopher:1027 localhost:1050 ESTABLISHED
> | TCP Christopher:1038 localhost:1026 ESTABLISHED
> | TCP Christopher:1045 localhost:1026 ESTABLISHED
> | TCP Christopher:1046 localhost:1027 ESTABLISHED
> | TCP Christopher:1049 localhost:1026 ESTABLISHED
> | TCP Christopher:1050 localhost:1027 ESTABLISHED
> | UDP Christopher:microsoft-ds *:*
> | UDP Christopher:isakmp *:*
> | UDP Christopher:1036 *:*
> | UDP Christopher:1106 *:*
> | UDP Christopher:1133 *:*
> | UDP Christopher:ntp *:*
> | UDP Christopher:netbios-ns *:*
> | UDP Christopher:netbios-dgm *:*
> | UDP Christopher:ntp *:*
> |
> | T.C.
> |
>
>
> I don't see any abnormal connections to Internet entities.
>
> Do you still see alot of activity ?
>
> Are you sure these are SWENT not RECEIVED packets ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>

Every two to three seconds just the bottom part of the icon in the system
notification
area blinks, if I right click the icon and then left click Status, and wait for
the next
time it happens, ONLY 2-3 packets are SENT. NOTHING is received.

T.C.




The site map in XML format XML site map

Contact Us | Privacy Policy