|
Posted by wng_z3r0 on October 13, 2007, 11:40 pm
If you were Registered and logged in, you could reply and use other advanced thread options
advise you NEVER to download code from an unknown entity on the internet in
a scenario that pcbutts is proposing. Not only do you not have any
information about pcbutts, but you could not even look at reviews from a
'trusted authority' such as perhaps CNET as for all you know, you could be
receiving a unique malware file that is emailed to you. Just a suggestion on
safe(r) internet habits.
Anyways, specifically concerning your network traffic, try installing
wireshark, and running a packet trace when the internet connection spikes:
http://www.wireshark.org/
As it appears you have a malware infestation on your computer, there is a
possibility that this malware is leeching private information in the
computer (such as passwords etc) back to a remote server, or perhaps the
computer is used as a 'bot'. In either case, you really should disconnect
the computer from the internet until the computer is cleaned. Not doing so
puts your computer at more risk and most likely others as well.
To begin cleaning your computer, can you please tell me what version of
windows you are running?
wng
> Go to my website http://www.pcbutts1.com/downloads use the email link at
> the bottom, put "Running Now" in the subject line and email me. I will
> send you my more extensive diagnostic tool, it works better than HJT, with
> instructions on how to use it.
>
>
> --
>
> Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
> The list grows. Leythos the stalker http://www.leythosthestalker.com,
> David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
> Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
>
>
>
>>A real challenge to all spyware and malware experts.
>>
>> Please excuse my bad manners in publishing this article in two
>> newsgroups simultaneously. I am not sure which one is most likely to
>> provide help in solving my problem.
>>
>> If there is another newsgroup that in which I should post this article
>> please let me know.
>>
>>
>> The problem that I have is driving me mad!
>>
>>
>> The problem is that my broadband traffic is at times extremely high
>> for completely unexplained reasons.
>>
>> This is indicated by (1) the daily log kept by my ISP and (2) more
>> visibly by the icon in the lower right-hand corner on my screen that
>> consists of the two little monitor symbols. It these symbols indicate
>> broadband activity by lighting up in light blue - one for up traffic
>> and the other for down traffic.
>>
>> The problem has been around on and off for three months now.
>>
>> Environment: Windows XP SP2, Symantec Norton 360, Namesco (ISP) and Ad-
>> Aware SE Personal. The last of these I run only on demand - usually
>> once a day.
>>
>> When the problem is occurring the daily ISP log shows 4 or 5 times
>> normal megabytes per day and the monitor symbols are lit up all the
>> time.
>>
>> Normally the log and the monitor symbols show low broadband activity.
>> I have been a fairly light user of the internet. No movie downloads,
>> etc. Just emails and web page accesses.
>>
>> The high activity problem has occurred in two episodes. During the
>> first of these (a couple of weeks) the high traffic was more or less
>> equally divided between uploading and downloading. But during the most
>> recent episode (a couple of days) downloading has been very high while
>> uploading was normal.
>>
>> My traffic has been so high that my ISP's monthly limit is 60% used
>> while I am only 40% into the month. I will be charged for any excess.
>> I have become so concerned that I am leaving my modem connection to my
>> phone line unplugged except when I need to access the internet.
>>
>> Regarding the first episode: I tried PREVX. It found and removed some
>> malware. It reported that it put the following items in "jail".
>> zrmkxe.exe (4 KB)
>> ykouzmp.exe (4 KB)
>> ugstzfqp.exe (4 KB)
>> tftp4904 (4 KB)
>> shell64.dll (14 KB) (http://www.auditmypc.com/process/shell64.asp)
>> rphekn.exe (4 KB)
>> gpiawddx.exe 4 KB)
>> avgmb.exe (4 KB)
>>
>> This cleared up the problem but PREVX and Norton 360 do not get along
>> with each other - Norton 360 will not work properly unless PREVX is
>> not present in the same system.
>>
>> I spent a considerable amount of time on the Symantec technical help
>> line. Symantec finally apparently fixed the problem by activating the
>> Norton 360 backup facility. Traffic dropped back down to its normal
>> level for a while. I can't understand why this worked - what is the
>> connection between backup and the high traffic problem?
>>
>> Broadband traffic went back to normal for a while but eventually the
>> high traffic problem returned on several occasions. They were fixed by
>> (1) installing PREVX, (2) doing a scan with it whereby it cleared out
>> some malware, and (3) uninstalling PREVX - all of this while
>> temporarily disabling Norton 360.
>>
>> As I said earlier, the second and last episode of the high traffic
>> broadband problem began a few days ago. This seems to be different
>> than the first episode because the high traffic is mainly downloading
>> while uploading is normal.
>>
>> The big issue with all this is that I need to find out what spyware
>> malware is causing my high traffic. Can anyone tell me how to do this.
>> Is there some diagnostic software that could be of use here?
>>
>> Below are some items that might help diagnose my problem. All of these
>> were obtained when broadband traffic was very high as indicated by the
>> monitor symbols being lit up constantly.
>>
>> The first item is a HijackThis log file. The last two are snapshots
>> are the most active processes in the Windows Task Manager process
>> display.
>>
>> Thanks in advance for your help.
>>
>> Jim
>>
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> -
>>
>
>
| 
XML site map