According to my ISP someone is uploading constant amounts of data using my bandwith ( from possibly some tunneling program or vpn )
The problem is I dont use wireless ( I have an old adsl modem ) so I dont see how they could be doing it , unless theres some program on my pc doing it I am unaware of , does any one have any suggestions ?
m
netstat -a
throw new ArgumentException (String, String, Exception)
melon (08-03-2012)
Start > Run > ResMon
Go to the network tab and have a snoop around at the bandwidth and tcp connections.
Main PC: Asus Rampage IV Extreme / 3960X@4.5GHz / Antec H1200 Pro / 32GB DDR3-1866 Quad Channel / Sapphire Fury X / Areca 1680 / 850W EVGA SuperNOVA Gold 2 / Corsair 600T / 2x Dell 3007 / 4 x 250GB SSD + 2 x 80GB SSD / 4 x 1TB HDD (RAID 10) / Windows 10 Pro, Yosemite & Ubuntu
HTPC: AsRock Z77 Pro 4 / 3770K@4.2GHz / 24GB / GTX 1080 / SST-LC20 / Antec TP-550 / Hisense 65k5510 4K TV / HTC Vive / 2 x 240GB SSD + 12TB HDD Space / Race Seat / Logitech G29 / Win 10 Pro
HTPC2: Asus AM1I-A / 5150 / 4GB / Corsair Force 3 240GB / Silverstone SST-ML05B + ST30SF / Samsung UE60H6200 TV / Windows 10 Pro
Spare/Loaner: Gigabyte EX58-UD5 / i950 / 12GB / HD7870 / Corsair 300R / Silverpower 700W modular
NAS 1: HP N40L / 12GB ECC RAM / 2 x 3TB Arrays || NAS 2: Dell PowerEdge T110 II / 24GB ECC RAM / 2 x 3TB Hybrid arrays || Network:Buffalo WZR-1166DHP w/DD-WRT + HP ProCurve 1800-24G
Laptop: Dell Precision 5510 Printer: HP CP1515n || Phone: Huawei P30 || Other: Samsung Galaxy Tab 4 Pro 10.1 CM14 / Playstation 4 + G29 + 2TB Hybrid drive
melon (08-03-2012)
You don't have a torrent client or somesuch do you? if you don't have wireless the chances are there's something on your computer doing it, so I'd check that first. I've used wireshark to monitor network traffic before - should tell you if there's any rogue programs on your PC sending out masses of data. Otherwise, log in to your router and there should be a page that tells you what computers are attached to it, and make sure the router itself doesn't have any kind of torrent client or something odd like that on it.
melon (08-03-2012)
Up or down?Originally Posted by melon
melon (08-03-2012)
excuse brief rundown ( hands bad )
I tried wireshark but saw only my 1 device ( my wireless lan driver listed ) 0 packets and an unkown ip address under the interface tab , or do I need to setup this up some other way ?
tried netstat -a but not really sure what im looking for , when i tried -e i noticed all the bytes being sent were non-unicast and that the following address with 127.0.0.1 keeps showing up when I tried -ano
TCP 78.33.152.54:57710 216.36.172.215:1247 TIME_WAIT 0
TCP 78.33.152.54:57710 217.137.152.40:51240 TIME_WAIT 0
TCP 78.33.152.54:57710 217.137.152.40:52044 TIME_WAIT 0
TCP 78.33.152.54:57710 220.253.81.208:53955 TIME_WAIT 0
TCP 127.0.0.1:1025 127.0.0.1:2001 ESTABLISHED 2020
TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING 3784
TCP 127.0.0.1:1073 127.0.0.1:1074 ESTABLISHED 1860
TCP 127.0.0.1:1074 127.0.0.1:1073 ESTABLISHED 1860
TCP 127.0.0.1:1075 127.0.0.1:1076 ESTABLISHED 1860
TCP 127.0.0.1:1076 127.0.0.1:1075 ESTABLISHED 1860
TCP 127.0.0.1:1077 127.0.0.1:1078 ESTABLISHED 1860
TCP 127.0.0.1:1078 127.0.0.1:1077 ESTABLISHED 1860
TCP 127.0.0.1:1079 127.0.0.1:1080 ESTABLISHED 1860
TCP 127.0.0.1:1080 127.0.0.1:1079 ESTABLISHED 1860
TCP 127.0.0.1:1081 127.0.0.1:1082 ESTABLISHED 1860
TCP 127.0.0.1:1082 127.0.0.1:1081 ESTABLISHED 1860
TCP 127.0.0.1:1154 127.0.0.1:1155 ESTABLISHED 3676
TCP 127.0.0.1:1155 127.0.0.1:1154 ESTABLISHED 3676
TCP 127.0.0.1:1156 127.0.0.1:1157 ESTABLISHED 3676
TCP 127.0.0.1:1157 127.0.0.1:1156 ESTABLISHED 3676
TCP 127.0.0.1:1624 127.0.0.1:12080 ESTABLISHED 3676
TCP 127.0.0.1:2001 127.0.0.1:1025 ESTABLISHED 1392
TCP 127.0.0.1:2247 127.0.0.1:12080 ESTABLISHED 3676
TCP 127.0.0.1:2261 127.0.0.1:12080 ESTABLISHED 3676
TCP 127.0.0.1:2262 127.0.0.1:12080 ESTABLISHED 3676
TCP 127.0.0.1:2267 127.0.0.1:12080 ESTABLISHED 3676
TCP 127.0.0.1:2268 127.0.0.1:12080 ESTABLISHED 3676
TCP 127.0.0.1:2269 127.0.0.1:12080 CLOSE_WAIT 220
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 2700
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12080 127.0.0.1:1624 ESTABLISHED 1964
TCP 127.0.0.1:12080 127.0.0.1:2247 ESTABLISHED 1964
TCP 127.0.0.1:12080 127.0.0.1:2261 ESTABLISHED 1964
TCP 127.0.0.1:12080 127.0.0.1:2262 ESTABLISHED 1964
TCP 127.0.0.1:12080 127.0.0.1:2267 ESTABLISHED 1964
TCP 127.0.0.1:12080 127.0.0.1:2268 ESTABLISHED 1964
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING 1964
TCP 127.0.0.1:15342 0.0.0.0:0 LISTENING 3676
TCP 127.0.0.1:15342 127.0.0.1:2241 TIME_WAIT 0
TCP 127.0.0.1:60524 0.0.0.0:0 LISTENING 1860
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 1036
UDP 0.0.0.0:1432 *:* 1860
UDP 0.0.0.0:1890 *:* 1860
UDP 0.0.0.0:2093 *:* 1860
UDP 0.0.0.0:2113 *:* 1860
UDP 0.0.0.0:2127 *:* 1860
UDP 0.0.0.0:2132 *:* 1860
UDP 0.0.0.0:2141 *:* 1860
UDP 0.0.0.0:2144 *:* 1860
UDP 0.0.0.0:2145 *:* 1860
UDP 0.0.0.0:2171 *:* 1860
UDP 0.0.0.0:2174 *:* 1860
UDP 0.0.0.0:2211 *:* 1860
UDP 0.0.0.0:2245 *:* 1860
UDP 0.0.0.0:2317 *:* 1860
UDP 0.0.0.0:2324 *:* 1860
UDP 0.0.0.0:2358 *:* 1860
UDP 0.0.0.0:2367 *:* 1860
UDP 0.0.0.0:2379 *:* 1860
UDP 0.0.0.0:2380 *:* 1860
UDP 0.0.0.0:2392 *:* 1860
UDP 0.0.0.0:2395 *:* 1860
UDP 0.0.0.0:2407 *:* 1860
UDP 0.0.0.0:4500 *:* 1036
UDP 78.33.152.54:123 *:* 1344
UDP 78.33.152.54:137 *:* 1344
UDP 78.33.152.54:138 *:* 1344
UDP 78.33.152.54:1057 *:* 2068
UDP 78.33.152.54:1900 *:* 1576
UDP 78.33.152.54:3235 *:* 2068
UDP 127.0.0.1:123 *:* 1344
UDP 127.0.0.1:1035 *:* 356
UDP 127.0.0.1:1900 *:* 1576
C:\Documents and Settings\melon>
No router to connect too just this old thomson speedtouch330
could it be a rootkit ?? see here
m
Last edited by melon; 08-03-2012 at 10:35 PM.
This. The first window will show processes with network activity, so you can see what programs are sending data from your PC. There will be lots of svchost ones, which you can probably ignore, you're really looking for any obvious programs that you didn't know you were running like torrent programs.
If there is something obvious then right click->end process, and then uninstall it from control panel add/remove programs.
Finally download the free version of MBAM anti malaware and do a full scan:
http://www.malwarebytes.org/
melon (08-03-2012)
melon (08-03-2012)
I only used bit torrent ( unistalled now )
windows cant find resmon at all
m
tried some addresses but nothing came up ...
m
Just noticed my servers jumped from one 250 miles away !! on my speed tests to one 50 after removing the silverlight plugin on FF, with notable improvement in speed.
m
Use TCPView (by MS)
http://technet.microsoft.com/en-us/s...rnals/bb897437
melon (09-03-2012)
Update: 5:47am
Weather: Hostile as a Moose's fart ( Solar Storm ?? )
Downloaded Emsisoft Anti Malware ( heard it was best - sry kal)
detected and quarantined 35 objects
trying to manually remove one called spigot
m
How did you get malware? Do you visit weird sites??
Do you have UAC enabled?
What windows version?
Wait, back it up...
Spigot?
That is a nasty trojan granting full access to your machine. I would recommend taking a more drastic step of copying only the files you need off on to an external drive, reformatting, then installing from a known good source. Applying all security patches, creating a restricted user, then copying acros in that user account and restricted space all files, scanning them as you go.
throw new ArgumentException (String, String, Exception)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote