The computer I use at work (Windows XP Pro) intermitently
sends out data (or maybe just noise - who knows?) through
my internet connection that clogs up our DSL line and
slows down internet access to the other computers (3
others) on our local network to a crawl. I have a Sygate
firewall installed that shows a huge amount of outgoing
traffic that is going out from my computer, but we don't
know what it is, and we are not sending it; it's
happening by itself. If I unplug my computers network
connection, of course it stops, and the others can then
get onto to the internet. I can then sometimes plug back
in, and the outgoing traffic will not come back for
perhaps several minutes to maybe an hour (this is one of
those `windows' that I'm taking advantage of to send this
message). But it invariably starts up again, and slwos
everything down. A virus check shows no infection.
Anybody have any ideas?
Chris,
For a quick look for processes generating outgoing traffic, I use TCPView (free)
from <
http://www.sysinternals.com/ntw2k/source/tcpview.shtml>. Needs no
installation - just drop it into a folder, and run. When you see suspicious
processes, use Process Explorer, from the same vendor, that will also list
network connections owned by processes of interest.
For a more intensive look for processes generating outgoing traffic, Port
Explorer <
http://www.diamondcs.com.au/portexplorer/index.php?page=home> is more
configurable than TCPView. The paid version includes a small packet monitor.
Port Explorer requires installation.
Try one or more of these free online virus scans, which should complement your
current protection:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems.
Start by downloading each of the following free tools:
CWShredder <
http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<
http://www.safer-networking.org/minifiles.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <
http://www.cexx.org/lspfix.htm>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
Start by closing all Internet Explorer and Outlook windows, and running
CoolWebSearchSmartKiller, then CWShredder. Have the latter fix all.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following forums (and post it, or a link to your forum post, here):
<
http://forums.net-integration.net/>
<
http://forums.spywareinfo.com/>
<
http://spywarewarrior.com/index.php>
<
http://forums.tomcoyote.org/>
<
http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
