Constant incoming traffic

T

techimnot

Hi there, Novice here!

Not sure if this is right group, if not, please redirect me.

I seem to have constant incoming traffic to my computer. With nothing open
except my firewall and antivirus, the Sygate icon in the notification area
shows constant incoming traffic(24/7). The graph in my sygate shows between
320 and 800 bytes every second incoming. After some searching in Google,
found a related problem involving the Wireless Zero Configuration in windows
services, NDIS user mode I/O driver, and
C:\WINDOWS\system32\DRIVERS\ndisuio.sys

I disabled the Wireless Zero Configuration in windows services, which
removed the "NDIS user mode I/O driver" from my sygate running applications
screen after reboot, but the constant incoming signal continues on the
sygate icon in notification area.

I have a cable internet connection and when I unplug the power to my modem
the incoming stops.

They may not be related, but I have just blocked the NDIS with sygate and
the following remote hosts came up on the log viewer as blocked, did a back
trace and whois, this is the result:

1)Internet Assigned Numbers Authority

2)My IP address with computer name

3)% This is the RIPE Whois query server #1.

4)OrgName: Road Runner HoldCo LLC

5)Sprint SPRINT-BLKB (NET-204-117-0-0-1)

Any ideas would be appreciated!

Win XP Pro SP 2
 
G

Guest

sounds like a bot attack, someone elses computer has been taken over, and
they poll for open connections (unguarded pc's) to also take over, since you
have a high speed connection, your a prime target. do you also have
antispyware/malware software, you may already have been infected, use adaware
and search and destroy both free but pretty good.
 
T

techimnot

I ran spybot and ad-aware in safe mode, removed everything they found. Also
ran Hijack_This and nothing new showed. Still have same situation.
ANYONE have any ideas, I will keep searching.
 
G

Guest

Talk to your ISP and ask them to monitor your connection for improper traffic.
as long as your firewall is blocking it, in time it will stop, as they won't
be able to get thru.
 
T

techimnot

Hi sgopus,
After much searching and learning that there is some really helpful "free"
software
out there, it all came down to smc.exe and smc 1255 series snmp agent, both
involving SygatePersonal Firewall. Opened taskmanager and selected the
columns
for I/O reads and I/O read bytes and they were both reading at the same
level as
the graph in sygate. Shut the firewall down and my traffic stopped. During
all the
searching I learned that Sygate has been purchased by Symantec and I had a
bad
experience with Symantec awhile back. I removed sygate from my system and
installed Zone Alarm, so far everything is good.
Thanks for your suggestions, maybe I can return the favor one day.
 
G

Guest

techimnot said:
Hi there, Novice here!

Not sure if this is right group, if not, please redirect me.

I seem to have constant incoming traffic to my computer. With nothing open
except my firewall and antivirus, the Sygate icon in the notification area
shows constant incoming traffic(24/7). The graph in my sygate shows between
320 and 800 bytes every second incoming. After some searching in Google,
found a related problem involving the Wireless Zero Configuration in windows
services, NDIS user mode I/O driver, and
C:\WINDOWS\system32\DRIVERS\ndisuio.sys

I disabled the Wireless Zero Configuration in windows services, which
removed the "NDIS user mode I/O driver" from my sygate running applications
screen after reboot, but the constant incoming signal continues on the
sygate icon in notification area.

I have a cable internet connection and when I unplug the power to my modem
the incoming stops.

They may not be related, but I have just blocked the NDIS with sygate and
the following remote hosts came up on the log viewer as blocked, did a back
trace and whois, this is the result:

1)Internet Assigned Numbers Authority

2)My IP address with computer name

3)% This is the RIPE Whois query server #1.

4)OrgName: Road Runner HoldCo LLC

5)Sprint SPRINT-BLKB (NET-204-117-0-0-1)

Any ideas would be appreciated!

Win XP Pro SP 2
Click to expand...

Connect to internet without any apps running, bring up a dos prompt and
type netstat. this shows all tcp udp connections from the internet. if
you see connectiosn to websites like blah.com then you have adware on
your pc.

Flamer.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ndisuio.sys and Firewall 2
Please help interpret Sygate Personal Firewall traffic log (ndisuio.sys) 2
Wirless Network Unuseable 2
Installed Sygate - No Network Connection! 3
pop-ups after installing firewall 2
Can't receive Net, but see traffic, and can VOIP 2
Firewall port 1105 (FTRANHC) & port 1239 (NMSD) ? 1
Bluetooth port won't accept incoming connections on COM port 1

Top