Mysterious 'Internet Connection'

  • Thread starter Thread starter Socrates
  • Start date Start date
S

Socrates

I just finished building a new computer and loaded a full
version of XP Pro on a brand new hard drive. The moment I
connected to the internet via my broadband and LAN
connection, another item apppeared in my 'Network
Connections' folder. It was labeled simply "Internet
Connection".

This connection immediately started grinding away,
sending and receiving GB's of data in a matter of minutes
(I have a VERY fast internet connection). I had already
downloaded all the XP updates and such, and had disabled
the update wizard.

This mysterious connnection cannot be disabled, though it
disappears entirely if I enable the XP firewall. This
connnection indicates that my computer is connecting to
the internet through another computer.

I'm quite concerned about this connnection as it is
sending and receiving MASSIVE amounts of data to/from
some mystery computer on the internet.

I installed ZoneAlarm Pro and the service doing all the
sending/receiving is 'Generic Host Process for Win32
Services'. This process seems to be opening a port on my
computer and making a connection through it.

Disabling GHP also disables all connections to the
internet. Unfortunately I cannot use the XP firewall as
the print server on my LAN cannot be accessed.

Allowing this connection uses up so much bandwidth that
regular internet access is extremely slow.

I can't imagine that a trojan horse virus got into my
computer so quickly, so I'm guessing this is a
Microsoft "XP, phone home" function.

In any event, I'd sure like to make it go away..

Thanks in advance.

socrates - at - webbolts - dot - com
 
No, its not an MS phone home function. Its purpose is to show that your
computer is connecting via a router, Internet Connection Sharing or some
other shared resource. As to why its sending/receiving so much
data...........

Are you sure all the data is outbound/inbound from the internet and not your
local LAN? You can open a Command Prompt window and enter NETSTAT -o -a 5
This will give you a listing of all open ports, the addresses concerned and
what Process is using it. You can match up the PID in Task Manager (you'll
need to go to View, Select Columns to enable the PID column) to the program
that's opening a specific port.
 
Yes, I agree with you. I don't mind, but I wish they would pop-up & ask
permission first.
I know of a couple of things it turns out to be on mine.
1. Auto update of Virus.
this can usually be turned of & told to update manually.

2. In Internet Explorer / tools /internet/options / advanced you can
take tick out of "automatically look for IE updates".

3. I've noticed in the past that whem MSN messenger asks me if I want to
update messenger, I suspect that the new version has already been downloaded
into my temp folder. ?? (just not installed?)

4. Any number of other programs that you might have set to auto update.
(like media player, winzip & many others?)

BruceM
 
Thanks for the quick reply, Doug,

I followed your instructions but I'm not entirely sure
what to do with the findings. In the command screen, it
looks like the only thing *obviously* connected to the
outside world is Messenger, but this is not the cause of
all the bandwidth usage.

I'm confused about several things here:

1. Why can't I disable this connection? Tyring the
various 'Disable' commands associated with this function
do absolutely nothing.

2. Why does it disappear completely when I enable the XP
firewall?

My LAN configuration consists of a router and a print
server. That's it.

Checking the amount of data being shipped shows 3 times
more data being received as being sent - if this were
simply some sort of loop then where is all this extra
data coming from?

Thanks again, Doug.

-Socrates
socrates - at - webbolts - dot - com
 
It depends on how you're connecting to the internet, whether or not you can
disable this connection. If its via Internet Connection Sharing, then you
have to enable control from the Guest, on the Host machine. If you're
connecting via a router, it has to support Universal Plug and Play (UPnP)
and you have to have the UPnP Service enabled. Additionally, the router
would have to support remote control of this nature as well.

The reason it disappears when you enable the firewall, is most likely a lack
of bi-directional communications between your PC and the "other device",
your case the router.

As for where the data is coming from, you'd have to post the results of a
NETSTAT command, so it could be looked at. Its possible that we could
determine who an IP address belongs to, and begin making educated guesses :)
 
Back
Top