Uncontrolled Downloads

[Guest]

Hi Folks

I have recently discovered that each time I boot my PC, my internet
connection is activated and it just begins uploading & downloading like
crazy. Abour 25mb per hour.

I am running Windows Defender & Norton Antivirus, Norton Anti-Spam and
Norton Interet security.

I tried putting a sniffer onto my internet connection, but that isnt giving
me much. I found this link (
a-61-9-129-166.deploy.akamaitechnologies.com:http) and after doing a "whois"
on these guys, I have tried blocking all their servers in my firewall. That
did not help

After monitoring what services are running, I found that if I turn off one
instance of svchost (to which the following services were linked - AudioSrv,
Browser, Dhcp, dmserver, ERSvc,EventSystem,
FastUserSwitchingCompatibility,helpsvc, lanmanserver,
lanmanworkstation,Netman, Nla, RasMan, Schedule, seclogon,SENS, SharedAccess,
ShellHWDetection,TapiSrv, Themes, TrkWks, W32Time, winmgmt,wscsvc, wuauserv)
then the download stopped.

When I started them manually, the problem seemed to go away.....But one
cannot stop and start services manually each time that the PC is fired up.

I have spend 5 days searching the net for information on this kind of thing
and I still have no answer. I called Norton (and $70 later) they still could
not help me. Then someone told me that IE6 had reports of this problem,
perhaps I should install IE7.

No problem - Yesterday I downloaded IE7 and it looked like my problem was
solved........until this evening!

PLEASE can someone point me in the right direction? My next step is to
format and start again.

 

[Chuck]

Hi Folks

I have recently discovered that each time I boot my PC, my internet
connection is activated and it just begins uploading & downloading like
crazy. Abour 25mb per hour.

I am running Windows Defender & Norton Antivirus, Norton Anti-Spam and
Norton Interet security.

I tried putting a sniffer onto my internet connection, but that isnt giving
me much. I found this link (
a-61-9-129-166.deploy.akamaitechnologies.com:http) and after doing a "whois"
on these guys, I have tried blocking all their servers in my firewall. That
did not help

After monitoring what services are running, I found that if I turn off one
instance of svchost (to which the following services were linked - AudioSrv,
Browser, Dhcp, dmserver, ERSvc,EventSystem,
FastUserSwitchingCompatibility,helpsvc, lanmanserver,
lanmanworkstation,Netman, Nla, RasMan, Schedule, seclogon,SENS, SharedAccess,
ShellHWDetection,TapiSrv, Themes, TrkWks, W32Time, winmgmt,wscsvc, wuauserv)
then the download stopped.

When I started them manually, the problem seemed to go away.....But one
cannot stop and start services manually each time that the PC is fired up.

I have spend 5 days searching the net for information on this kind of thing
and I still have no answer. I called Norton (and $70 later) they still could
not help me. Then someone told me that IE6 had reports of this problem,
perhaps I should install IE7.

No problem - Yesterday I downloaded IE7 and it looked like my problem was
solved........until this evening!

PLEASE can someone point me in the right direction? My next step is to
format and start again.

Akamai is a legitimate content management provider, that is used heavily by
Norton / Symantec for distribution of updates. If you're seeing traffic from
Akamai, check out the actual program that's using the CPU, or generating the
traffic. I'd bet one of the Norton products is getting updates.

You need intelligent use of TCPView and / or Port Explorer, to identify the
actual program. Not the Svchost process.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS

 

[Guest]

Thanks Chuck
I am using TCPview - Thats how I determined that Akamaitechnlogies.com might
have something to do with the problem.

While trawling through other posts here, I noticed that you pointed someone
in the direction of "Shields up". - Very handy tool-Thanks for the pointer.
My PC came out tops on all the tests - Admittedly, that was AFTER I has shut
down the one instance of svchost.exe.

I later realised that I had not rebooted since adding "AKAMAI.COM" to my
firewalls blocked list.
I rebooted and it seems that the problem has gone away - at least for the
time being that is!
The question is....."Is AKAMIA.COM and AKAMIATECHNOLOGIES.COM the same
crowd?" TCPview showed "akamaitechnologies" but the WHOIS pointed me to
"AKAMAI.COM"

 

[Chuck]

Thanks Chuck
I am using TCPview - Thats how I determined that Akamaitechnlogies.com might
have something to do with the problem.

While trawling through other posts here, I noticed that you pointed someone
in the direction of "Shields up". - Very handy tool-Thanks for the pointer.
My PC came out tops on all the tests - Admittedly, that was AFTER I has shut
down the one instance of svchost.exe.

I later realised that I had not rebooted since adding "AKAMAI.COM" to my
firewalls blocked list.
I rebooted and it seems that the problem has gone away - at least for the
time being that is!
The question is....."Is AKAMIA.COM and AKAMIATECHNOLOGIES.COM the same
crowd?" TCPview showed "akamaitechnologies" but the WHOIS pointed me to
"AKAMAI.COM"

Well, you need to start by checking the spelling very carefully. It's always
possible that there's a hacker using a name spelled differently. "akamai.com"
is legit; "akamia.com" isn't. I'm getting a blank on both
"AKAMIATECHNOLOGIES.COM" and "AKAMAITECHNOLOGIES.COM" though.

Now "Shields Up" is a controversial tool, with its value based upon security by
obscurity.
<http://nitecruzr.blogspot.com/2005/05/security-by-obscurity.html>
http://nitecruzr.blogspot.com/2005/05/security-by-obscurity.html