xp-pro, using a SM-MB with a built in intel 10/100 ethernet controller,
with a Diva ISDN lan modem. everything works great, but have one
question?
I have thru several programs determine that it is xp that is doing this,
and not something coming from the outside (if you will). but being
offline, every 20 to 25 seconds xp will send 132b and then 399b of
sometype of something-instruction-whatever to the built in ethernet, it
the (ethernet adap)will even show it coming in, along with tskmgr., and
the other two programs, and the running total, which by the end of the
day I have seen it as high as a 5-6 megs, and of course this uses the
cpu, and this continues even if I'm not using the computer, because I
can come back and see higher totals for b's/received.
What is Xp doing, (yes it is XP,) how can I stop it when xp doesn't need
to be making it work, (the ethernet or the cpu), when the comp is just
sitting there. Not a biggy I know, but just has me bugged about not
being able to stop it. I tried a LOT of stuff to do it, I can't
ryker
Networking computers in general, not just Windows XP, uses a fair amount of
overhead. Some of this overhead we may see as unnecessary, since its not
directly related to what we want to do at the time, such as surf the internet.
It's possible that what you're seeing is network traffic from malware, or it may
just be from normal operating system background activity. Your network card,
the Intel 10/100 controller, runs at a speed of 10M or 100M / second. You're
mentioning a total of 6M in a day, a figure on the order of less than 1 second
total activity of your network card.
There's nothing wrong with being concerned about unnecessary network and system
activity, as long as you keep your concerns in perspective. You can find out
more about this unknown activity, though.
Get Process Explorer (free) from
<
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>. Provides way more
information than Task Manager, to tell you about the process running on your
computer.
And Port Explorer (free) from
<
http://www.diamondcs.com.au/portexplorer/index.php?page=home> will show you
what network connections your computer is actually opening, and what processes
are opening them. Also, Autoruns (also free, and also from SysInternals)
<
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml> will show you
specifically what process are started automatically.
And protect yourself (and the internet from you). Use as much protection as
possible, within your personal resource limits (financial, system, or time).
How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Next check for, and learn to defend against, non-viral malware.
Start by downloading each of the following additional free tools:
AdAware <
http://www.lavasoftusa.com/>
CWShredder <
http://www.majorgeeks.com/download4086.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <
http://www.cexx.org/lspfix.htm>
WinsockXPFix <
http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Stinger <
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
TrendMicro Engine <
http://www.trendmicro.com/download/dcs.asp>
TrendMicro Signatures <
http://www.trendmicro.com/download/pattern.asp>
TrendMicro Instructions <
http://www.trendmicro.com/ftp/products/tsc/readme.txt>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Create a separate folder for the two TrendMicro files,
such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
downloaded programs can be copied into, and run from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.
Next, disable System Restore.
<
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run C:\TrendMicro\Sysclean.com. Delete any infections found. Reboot your
computer, and re enable System Restore.
Next, run AdAware. First update it, configure for full scan
(<
http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
<
http://forums.spywareinfo.com/index.php?showtopic=11150>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Consider using an alternative browser, like Firefox, for the majority of your
browsing activities.
<
http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61>
Block Internet Explorer ActiveX scripting from dangerous websites (Restricted
Zone).
<
https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from installing.
<
http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<
http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <
http://www.accs-net.com/hosts/get_hosts.html>
Hostess <
http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
