View Full Version : Internet problems
 
 noodleboy
Feb 15, 2005, 07:27 PM
Hi my internet connection seems to be sending and receiving about 1000 bytes a secong while I do absolutely NOTHING. This should not happen should it? What could be causing it?
 
I've checked for and gotten rid of any viruses, spyware or adware, including the dreaded DSO exploit. I've also tried rewriting reformating my hard drive and installing windows from scratch all to no avail. Can someone help please.
 thebriggsdude
Feb 15, 2005, 09:35 PM
What OS is it, if xp well hit ctrl, alt, del. And it will give you the processes and will show you exactly how much in the networking tab how much is passing through. Oh and if xp, run updates. If you don't have sp2 your very vulnerable. And also it could be a virus that hid away in the drive. Run every av you can get. Some detect what others don't but those others detect what those do not. Also I believe norton, check out symantec.com I believe. And they give a free online virus scan.
 fredg
Feb 16, 2005, 06:19 AM
Hi,
It is very observant of you to notice this, most don't!
Yes, it means your computer is receiving stuff from other websites, or is sending info to other sites.
 
Here is a link to a free, great program, called Spyware Blaster.
It will stop spyware from getting into your computer. It's not a scanner, but a "stopper".
 
http://www.download.com/SpywareBlaster/3000-8022_4-10305680.html?tag=lst-0-2
 
Also, do you run your Spyware and Antivirus Program scans in Safe Mode?
It's the best way to do it.
Best wishes,
fredg
 ScottGem
Feb 16, 2005, 07:46 AM
A computer is never doing "absolutely nothing". As long as it is powered up there is some processing going on. The small amount of data being sent could just be your system maintaining its connection. It might help to know what type of connection you have. But I still think this is probably innocuous.
 
It wouldn't hurt to run a spyware scanner or two.
 noodleboy
Feb 16, 2005, 08:39 PM
Thanks for the help people. My OS is Windows XP. I have spyware blaster and installed that before I jumped on the internet after I HAD Completely FILLED UP MY Hard drive TO GET RID OF ANY GHOST WRITTEN DATA, REFORMATTED MY HARD DRIVE, AND installed windows from scratch, also adwares 6, Reg mechanic, AVG anti-virus, and spybot search and destroy. Adware did pick up something BEFORE I jumped on the net and quarantened it. Could that e the Culprit? Otherwise nothing is being picked up, including the F-Secure anti-virus. The other comps on the network dload maybe 2 bytes a second tops when doing nothing, so there is definitely something up. Are their any other programs or procedures I could think to dload or do?
Thanks for any help, I know its my problem and nobody else's any help is much appreciated.
Be
 noodleboy
Feb 16, 2005, 08:43 PM
Hey, I looked in the windows task manager under processes and the explorer.exe flashes a 1 on and off, I am using Mozilla and have not used explorer since reinstalling windows. Shoul;d this happen?
 thebriggsdude
Feb 16, 2005, 11:13 PM
No internet explorer would be labeled iexplorer I believe. And that one that flashes on and off you say, that shouldn't happen.
 noodleboy
Feb 17, 2005, 12:47 AM
What should I do? It has owner under username not system, so would windows usually have this exe.
 NeedKarma
Feb 17, 2005, 05:45 AM
what should I do? It has owner under username not system, so would windows usually have this exe.?
http://www.2-spyware.com/file-iexplorer-exe.html
 ScottGem
Feb 17, 2005, 07:10 AM
Explorer.exe is the Windows File shell, not Internet Explorer. It is probably flashing because its checking your system for activity. Again, I say I would not be concerned about this. 
 
If you are really worried, try finding a packet sniffer to see what is in the traffic going in and out.
 fredg
Feb 17, 2005, 07:26 AM
Hello again,
This is just a suggestion, if you really want to know where this is sending stuff.
Go to http://www.cnet.com/downloads.
In the search area, type in Sygate Personal Firewall.
It's free. 
Download and installl it.
Set it for Only Allow What I Approve, or something similar.
Every time your computer transmits to, or something transmits to your computer, a window will pop up asking if this is OK.
 
This is rather an extreme way to find out what's happening, but it will work; if you wish to try it.
Best of luck,
fredg
 noodleboy
Feb 17, 2005, 02:02 PM
Now I'm going to sound a little ignorant but, what's a packet sniffer? Maybe I'm starting to get a lillte paranoid about the problem, but even if it isn't a virus or ad/spyware, it clocks up my 10 gig limit pretty quick.
 noodleboy
Feb 17, 2005, 03:27 PM
Thanksa again to the people which have bothered to reply to my queries. I went to the 2-spyware site and they said the Iexplorer file is relatedto spyware but the file I've found is simply explorer.exe mot Iexplorer.exe. Anyway I dloaded the spyhunter and it found about 130 backweb lite objects. Firstly, I have to pay to get the full version of spyware 2 to remove the items, and secondly, should I even remove them? I think I will try the firewallsuggestion now. Thanks for the help.
 noodleboy
Feb 17, 2005, 03:40 PM
I used hijackthis and I thought I'd post the log file results so you guys could take a look. So here it is:
 
Logfile of HijackThis v1.98.2
Scan saved at 11:38:23 a.m. on 18/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\.. \Run: [PCTVOICE] pctspk.exe
O4 - HKLM\.. \Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\.. \Run: [nwiz] nwiz.exe /install
O4 - HKLM\.. \Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\.. \Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\.. \Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\.. \Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\.. \Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\.. \Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\.. \Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\.. \Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\.. \Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\.. \Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\.. \Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 ScottGem
Feb 17, 2005, 06:43 PM
Data is sent around the Net in packets. A packer sniffer reads those packets and displays them in a more readable format.
 
Backweb is a tool used by a few software packages to provide updates. Its often listed as spyware, but is relatively harmless.
 noodleboy
Feb 20, 2005, 02:48 PM
Hello again, I downloaded and tried ethereal and had it run for about 2 minutes but it didn't pick up anything while I was doing nothing on the internet, even while I am sending and receiving 1000 kb's a second. It only picked up some packets when I dloaded a page. I am pretty sure that I should not be sending and receiving 1000 kb's a sec on my internet connection while doing nothing. What could be causing this?