General discussion

Locked

Unknown internet traffic

By bimal_kumar_sanghi ·
Hi

I am getting a unknown download in my internet connection between 200 to 600 kbps. I do not have any applications running that might be downloading or Windows update or Antivirus updates

Windows Xp SP3
I also have Norton 2010, Malwarebytes, SuperAntispyware, Adware, Spybot - Search & Destroy

I went through some forums which said to check the firewall. I installed Trial version of Jetico.

When I start the internet, Jetico says there is a svchost.exe is trying to do a activity type from a port and a remote address. I also installed process explorer but am unable to figure out what is being downloaded

Jetico is slowing down my computer very badly. I have stopped it temporarily.

This does not happen in my other O/S Windows 7. I use Windows Xp more often

Process explorer says there is a particular connection established using TCP/IP from the remote address which keep changing

Thanks in advance

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Here are another half dozen more apps you should try...

by SmartAceW0LF In reply to Unknown internet traffic

No, seriously, for many of the applications you have installed, the following holds true. Their idea of a cure is worth than most of the threats. Try to limit yourself to no more than 2 applications for security needs. Now some opinions will differ with me a bit but my suggestion is/has been for well over a year now. Use Avira Antivir Personal combined with Malwarebytes Anti-Malware (Paid version for proactive support) along with the windows firewall for XP. I will reiterate, opinions may vary somewhat but this is tried and true for me.

Moving along, your svchost.exe is a valid MS service built into Windows as a service to be used by other applications in their legitimate access to the Internet. Granted many forms of malware abuse this service, it is not unusual to see several of these started with Windows legitimately. Judging by the list of your installed security apps, I am surprised your poor little PC has time to do anything but answer to the Bloated exponentially software you have chosen.

In order here is my opinion, we all know what they say about these too, of the applications you have installed.

Norton: lose this p.o.s. application. Its a dog that eats 300 pounds of food p/week. Its lazy and fat. Furthermore it fails miserably at handling the task assigned to it. Sure it will bark occasionally. But more often than not it will do so after the theives have bagged up all of your belongings and are already out the door with them. LOSE IT.

Malwarebytes is in my opinion one of the best Antispyware apps there is. But it only works to PROTECT your computer from incoming malware if you have paid for it. Still, paid for or not, it has proven adequate for longer than any other app I have ever used in getting rid of most infections on your PC after the fact. I suggest keeping it.

SuperAntiSpyware seems to have a fairly large group of supporters of whom have my respect. So this one doesnt get a thumbs down from me. I simply have not needed more than what is offered by Malwarebytes.

Adware blocks ads and in very small measure that has a tendency to overlap malware. Still to me, far more pain than any advantage in its use. I would get rid of it.

Spybot: this was one of the first significant applications to take on the spyware task with any real seriousness. Unfortunately its creator has had little to no time in keeping it up to date. Still it is nowhere near as effective as MBAM. Lose it too.

I have never heard of Jetico at all before your post. That concerns me somewhat, but not enough to google it, because in my experience, few AV apps have met the performance and lightweight footprint afforded by Avira which is free. I will add here that my preference in AV differs depending on your OS. With Vista and Windows 7 my recommendation would be MS Security Essentials. It seems to really tax some XP systems horribly though so I dont usually recommend it for XP.

So, in a nutshell here is what I would do if my box were acting as you describe yours.

I would uninstall everything except Malwarebytes. Boot into Safe Mode with Networking, update MBAM (Malwarebytes) and run a quick scan with that. Remove everything it finds. After removing malicious software it will likely inform you that it needs to reboot afterward. Do so.

Next go to bleepingcomputer.com and download Combofix. Run it and follow the directions implicitly.

Next go to download.com and download Avira Antivir Personal. Install it. Make sure your firewall is turned on within Windows and I would be willing to bet your problems will be a thing of the past.

And one last thing. Spend the paltry 24.95 it takes to license MBAM. I promise you that you will never spend any amount of money more wisely on your PC.

Good luck my friend. There you have in a nutshell what I make a pretty good living at in working on others' PCs.

Collapse -

in the name off god

by TCP 765 In reply to Here are another half doz ...

If he install so many application just to fell secure all at the same time will eat up all the processing unit of the computer.. that should be consider..... One off the lacks Off windows systems... Try with a network scanner like wireshark... check hos responsible... by ip address, by port application! source an destination...and then you wold know which type off antibiotics to implement....

Collapse -

Had you taken just a moment to...

by SmartAceW0LF In reply to in the name off god

read anything other than the title of my post you would likely have understood the sarcasm in it. Granted there is a bit of a language barrier here. Still, I do not normally recommend the use of any application requiring the skillset Wireshark does to new users. I imagine it would serve to confuse them even more.

Collapse -

I did understand

by bimal_kumar_sanghi In reply to Had you taken just a mome ...

It's just that since my computer is fast enough with these applications installed and they have all detected at sometime at which others have failed it is fine with me to keep them and not be fazed

Collapse -

Something is being downloaded...

by bimal_kumar_sanghi In reply to Unknown internet traffic

As far as I know the computer seems fast enough with these applications installed. I also am able to play games like Dead Space, Devil May Cry 4, Resident Evil 5 without lag

I have a Core 2 Duo 2.8 ghz E7400, 4GB RAM, 1GB Nvidia Geforce 9400gt and 2TB hard drive

Even though there is nothing important on the computer, Spybot has helped me remove at one time some sort of DNS rogue which Malwarebytes free version has not, Norton Internet Security 2010 paid license blocks sometimes and never had a problem before even though some other application detects trojans which this fails to detect, Super Antispyware free version again previously detected some trojans which other applications fail to detect and so goes for Adware free version as well

So all of these combined together remove all sorts of trojans, malware, viruses

If I have to lose these applications just to make my computer faster then keeping these would not be a problem

I am going to try wireshark to see what is being downloaded (what is being downloaded may be the question)

Even though Jetico personal firewall is good in asking for each and every action to be allowed or blocked it is slowing the computer badly

Malwarebytes paid license. Will the tech support help me if I buy their license in resolving such issues

I also tried safemode with Malwarebytes free version updated quick scan and nothing turned up. I could not connect to the internet in safe mode with networking because I use a USB Wireless Broadband

Collapse -

Wireshark does not seem to have the option where I can choose the USBModem

by bimal_kumar_sanghi In reply to Something is being downlo ...

Going try Combofix and Avira Antivir Personal as well

Collapse -

Bated breath

by santeewelding In reply to Wireshark does not seem t ...

And, by the way, I have the MalwareBytes paid version. There is no way in **** I expect them to hold my hand.

Collapse -

Ran Combofix

by bimal_kumar_sanghi In reply to Unknown internet traffic

Ran Combofix and restarted the computer. The log among other things says...

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com

I used the Process Explorer to go to svchost.exe and stopped the BITS and the unknown download stopped

Anything I should do next?

Collapse -

Yes there is...

by SmartAceW0LF In reply to Ran Combofix

You should follow the steps outlined in my original post in their entirety and without performing extra steps not listed in it. Were there anything necessary to do, Combofix would do it. Allow the software to do what it was designed to do.

It sounds to me as if though you may have disabled a vital service within Windows that is necessary for things like updates etc. I can't be sure of this but what I am sure of is that were you knowledgable enough to go delving into the areas you are traversing, your skill would negate the need for this post to begin with. Nothing wrong with that. Everyone has to start somewhere and often a good place to start is with questions within the right circles.

You may choose to believe it or not, but I have found the steps outlined in my first post to be fairly comprehensive in ridding a system of malware and reasonable protection from contracting them further in the future (providing they are followed through.) There are some steps that may be substituted, but these will typically be due to user preference in applications.

Understand that nothing is 100% in protecting you. Remember, there are no 1-click fixes, no ultra elite search engines available to a choice elite few. No ultra secret rebates. And finally, approach everything you encounter on the Internet with a healthy dose of skepticism. Consider all offers to be of the Snake-Oil ilk until you know better.

Collapse -

BITS

by bimal_kumar_sanghi In reply to Unknown internet traffic

I installed BITS Download Manager. Background Intelligent Transfer Service was actually downloading Norton Internet Security 2011 an upgrade to NIS 2010

Thanks for all the help

Back to Community Forum
10 total posts (Page 1 of 1)  

General Discussion Forums